threat lands
DESCRIPTION
Bangsar South City Knowledge Clinics - Online Security & Data Protection on 30 June 2011TRANSCRIPT
![Page 1: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/1.jpg)
Protecting the irreplaceable | f-secure.com
THREAT LANDS
Presented by Goh, Su GimSecurity Advisor, Asia
F-Secure Response Labs
![Page 2: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/2.jpg)
About me
• 10 years in the IT Security industry
• IT network security infrastructure design
• Assessment and penetration testing
• Standards and Compliance
• Security Operation Center / Incident Response
• Born and Raised in Malaysia
• Spent 12 years in Hawaii, USA
• Joined F-Secure about 9 months ago, now based in F-Secure Response Labs, Kuala Lumpur
April 10, 20232
![Page 3: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/3.jpg)
Agenda
• About F-Secure
• The Threat Landscape today
• Social Media Networking
• More than just $$
• The un-tethered world
• Malware for the mobile world
![Page 4: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/4.jpg)
•10 April 2023
![Page 5: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/5.jpg)
![Page 6: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/6.jpg)
© F-Secure / PublicApril 10, 2023
6
![Page 7: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/7.jpg)
F-Secure - Summary
1988 Founded
Today
2007
1999 IPO (Helsinki Stock Exchange)
• “Protecting the irreplaceable”• Enabling the safe use of computers and smartphones
• Strong solution portfolio covering both consumers and business
• The leading Software as a Service (SaaS) partner for operators globally• Over 200 operator partnerships in more than 40 countries
• Strong market presence in Europe, North America and Asia
• Distributors/resellers in more than 100 countries
• 20 offices globally and over 800 professionals worldwide
![Page 8: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/8.jpg)
F-Secure in Malaysia
April 10, 2023
8
• Operations started 2006
• KL Sentral office opened 2006
• Moved to Bangsar South May 2009
• Today, 2011, 25% of the employees in Asia
2005 2006 2007 2008 2009 2011
![Page 9: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/9.jpg)
The Virus Eras
© F-Secure / PublicApril 10, 2023
9
FLOPPY
LAN
WEB
FACEBOOK, MYSPACE, TWITTER, LINKEDIN?
MOBILE MALWARE???
![Page 10: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/10.jpg)
http://campaigns.f-secure.com/brain/index.html
© F-Secure / PublicApril 10, 2023
10
![Page 11: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/11.jpg)
Malware Attacks 1986 - 2011
• 1986 -Hobbyist attacks
• 2002 - Financial attacks
• 2005 - Spying / Espionage
• 2010 -Cyber Sabotage
© F-Secure CorporationApril 28, 2010
11
![Page 12: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/12.jpg)
![Page 13: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/13.jpg)
![Page 14: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/14.jpg)
![Page 15: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/15.jpg)
![Page 16: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/16.jpg)
![Page 17: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/17.jpg)
© F-Secure / PublicApril 10, 2023
17
![Page 18: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/18.jpg)
© F-Secure / PublicApril 10, 2023
18
![Page 19: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/19.jpg)
Hmm.. Is that my ex-girlfriend viewing my profile?
© F-Secure / PublicApril 10, 2023
19
![Page 20: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/20.jpg)
© F-Secure / PublicApril 10, 2023
20
![Page 21: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/21.jpg)
© F-Secure / PublicApril 10, 2023
21
![Page 22: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/22.jpg)
FB’s FAQ
© F-Secure / PublicApril 10, 2023
22
![Page 23: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/23.jpg)
LIKE JACKING
© F-Secure / PublicApril 10, 2023
23
![Page 24: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/24.jpg)
© F-Secure / PublicApril 10, 2023
24
![Page 25: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/25.jpg)
© F-Secure / PublicApril 10, 2023
25
![Page 26: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/26.jpg)
© F-Secure / PublicApril 10, 2023
26
![Page 27: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/27.jpg)
Critical Infrastructure
![Page 28: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/28.jpg)
![Page 29: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/29.jpg)
![Page 30: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/30.jpg)
![Page 31: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/31.jpg)
Stuxnet
![Page 32: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/32.jpg)
![Page 33: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/33.jpg)
STUXNET
Windows
Worm Uses 5
Vulnerabilities*
Spreads via
USB sticks
* 4 zero-days
![Page 34: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/34.jpg)
Signed component – the stolen certificate
![Page 35: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/35.jpg)
Stuxnet is big
AverageMalware50-100 KB
Stuxnet1,5 MB
![Page 36: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/36.jpg)
Siemens Simatic Step7 WinCC PLC
![Page 37: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/37.jpg)
6es7-417
![Page 38: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/38.jpg)
![Page 39: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/39.jpg)
Bushehr / Natanz
![Page 40: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/40.jpg)
CASE: hosting.ua – the Ukrainian Datacenter
© F-Secure / PublicApril 10, 2023
40
![Page 41: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/41.jpg)
![Page 42: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/42.jpg)
Spring cleaning gone bad…
© F-Secure / PublicApril 10, 2023
42
![Page 43: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/43.jpg)
![Page 44: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/44.jpg)
![Page 45: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/45.jpg)
UNTETHERED
© F-Secure / PublicApril 10, 2023
45
![Page 46: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/46.jpg)
The big brother aka 大哥大
April 10, 202346
![Page 47: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/47.jpg)
The battlefield today..
April 10, 202347
![Page 48: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/48.jpg)
The ever growing Smartphone…
April 10, 202348
“53% of Chinese citizens in key urban centres own a smartphone,
well ahead of countries like the US, where penetration stands at
around 30%, and Japan, on 10%” Consultancy Accenture
“Smartphones to break 100 million shipment mark in Asia/Pacific (Excluding Japan) by 2011” - IDC
“IDC expects 137 million units in 2011,
double the units in 2010”
![Page 49: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/49.jpg)
Smartphone market share: Today and Tomorrow
April 10, 202349
![Page 50: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/50.jpg)
Android overtakes BlackBerry as Top US Smartphone platform
April 10, 202350
![Page 51: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/51.jpg)
WHAT CAN MOBILE MALWARE DO???
• PERSONAL DATA DISCLOSURE
• PHISHING
• SPYWARE
• DIALERWARE
• FINANCIAL MALWARE
April 10, 202351
![Page 52: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/52.jpg)
Huike.cn serving Windows Mobile apps
April 10, 202352
![Page 53: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/53.jpg)
3D Anti-Terrorist
April 10, 202353
![Page 54: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/54.jpg)
Windows Mobile Trojan
• Poses as 3D Anti-Terrorist Action War Game
• Developed by Beijing Huike Technology in China
• Distributed in windows freeware download sites
• Packaged with virus written in Russia
• Malicious code initiate silently international calls to Premium Numbers
April 10, 202354
![Page 55: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/55.jpg)
A Dialerware example
April 10, 202355
![Page 56: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/56.jpg)
Dialerware continued..
April 10, 202356
![Page 57: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/57.jpg)
The numbers
• +882346077 Antarctica
• +17675033611 Dominican republic
• +88213213214 EMSAT satellite prefix
• +25240221601 Somalia
• +2392283261 São Tomé and Príncipe
• +881842011123 Globalstar satellite prefix
![Page 58: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/58.jpg)
www.keyzone-telemedia.com
April 10, 202358
![Page 59: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/59.jpg)
www.premium-rates.com
April 10, 202359
![Page 60: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/60.jpg)
![Page 61: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/61.jpg)
Geinimi, Aka 給你米• Android BOT
• Opens a backdoor and calls home
• Calls home to various servers:
April 10, 202361
www.frijd.comwww.aiucr.com www.uisoa.comwww.islpast.comwww.piajesj.comwww.qoewsl.comwww.weolir.comwww.riusdu.comwww.widifu.comwww.udaore.com
![Page 62: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/62.jpg)
The Variants… HongTouTou 紅頭頭 / ADRD
• Targeting users in China
• Distributed on free file sharing websites as wallpaper apps
• Gather IMEI/IMSI - encrypted
• Search as a mobile user
• Emulate clicks as a mobile user
• Monitor SMS conversations
April 10, 202362
![Page 63: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/63.jpg)
Do Androids Dream? [THE MOTHER OF THEM ALL]
• Root your phone (Admin access)
• Sends IMEI/IMSI to remote server
• Steals sensitive data
• More than 50 applications infected
• Repackaged by app developer by
• Myournet
• Kingmail2010
• we20090202
• Hosted on Android Market
• 50,000 to 200,000 downloads in 4 days
April 10, 202363
DroidDream
![Page 64: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/64.jpg)
Trojanised apps by Myournet
April 10, 202364
Falling DownSuper Guitar SoloSuper History EraserPhoto EditorSuper Ringtone MakerSuper Sex PositionsHot Sexy VideosChess下坠滚球 _FalldownHilton Sex SoundScreaming Sexy Japanese GirlsFalling Ball DodgeScientific CalculatorDice Roller躲避弹球Advanced Currency ConverterApp Uninstaller几何战机 _PewPewFunny PaintSpider Man蜘蛛侠
![Page 65: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/65.jpg)
Real App on left and virused-up version (Myournet)
April 10, 202365
![Page 66: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/66.jpg)
In case of emergency, press this:
April 10, 202366
The KILL SWITCH
![Page 67: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/67.jpg)
• On March 1st 2011, Google yanked 58 apps in Android Market
• March 6th, Google created the Android Market Security Tool to REMOTELY remove the malicious apps and the DroidDream trojan from hundreds of thousands of devices
• Gives me a mixed feeling…
April 10, 202367
The Google KILL SWITCH
![Page 68: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/68.jpg)
April 10, 202368
Fake Google Security Patch4 days later..
Hijacked and retooled Google’s Android Market Security Tool
Distributed by an unregulated Chinese app market
Detected by Symantec as BgService running on infected devicesTrojan sends SMS to a command and control server
And so it was nice and dandy...
![Page 69: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/69.jpg)
Multiple Sources for App Downloading “SIDELOADING”
© F-Secure / ConfidentialApril 10, 202369
![Page 70: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/70.jpg)
Yingyonghui.com
© F-Secure ConfidentialApril 10, 202370
![Page 71: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/71.jpg)
© F-Secure ConfidentialApril 10, 202371
![Page 72: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/72.jpg)
“SIDELOADING” : Androiddownloadz.com
April 10, 202372
![Page 73: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/73.jpg)
April 10, 202373
Eventually, virus writerswill realize it's easier to makemoney by infecting phonesthan by infecting computers
![Page 74: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/74.jpg)
April 10, 202374
So how do I protect myself?
![Page 75: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/75.jpg)
April 10, 202375
(1) TRUSTED & REPUTABLE SOURCES
• Download from reputable app markets
• Avoid third party app stores (Sideloading)
• Review developer name, reviews and star ratings
• If it is too good to be true.. IT IS
• There is NO FREE LUNCH
![Page 76: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/76.jpg)
April 10, 202376
(2) Scrutinize permissions
• Check on permissions when installing an app
• Ensure the permissions match the features it provides
![Page 77: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/77.jpg)
April 10, 202377
(3) Auto-locking, reset and wipe (Housekeeping)
• Automatic locking after a few minutes of no activity
• Reset and wipe when disposing or recycling your phone
![Page 78: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/78.jpg)
April 10, 202378
(4) Install a mobile security app
• Install an Anti-virus for your SmartPhone against trojans/viruses/malware
• Other security vendor features (Anti Theft) include
• Remote Wipe, Lock & Alarm
• Remote Alarm
• GPS Locator
• Remote backup
![Page 79: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/79.jpg)
April 10, 202379
Keeping yourself posted…
• www.f-secure.com/weblog
• F-Secure
• mikkohypponen
• sugimgoh
![Page 80: Threat Lands](https://reader034.vdocument.in/reader034/viewer/2022052618/5484b6f5b4af9fd95e8b4602/html5/thumbnails/80.jpg)
April 10, 202380
THE END
Q&A?