hp-security-research-cyber-risk-report-pdf-2-w-1408

Recommendations

Info

HP Security Research | Cyber Risk Report 2015One attack used Web injections andsocial engineering to install fakebanking appsonto smartphones.SMS malwareSending SMS messages to premium-line numbers was the first payload used by Androidmalware writers. This technique was particularly useful in Europe, where SMS still remains oneof the more popular services allowing vendors to monetize their services (it allows users to payfor small items, such as ringtones, by sending SMS messages).The popularity of premium SMS services and instant payments to service providers in Europeprovided malware writers with a platform that they successfully used to their financial benefitfor several years. SMS malware usually pretended to be a game or a similarly interesting app,but soon after the user granted the app permission to send SMS messages, it would startsending them to the premium lines, making users pay an unexpected price premium for whatshould have been free.Opfake, Boxer, and Fakeinst are the most common families in Android SMS malware.It is worth noting that most of the SMS Trojans target Russians and citizens of other countries ofthe former Soviet Union. However, the time of SMS Trojans may be coming to an end. KasperskyLabs <strong>research</strong>ers have attributed an increase in the number of discovered Android SMS Trojansshortly before July to new rules introduced by the Russian telecom regulator for servicespaid by SMS. These new rules mean that the providers of SMS services now need to send aconfirmation code to users, which must be confirmed by the user before continuing on to use apremium line service.However, it is more likely that the writers of SMS malware are simply regrouping and workingon addressing those new rules. It is likely that we will continue to see SMS Trojans, especially inEurope, in the foreseeable future.Banking TrojansBanking Trojans became more prolific this year, with several families designed to attack thetransaction authorization system that uses mTANs sent to users’ smartphones over SMS. TheAndroid.Trojan.Faketoken family intercepts SMS messages from banks in order to forward themto locations controlled by the attacker.This attack was first employed in a mobile component of the Zeus (Zitmo) family, whichcoordinated attacks on users of Internet banking by using Web injections and social engineeringto install fake banking apps onto smartphones. Once a user logged into Internet bankingthrough the desktop browser, the desktop component of Zeus (Zbot) would conduct afraudulent transaction, often using an automated transaction system (ATS) built from theJavaScript code injected by Zbot.The mobile component was essential for intercepting and forwarding the mTAN required toconclude the fraudulent transaction. Stealing and forwarding mTANs is the most commonlyseen function for mobile banking malware.103http://www.symantec.com/connect/blogs/windows-malware-attempts-infect-androiddevices.38
HP Security Research | Cyber Risk Report 2015A second common attack pattern, mostly targeting Korean banks, is delivered as a fake mobilebanking app that attempts to replace existing mobile banking apps with malicious copies. Oneof the more interesting examples was Android.Trojan.Gepaw, discovered in January. Gepawwas one of the first Android malware samples to be purposefully installed by its Windowscomponent if an Android device was connected to a desktop. 103Overall, 2014 was a significant year for mobile banking malware, but we have not yet seen itreaching the potential we have observed with Windows banking malware. We will continue tocarefully monitor the development of mobile banking malware in 2015.Figure 16. Number of Android banking Trojan samples discovered monthly during 2014 by ReversingLabs1,000800High9186004002000Low41Jan Feb Mar Apr May Jun Jul Aug Sep Oct NovConclusionThe targets rise and fall, but the overall trend in volume is unambiguous: Malware threatsare more widespread and pernicious than ever. The creators of malware have becomesmarter and more aggressive and will continue to do so, both developing new forms of attackand repurposing older approaches and known vulnerabilities. It continues to be critical forenterprises to ensure all systems are protected, regardless of platform; though not a cure-all,anti-malware protections remain an effective defense, particularly against attacks aimed atlong-known vulnerabilities. Those ongoing efforts are the proper and measured response tothose in the industry who seem to dismiss the usefulness of anti-malware protections. Theywon’t catch every attack by modern malware, but they’ll miss 100 percent of the threats they’renot deployed against.39
Page 1 and 2: BrochureHP SecurityResearchCyber Ri
Page 3 and 4: HP Security Research | Cyber Risk R
Page 37: HP Security Research | Cyber Risk R
Page 74: HP Security Research | Cyber Risk R

hp-security-research-cyber-risk-report-pdf-2-w-1408

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?