230 likes | 556 Views
Cyber Security Project. Team: Sukhada Kulkarni Anoop Vintha Yashwanth Takena Shajay Jayaprakasan. Research Topics. Smartphone Malware Cross-site scripting CloudFlare Social Engineering. Smartphone Malware. 85% of the world population uses smartphone
E N D
Cyber Security Project Team: SukhadaKulkarni AnoopVintha YashwanthTakena ShajayJayaprakasan
Research Topics • Smartphone Malware • Cross-site scripting • CloudFlare • Social Engineering
Smartphone Malware • 85% of the world population uses smartphone • Android OS to suffer more cybercriminal attacks • Increased by 63% between 2012- 13 • Malicious Google Apps in Google play quadrupled between 2011- 13 Source: http://www.infoworld.com/d/security/report-android-malware-and-spyware-apps-spike-in-the-google-play-store-236702
Differentways to hack • Apps Downloadable from Google Play • Constructing Malware Apps as Legitimate as possible • More Chargeware type of Apps which employs deceptive charging practices to siphon payments • Targeting most addictive and popular Android games like FlappyBird • Inserted Malware in game sends mobile related information like IMEI number or mobile OS version number to hackers Source:http://blog.trendmicro.com/trendlabs-security-intelligence/1730-malicious-apps-still-available-on-popular-android-app-providers/
Differentways to hack • Mobile Botnets • Gain control of the victim’s handset, collects contact lists, phone numbers, message details, geo-location data from the compromised device. • MDK Trojan, which uses Advanced Encryption Standard (AES) algorithms to encrypt data and remain in stealthy mode and thus closing the way for security researchers to conduct malware analysis. • MisoSMS, mobile botnet known to steal SMS messages from the infected phone.
Differentways to hack • Mobile Banking Trojans • Majority of mobile malware targeted user’s money and bankcards • Zeus in the Mobile (ZITMO), designed to run on Android operating system which steal the Mobile Transaction Authorization Numbers (mTANs) without mobile users noticing • Malware in QR code scanners • MQR Codes are growing in popularity and seem to be popping up everywhere. • Hackers are using them to disguise the ultimate address stored in the QR code which may lead to maliciously install malware on devices, or direct them to questionable websites.
Android: SHODAN Findings • Used Python program and the API to extract android related data • Performed penetration testing to check for Android devices which are vulnerable
Android: HackerWeb Analytics Android Related Posts Author Rankings
Cross Site Scripting • Cross-site scripting was revealed as the most common weakness making up to 55% of vulnerabilities in 2013. • Cross-site scripting is increasingly common in the cloud computing world, up more than 160% in the fourth quarter of 2012. • Cross-site scripting has become the most common security vulnerability with 68% of websites as likely open to XSS attacks.
Findings from Shodan • The following logic is used to decide if the site is secured or not: X-XSS-Protection: 1; mode=block Site is secured X-XSS-Protection: 0 Site is not secured • Using Sodan search, we found sites which are not secured by finding the string “X-XSS-Protection: 0 across the various sites. The distribution of the unsecured sites was plotted using the data collected.
Findings from HackerWeb • The theme breakdown shows common motives behind the exploited cross site scripting.
CloudFlare Security • CloudFlare provides performance and security for any website. Hundreds of thousands of websites use CloudFlare • CloudFlare is neither hardware nor software. It works at the DNS level • CloudFlare learns from data, it tracks traffic and any sudden change/increase is investigated to asses whether it is legitimate or an attack.
CloudFlare IP Resolvers • From Hacker Web posts we found some of the ways to hack cloudflare and get the website real IP address. A quick way to get the real IP off of any forum which uses CloudFlareDDoSprotection • Go to http://iplogger.org/getnewid.php and copy the 3rd link in the boxes • Go to any forum where you can change your avatar. /usercp.php?action=avatarStep • Paste the image url retrieved from IPLogger earlier and click on change avatar. • Get back to IPLogger and click "View Log." button. This forwards to a statistics page where real IP address can be found.
CloudFlare Hacker’s Solution The following steps can ensure proper protection and does not allow any malware into the cloudflare community • Go to CloudFlare.com, login to your account and add your domain to account. • It scans all your DNS Records and let you update name servers to cloudflare’s • Update your name servers and wait for cloudflare to activate. Wait for CloudFlare to activate your domain (You will get an email when it is done). • Go Login to your cloudflare account • Click the gear beside your domain name and click DNS settings • Delete all the records except these two and click on I'm done
CloudFlare: HackerWeb Analytics CloudFlare Related Posts Author Rankings
Sentiment Analysis: Threats • Analysis of hackerweb forums reveal IP resolver and DDoS attacks are mostly talked about • Text analysis is done to find what kind of attacks is Cloudflare mostly prune to • HackerWeb forums analyzed: Vctool, Anon, elitehack, hackhoud, icode
Social Engineering • Popular tool for cybercriminals to get hands on confidential information • The attack vector is a combination of psychological and technical ploys • Social engineering attacks are on the rise, 48 percent of large companies have been targeted past 2 years • The volume and sophistication of the mobile threats are also increasing. The mobile world makes it much easier for hackers to monetize attacks.
Sentiment Analysis: targets • Analysis of hackerweb forums reveal financial services such as bank accounts are the primary targets • Retail outlets payment services and email accounts follow closely in the list • HackerWeb forums analyzed: Vctool, Anon, elitehack, hackhoud, icode
Sentiment Analysis: Medium • Software and Internet are the primary channel of attacks • Phone and SMS Phishing has also surged in the past few years. • The common targets of social engineering are students, corporate executives, countries and religious groups.
References • http://midsizeinsider.com/en-us/article/mobile-applications-the-launch-pad-for • http://www.zdnet.com/banking-trojans-emerge-as-dominant-mobile-malware-threat-7000026707/ • http://www.infoworld.com/d/security/report-android-malware-and-spyware-apps-spike-in-the-google-play-store-236702 • http://tech.firstpost.com/news-analysis/android-malware-increasing-tips-protect-phone-218395.html • https://www.cloudflare.com/ • http://arstechnica.com/security/2014/02/biggest-ddos-ever-aimed-at-cloudflares-content-delivery-network/ • http://shodanio.wordpress.com/2014/01/13/shodan-google-spreadsheets/ • https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer-SHODAN.pdf • https://www.virusbtn.com/index