1 / 20

Cyber Security Project

Cyber Security Project. Team: Sukhada Kulkarni Anoop Vintha Yashwanth Takena Shajay Jayaprakasan. Research Topics. Smartphone Malware Cross-site scripting CloudFlare Social Engineering. Smartphone Malware. 85% of the world population uses smartphone

oleg-kim
Télécharger la présentation

Cyber Security Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security Project Team: SukhadaKulkarni AnoopVintha YashwanthTakena ShajayJayaprakasan

  2. Research Topics • Smartphone Malware • Cross-site scripting • CloudFlare • Social Engineering

  3. Smartphone Malware • 85% of the world population uses smartphone • Android OS to suffer more cybercriminal attacks • Increased by 63% between 2012- 13 • Malicious Google Apps in Google play quadrupled between 2011- 13 Source: http://www.infoworld.com/d/security/report-android-malware-and-spyware-apps-spike-in-the-google-play-store-236702

  4. Differentways to hack • Apps Downloadable from Google Play • Constructing Malware Apps as Legitimate as possible • More Chargeware type of Apps which employs deceptive charging practices to siphon payments • Targeting most addictive and popular Android games like FlappyBird • Inserted Malware in game sends mobile related information like IMEI number or mobile OS version number to hackers Source:http://blog.trendmicro.com/trendlabs-security-intelligence/1730-malicious-apps-still-available-on-popular-android-app-providers/

  5. Differentways to hack • Mobile Botnets • Gain control of the victim’s handset, collects contact lists, phone numbers, message details, geo-location data from the compromised device. • MDK Trojan, which uses Advanced Encryption Standard (AES) algorithms to encrypt data and remain in stealthy mode and thus closing the way for security researchers to conduct malware analysis. • MisoSMS, mobile botnet known to steal SMS messages from the infected phone.

  6. Differentways to hack • Mobile Banking Trojans • Majority of mobile malware targeted user’s money and bankcards • Zeus in the Mobile (ZITMO), designed to run on Android operating system which steal the Mobile Transaction Authorization Numbers (mTANs) without mobile users noticing • Malware in QR code scanners • MQR Codes are growing in popularity and seem to be popping up everywhere. • Hackers are using them to disguise the ultimate address stored in the QR code which may lead to maliciously install malware on devices, or direct them to questionable websites.

  7. Android: SHODAN Findings • Used Python program and the API to extract android related data • Performed penetration testing to check for Android devices which are vulnerable

  8. Android: HackerWeb Analytics Android Related Posts Author Rankings

  9. Cross Site Scripting • Cross-site scripting was revealed as the most common weakness making up to 55% of vulnerabilities in 2013. • Cross-site scripting is increasingly common in the cloud computing world, up more than 160% in the fourth quarter of 2012. • Cross-site scripting has become the most common security vulnerability with 68% of websites as likely open to XSS attacks.

  10. Findings from Shodan • The following logic is used to decide if the site is secured or not: X-XSS-Protection: 1; mode=block  Site is secured X-XSS-Protection: 0 Site is not secured • Using Sodan search, we found sites which are not secured by finding the string “X-XSS-Protection: 0 across the various sites. The distribution of the unsecured sites was plotted using the data collected.

  11. Findings from HackerWeb • The theme breakdown shows common motives behind the exploited cross site scripting.

  12. CloudFlare Security • CloudFlare provides performance and security for any website. Hundreds of thousands of websites use CloudFlare • CloudFlare is neither hardware nor software. It works at the DNS level • CloudFlare learns from data, it tracks traffic and any sudden change/increase is investigated to asses whether it is legitimate or an attack.

  13. CloudFlare IP Resolvers • From Hacker Web posts we found some of the ways to hack cloudflare and get the website real IP address. A quick way to get the real IP off of any forum which uses CloudFlareDDoSprotection • Go to http://iplogger.org/getnewid.php and copy the 3rd link in the boxes • Go to any forum where you can change your avatar. /usercp.php?action=avatarStep • Paste the image url retrieved from IPLogger earlier and click on change avatar. • Get back to IPLogger and click "View Log." button. This forwards to a statistics page where real IP address can be found.

  14. CloudFlare Hacker’s Solution The following steps can ensure proper protection and does not allow any malware into the cloudflare community • Go to CloudFlare.com, login to your account and add your domain to account. • It scans all your DNS Records and let you update name servers to cloudflare’s • Update your name servers and wait for cloudflare to activate. Wait for CloudFlare to activate your domain (You will get an email when it is done). • Go Login to your cloudflare account • Click the gear beside your domain name and click DNS settings • Delete all the records except these two and click on I'm done

  15. CloudFlare: HackerWeb Analytics CloudFlare Related Posts Author Rankings

  16. Sentiment Analysis: Threats • Analysis of hackerweb forums reveal IP resolver and DDoS attacks are mostly talked about • Text analysis is done to find what kind of attacks is Cloudflare mostly prune to • HackerWeb forums analyzed: Vctool, Anon, elitehack, hackhoud, icode

  17. Social Engineering • Popular tool for cybercriminals to get hands on confidential information • The attack vector is a combination of psychological and technical ploys • Social engineering attacks are on the rise, 48 percent of large companies have been targeted past 2 years • The volume and sophistication of the mobile threats are also increasing. The mobile world makes it much easier for hackers to monetize attacks.

  18. Sentiment Analysis: targets • Analysis of hackerweb forums reveal financial services such as bank accounts are the primary targets • Retail outlets payment services and email accounts follow closely in the list • HackerWeb forums analyzed: Vctool, Anon, elitehack, hackhoud, icode

  19. Sentiment Analysis: Medium • Software and Internet are the primary channel of attacks • Phone and SMS Phishing has also surged in the past few years. • The common targets of social engineering are students, corporate executives, countries and religious groups.

  20. References • http://midsizeinsider.com/en-us/article/mobile-applications-the-launch-pad-for • http://www.zdnet.com/banking-trojans-emerge-as-dominant-mobile-malware-threat-7000026707/ • http://www.infoworld.com/d/security/report-android-malware-and-spyware-apps-spike-in-the-google-play-store-236702 • http://tech.firstpost.com/news-analysis/android-malware-increasing-tips-protect-phone-218395.html • https://www.cloudflare.com/ • http://arstechnica.com/security/2014/02/biggest-ddos-ever-aimed-at-cloudflares-content-delivery-network/ • http://shodanio.wordpress.com/2014/01/13/shodan-google-spreadsheets/ • https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer-SHODAN.pdf • https://www.virusbtn.com/index

More Related