why phishing is different on mobile
play

Why Phishing is Different on Mobile Aaron Cockerill Gartner - PowerPoint PPT Presentation

Dec 26, 2022 •351 likes •733 views

Why Phishing is Different on Mobile Aaron Cockerill Gartner Security & Risk Management Summit 2018 1 The world has changed The corporate data center is in the cloud Starbucks is the new corporate Wi-Fi Employees have all gone mobile

  1. Why Phishing is Different on Mobile Aaron Cockerill Gartner Security & Risk Management Summit 2018 � 1

  2. The world has changed

  3. The corporate data center is in the cloud

  4. Starbucks is the new corporate Wi-Fi

  5. Employees have all gone mobile

  6. The IT perimeter has disappeared

  7. 2014 51% 39% Time on mobile, vs Mobile internet traffic Of devices connected to the surpassed desktop Internet use Android, vs 37% 42% on PC internet traffic use Windows

  8. 70% 61% 90% Experienced a security Time in apps, 
 Enterprises software incident directly attributable not the browser interactions on mobile by to a mobile device in the past 2022 year

  9. Hey Aaron, check out the new KTM 500 EXC. http://ktm500exc.iamges.com.au/link

  12. 3X 3X 91% 95% more susceptible to year-on-year increase of breaches involve of these phishing phishing attack on in social media and phishing or social attacks were followed mobile SaaS targeted engineering by the installation of phishing software

  13. CORPORATE SECURE EMAIL ENDPOINT FIREWALL GATEWAY ANTI-VIRUS CORPORATE EMAIL

  14. CORPORATE SECURE EMAIL ENDPOINT FIREWALL GATEWAY ANTI-VIRUS CORPORATE EMAIL

  15. CORPORATE SECURE EMAIL ENDPOINT FIREWALL GATEWAY ANTI-VIRUS CORPORATE EMAIL

  17. Pegasus for iOS Pegasus for Android August 2016 April 2017 Discovery: Citizen Lab & Lookout Discovery: Lookout & Google Exploited: three zero-day vulns (Trident) Exploited: known/patched vulns (Framaroot)

  18. � 18

  19. Encryption Kernel Exfiltrate data

  20. Encryption Pegasus data Kernel Exfiltrate data

  21. Dark Caracal THE FIRST GLOBALLY ACTIVE MOBILE APT (mAPT) • A long-term offensive cyber campaign(s) 
 with global scope & scale • Over 100GB of stolen data from over 600 mobile devices in over 21 countries • Primarily Android, and also Windows, Linux, and OS X • 2FA codes, Business information, Personal information, Screenshots, Recordings, Financial transactions, Other sensitive data

  22. Dark Caracal mobile kill chain Gain Access Perform Espionage Social Engineer Dark Caracal uses at least 9 unique The goal is to drive victims to a Dark Caracal relies on Android surveillanceware apps to ”watering hole” controlled by Dark social engineering via activate a mobile device’s camera, Caracal that provides trojanized posts on a Facebook microphone, GPS, or steal data from up to versions of popular messaging apps. groups and WhatsApp 15 different locations on the device. messages.

  23. ViperRAT FrozenCell xRAT Sophisticated surveillanceware APT C-23 targeting Palestinian individuals Initially used against pro-democracy targeting the Israeli Defense Forces. and organizations with trojanized activists in Hong Kong in 2014, targets iOS and Android. education and social media apps including facebook, WhatsApp, Targets suggests state sponsored Messenger, and LoveChat.

  24. BancaMarStealer BANKING TROJAN

  25. Over 60 international financial institutions

  26. Real Fake

  27. Real Fake

  28. Real Fake

  29. Phishing is the #1 cybersecurity risk globally

  30. Lookout Phishing Statistics PHISHING SITE ENCOUNTER RATE 1.00 0.9 0.75 0.5 0.50 0.4 0.25 0.2 0.1 0.1 0 2011 2012 2013 2014 2015 2016 | CONFIDENTIAL AND PROPRIETARY

  31. Lookout Phishing Statistics PHISHING SITE ENCOUNTER RATE • The rate at which users are receiving and clicking on Phishing URLs has increased 85% YoY since 2011. • Even with existing phishing protection and user training 56% of Lookout users received and clicked on a phishing URL*. • Those 56% of users clicked on an average of 6 phishing URLs per year over that same time. * 2014-2016 | CONFIDENTIAL AND PROPRIETARY

  32. mobile phishing protection 
 requires a different approach

  33. CORPORATE SECURE EMAIL ENDPOINT FIREWALL GATEWAY ANTI-VIRUS CORPORATE EMAIL

  34. CORPORATE SECURE EMAIL ENDPOINT FIREWALL GATEWAY ANTI-VIRUS CORPORATE EMAIL Deb Hey Aaron, check out these pics from Phishing Attack Blocked the picnic! http://www.picserver.net/picnic OK. Thanks! More Info Proceed Anyway message

  35. Mobile Endpoint Security Threat Detail Device remediation � 35

  36. Lookout Mobile Endpoint Security MOBILE RISK MATRIX Apps Risks Device Risks Network Risks Web & Content Risks • Trojans, ransomware, 
 • Advanced OS • Man-in-the-middle • Mobile phishing rootkits compromise attacks attacks (Pegasus) • App vulnerabilities • Host certificate • Malicious files (e.g. • Unpatched devices due to poor coding hijacking Stagefright) • Non-compliant apps • Known CVEs* • SSLstrip • Browser vulnerabilities that leak data (e.g. Trident) • Risky device • TLS protocol • Sideloaded apps that • Browsing to risky configurations downgrades bypass app stores websites • User-initiated • Rogue wifi detection jailbreak/root

  37. COME AND TALK TO US AT BOOTH 250

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types & Techniques 3. Phishing Stats & Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

478 views • 24 slides
Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

530 views • 20 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

255 views • 13 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

711 views • 34 slides
Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

264 views • 24 slides
PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos & Practical INTRODUCTION

565 views • 27 slides
Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring: What is phishing? How phishing can damage a business What are the difgerent types of phishing? How to spot a phishing email What to do if

159 views • 12 slides
of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

PhishEye: Xiao Han Nizar Kheir Live Monitoring Davide Balzarotti of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd Quarter 2016] All time high record

921 views • 59 slides
Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing 2. Strategic defense techniques 3. A new client based solution: DOMAntiPhish 4. Conclusions Nature of Phishing Statistics from the Anti

536 views • 31 slides
Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke

Ne Needle in a Haystack: : Tracking Do Down Elite Ph Phishing g Dom Domains in the Wild Ke Tian, Steve T.K. Jan , Hang Hu, Danfeng Yao, Gang Wang Computer Science, Virginia Tech Phishing is a Big Th Threat Phishing: fraudulent attempt

411 views • 30 slides
Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able to: Define phishing Identify signs of a potential phishing email Know where to report phishing emails to and how to report them

168 views • 15 slides
Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why

Phishing By: Joanna Georgiou Dhamija, R., Tygar, J. D., & Hearst, M. (2006, April 22). Why Phishing Works. Gelernter, N., Kalma, S., Magnezi, B., & Porcilan, H. (2017). The Password Reset MitM Attack. What is Phishing? Dhamija, R.,

528 views • 50 slides
Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition of spear phishing Why is spear phishing so valuable to attackers Spear phishing defenses / countermeasures Training concepts and delivery

434 views • 8 slides
Social Engineering Phishing & More Phishing Fake Email Accounts Real Email Accounts

Social Engineering Phishing & More Phishing Fake Email Accounts Real Email Accounts

Social Engineering Phishing & More Phishing Fake Email Accounts Real Email Accounts DrLaneA@mail.com b.miller@tcu.edu Bursar-SecureServices@me.com jbickford@necc.mass.edu No proof of identity Could already be compromised

343 views • 7 slides
Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing

Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing

Id Identify fy a Phishing Attack CWU Information Security Services Id Identify fy a Phishing Attack An email address that tries to disguise itself as legitimate Outlook Team <msOutlook@outlook.com> Confirm Acount Details Hello

108 views • 7 slides
Analyzing the Effectiveness of Phishing at Network Level Sagar Mehta, Nitya Sundareswaran, Kevin

Analyzing the Effectiveness of Phishing at Network Level Sagar Mehta, Nitya Sundareswaran, Kevin

Analyzing the Effectiveness of Phishing at Network Level Sagar Mehta, Nitya Sundareswaran, Kevin D. Fairbanks, Nick Feamster Motivation Source - Phishing Activity Trends Report July, 2006 , Anti-Phishing workgroup Our work done from Jan

395 views • 24 slides
IETF middleware highlights Leif Johansson SWAMI.se IETF Internet Engineering Task Force

IETF middleware highlights Leif Johansson SWAMI.se IETF Internet Engineering Task Force

IETF middleware highlights Leif Johansson SWAMI.se IETF Internet Engineering Task Force Internet-Drafts turns into RFCs by magic: NEA Patches? We don't need no stinkin' patches! NEA Network Endpoint Assessment Network Admission

396 views • 16 slides
CS344M Autonomous Multiagent Systems Patrick MacAlpine Department or Computer Science The

CS344M Autonomous Multiagent Systems Patrick MacAlpine Department or Computer Science The

CS344M Autonomous Multiagent Systems Patrick MacAlpine Department or Computer Science The University of Texas at Austin Good Afternoon, Colleagues Patrick MacAlpine Good Afternoon, Colleagues Are there any questions? Patrick MacAlpine

587 views • 35 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
CS7038 - Malware Analysis - Wk05.1 Static Analyzers Coleman Kane kaneca@mail.uc.edu February 7,

CS7038 - Malware Analysis - Wk05.1 Static Analyzers Coleman Kane kaneca@mail.uc.edu February 7,

CS7038 - Malware Analysis - Wk05.1 Static Analyzers Coleman Kane kaneca@mail.uc.edu February 7, 2017 Signature-based Anti-Virus Systems By far, the most popular weapon against cyber attacks is signature-based antivirus software. When

709 views • 12 slides
OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers Cryptography Network security System security Web security (recap) Protection File systems implement a protection system Who

800 views • 30 slides
Digital Privacy: Hands-on Tactics & Tools for Libraries Workshop 2 1 About Us This is a

Digital Privacy: Hands-on Tactics & Tools for Libraries Workshop 2 1 About Us This is a

Digital Privacy: Hands-on Tactics & Tools for Libraries Workshop 2 1 About Us This is a collaboration with: Brooklyn Public Library Metropolitan New York Library Council (METRO) New America and London School of Economics

660 views • 55 slides
Technology Department Bob Pattison IT Director Joe Thomas PC Technician Julius Ramirez

Technology Department Bob Pattison IT Director Joe Thomas PC Technician Julius Ramirez

Technology Department Bob Pattison IT Director Joe Thomas PC Technician Julius Ramirez PC Technician Budget $184,013 1200 computers VPN with town Interface between

503 views • 6 slides
Malicious Code Karlstads universitet mCrowds: Anonymity for the mobile Internet Karlstads

Malicious Code Karlstads universitet mCrowds: Anonymity for the mobile Internet Karlstads

2005-10-12 Malicious Code an Increasing Problem Malicious Code Karlstads universitet mCrowds: Anonymity for the mobile Internet Karlstads universitet DAV C19 Applied Security 2 Datavetenskap 2005-10-12 Datavetenskap 2005-10-12 Media

442 views • 7 slides

More recommend