How Do I Sign Iowa Banking Word

How do i industry sign banking iowa word mobile

hello everyone this is JT keating vice president of product strategy ads Imperium like to welcome you to another one of our webinars and this particular thread that we're pulling on a little bit which is very much a part of a theme starting with some announcements made over the last couple weeks with Google and some the others and that's specifically around the detection of unknown mobile malware so we're gonna spend a little bit of time talking about this I highly recommend that you check out the blog that we have that goes into details of exactly the topic we're covering including the IOC's and some of the detailed techniques that go in there if you're trying to keep this webinar to 20 25 minutes and then QA if you have any questions if not we don't like to make them up and then we'll allow you to get back to the rest of your life and expedite the process of during the lunch to get a burger or having dinner what depends on where you are in the world so with that we're gonna dive in to how we detected mobile malware and one of the keys to this entire theme is there's an awful lot of people that throw around words like machine learning deep learning artificial intelligence but there's fewer significantly fewer that actually have it and when you actually have it how do you prove it right and there's multiple ways of going about doing that one of which clearly is detecting things that have never been seen before in the industry and documenting that we we've talked about some quantities which I'll talk about in terms of numbers we've been detecting but we also wanted to go into some a little bit of a depth which is what the blog is really doing about how we've actually detected these things so we're gonna level set real quick pretty clearly since we're detecting attacks but we always like to start this way mobile devices are under attack we know that because we have thousands of customers around the world with tens of millions of endpoints and 100% of those customers detect mobile threats and mobile attacks so 60 percent of typical devices accessing an enterprise today are mobile and they have on no visibility on them they don't have visibility on them until you put a solution likes Imperium on simple fact is they're being attacked - people just don't know it yet if they haven't turned the lights on our customers have turned the lights on and therefore know that they're being attacked so we always like to joke about kind of once somebody explains the FedEx logo to you you know that you see the arrow in the logo you can never unsee it now that we talk about this you're gonna see this everywhere and by the way if you really want to see this everywhere follow us on social media Twitter Linkedin we are a constant feed of mobile security mobile attack stories issues blogs updates so follow us please on on social media but you can see it's just it's just literally everywhere one of the keys is we talk about the laws of security one law of security that's been around for as long as I've been doing this is 20-plus years is the concept of persistence the bad guys want to be persistent as long as possible and any device that they actually compromised and there's been the case forever or they take our server whether they take over a SCADA system PCI I mean a point-of-sale system or a mobile device they want to stay persistent as long as possible in traditional endpoints bad guys could come in with a malicious app hence malware malicious software and they could go sideways through other apps and do other techniques to stay persistent on a device without ever actually having to compromise the device itself root access or or anything on those lines a rootkit and mobile it doesn't work that way on mobile all roads lead to compromised in the device the only way to be persistent and to be weaponized across the entire device on mobile because all apps are in containers their own little buckets is you actually have to elevate privilege above those containers you need to break above the container you need to be above the containers in order to look at other containers since apps can't play with apps that's the only way to do it so gaining root access malicious profile and Iowa something to elevate you above and beyond the containers then there's three other ways to actually deliver this an exploit to compromise the device we're gonna be talking about malicious apps obviously here so magnet spent a lot of time on all the recipes but the whole point is even with malicious apps malicious apps as a general rule are not the biggest concern from an enterprise standpoint reason I say that is the bad guys are very good at what they do it is a bad business model if I'm targeting XYZ bank to drop an app in the App Store and hope somebody from XYZ bank downloads it that's stupid they don't that makes no sense at all all the malicious apps that we see are first and foremost some variation of fraud or risk we're including the ones we're going to talk about today and they're untargeted as a general rule what what they with their design for is consumer fraud now can they deliver an exploit absolutely matter of fact the majority ones we're talking about today do exactly that but they are untargeted so we have to deal with them but we also have these other two vectors phishing 90% of breaches start with a phishing attack two-thirds of emails are read on mobile and by the way that's the corporate email which is where we have corporate yanti phishing protection there's all these other vectors on fishing on mobile that are totally outside of the traditional purview of corporations personal email SMS messaging apps that's where almost all the phishing is going now so so mobile fishing is a real issue and slightly more targeted than malicious apps you can be much more targeted kind of deliver an exploit absolutely the minute the browser starts processing the page you're hitting not only could you give up your credentials you could actually deliver an exploit to compromised the device the most efficient way to target XYZ bank in my fictitious example is actually to set up a fake Wi-Fi network or do a man-in-the-middle attack right by the offices of X Y Z Bank you wait till somebody from the bank connects to it's a it's a thinking it's a coffee shop or something then you can immediately scan the device determine what operating system it's on by the way they're almost always out of date because the user is the admin the user decides when they're going to update pick the right exploit for the right vulnerability compromise the device gun then the person walks back into the enterprise and you're good to go our data actually shows that 90% of targeted attacks start with a network attack said differently nine times out of ten the bad guy controls the network since the bad guy controls the network nine times out of ten you have to do your detection on device this is Gartner it comes from the market guide for mobile threat defense came out last week I highly suggest anybody that's interested in this go to our site you can actually download it for free and get the full copy of the full mobile threat defense space but you can see on device provides a better simple fact assets if the bad guy owns the network they're not going to send you to a cloud to do detection so what are the big differences in mobile as you do mobile EDR compared to traditional EDR for instance traditional EDR we own the network these are devices sitting on the corporation we know that we're going to be able to get to the cloud to do all our analysis and mobile that's not the case so in mobile you need to do detection on device we have one core engine called z9 and it does the detection of these four attack vectors what I'm going to dive into right now of course is how did we use the fact that we have these thousands of customers in tens of millions of endpoints around the world to actually detect some of these new families of a particular attacks again this is a webinar that's only you know 2025 minutes long I'm going to give you a little bit of a snapshot but what I really highly recommend is that you go back and you read the blog that's on our site and it actually goes into greater detail of exactly how these things occur so as we kind of look at this there's a question I mentioned there's a lot of people that talk about machine learning what's the best way to actually prove that your engine actually works there's multiple but what is the single best detecting things that have never been out there that have never been in any of these public repositories we do our global threat report we did one just a month or two ago and one of the things that we highlighted in that report is in the first half of the year we literally detected c9 out of these devices detected thousands of malicious apps that were not in virustotal or any other repository any other repository so that is obviously a great proof point because of that because of their own testing a couple weeks ago Google announced that we are actually part of a partnership with them where every single app going into the Google Play Store will be vetted through our engine it will be vetted through our engine before it gets into the App Store to determine whether or not it's malicious the exact same engine that's sitting on the devices because you know quick sidenote here we do our machine learning training in the cloud in the lab right once we determine what are effective indicators that we can use to effectively detect malicious apps or device exploits or network attacks or phishing that small little classifier is what gets put down on device and can operate even when the bad guy owns the network so we're not doing machine learning on the devices we're doing machine learning based detection on the devices the actual machine learning engine is up in the cloud is up in the lab so in the Google scenario were used to handling tens of millions of endpoints we're now going to be able to flow their apps through and be able to to that out which ones are malicious and which ones aren't so they've looked at it they thought it was cool enough to partner with us so that's perfect but now we wanted to give like I said a more wanted qualitative example of how we detected some malware that wasn't that was overlooking the industry now what's interesting about the ones that we blogged about we actually spend a little bit of time talking we're going to keep doing this but there was one thing that was particularly interesting to us when we actually kind of ran through the process that I'm about to step you here the thing that was actually really kind of great interest to us was a slew of malicious apps that were actually variations of salute of malware and malicious apps that have been out for years some of them since 2016 and so it fascinated us that similar to the traditional endpoint side of the world where I come from that it's there's morphing examples of malware that are even detect that are bypassing all the existing solutions so here because with machine learning when you first detect something it doesn't have a cute name like Bank bot right you just detected something that had a malicious activity malicious behavior that was clearly doing something to potentially elevate and you know break out of the container gain escalation or privileges conduct fraud in some way shape or form mimic another app whatever the individual behavior is we're like that's bad stop it it takes a secondary step to come back and go okay now let's kind of look at what it is so there's all these thousands of apps that we detected that were malicious and what we did was we said let's take a look at him and so the methodology that we used that again significantly more detailed in the in the blog post itself the methodology itself was z-9 of course was detecting this unknown malware on bikes so with all the folks that were run around the world all these sensors that we've got z-9 detected and stopped these unknown samples right and one of the questions that that I get a lot and it's in its a little bit of an old school question actually it's a lot of an old school question is oh so if one of your customers detects a particular type of malware how quickly can you make sure that all your other customers are protected and that's an old school question because it's based on the concept of signatures the simple fact is the exact same z9 engine that's in customer one is in customer two so if customer two comes across that same thing of malware it's going to detect it so in this case z9 detects this unknown malware on device the samples and all the data come back in and are analyzed by our system I mentioned that we literally look at tens of millions of data points you know so all this stuff is coming back in to our engine so that they can actually be analyzed secondarily so the customer the user is already been protected now it's a matter of saying ok what exactly is this thing and how can we continue to enhance the machine learning engine by what we're seeing and by the way if you actually again look at the blog post one other things you'll see is our z9 engine quite often our Z lab guys because they're the ones who create it the guys are wicked smart these guys are really really really good the initial code name they had for it was called cojito and if you actually look in the blog for each one of the samples that we use into diving into here they actually include the cojito score which is basically the z9 from our score 100% is there's zero questions on the history of the planet that this thing isn't not where right and then pretty darn close to it you know you can you can see what the samples on there all 90 plus percent but again totally unknown does you're not in any databases where they are now but they weren't there right so we detected on device all the metadata and samples get run through it we noticed a strong correlation as I was mentioning between some of these new unknown samples these things were getting detected that we're not in any database with a bunch of well known malware samples and I'm going to talk about which ones those were and even a little bit about what some of the some of the correlations were a subset of those like I said we're not even you know we're not known in the public repositories and those ones some of the ones we're going to be talking about here there were thousands of them we're just diving into a few families then we ran the samples once again through the z9 and it was actually part of the same process to basically say what was the family classification and so on the other ones that we detected we actually used family classifications to say this is what each one of these guys happens to be so what were some examples of the unknown where that we detected that again all the IOC s and everything are in the blog itself well the first classification was SMS fraud for those folks that aren't aware of it a Vito is a market app a Russian market app and when we actually went in and Govan and look at some of these apps we've known for for quite some time that malware authors have used the information in this online store the Oviedo online store to distribute malware via SMS and some of the samples that we came up with that's exactly what we saw when when we came up with it another bucket the whole big banker category these are you know various different things like Anubis and Bank bot and if you guys a lot of you folks are probably carry from their bank but we've spent a lot of time on Bank bot the the class the the category of bank bot even though it's becoming a bit of a misnomer because there's a whole bunch of brands that are in it where Bank bot basically does is it will it'll come on usually from it almost always from a third-party app store somebody will get a free game or utility or something inside of that is Bank bot it will use to use accessibility parts of Android but the Android closed or Google closed those and so now what it does is it uses social engineering to trick users into elevating the privileges that it has what are the differences between Android and iOS is that on Android any app can get an inventory of all the other apps that are on the best apps don't get to play with ap s but you can see the other apps that are on there on iOS the only app that's allayed I'm now to do that is an India MobileIron in tune from Microsoft workspace one those guys right but Bank bot is Android malware it tricks people into elevating is privilege and then once it does that it looks across the inventory and it says hey or anyone or by now about a thousand major brands apps on this device if the answer is yes it goes to its cnc and says they send me the template for the ones that are on there let's say to bank right then when the user goes to access that bank they double click to to open that app Bank but puts a template that looks just like that banking app on top of it user puts in their user ID and credentials then Bank bot will actually either throw up an error message and say please reenter and then disappear and you now in the app itself or it will actually take that information and log directly and for you and then disappear the second approach is really smart I hate to say it but it is because not only does it make it where you don't even notice that there's any difference they've just validated your credentials right Anubis is something that is uh then you know delivering ransomware and it's been involved in banking scams you know for quite some time it has a whole bunch of capability as I mean it can the first thing it does is disable the Google Play protect capability which is interesting in my kind of capacity because it's kind of already on there but still it can do that can take screenshots you can do all sorts of different things the interesting thing about the ones that we found is not only did we find these updated office gated you know by the way they've got a new blog post coming out some of our again wicked smart researchers have done it have created a great tool around obfuscation d obfuscation techniques so look for that if you're like a deep dive kind of person it's really interesting stuff well we found a bunch of those but you're like okay they're trying to defend themselves trying to hide they're trying to you know how to skate everything there's a bunch of these that were out there that we're older and not even obfuscated and so you kind of ask yourself how would these been not there for so long and frankly we asked ourselves how have they been out there for so long no the the funny part is people be like whoa shouldn't you have detected it well the fact is we did detect it the only reason we know that it's the Nuba sand bank bot these older versions is because we actually took the samples in and started analyzing them for similarities and in the blog it goes through all the different sorts of similarities that were actually there another classification where was you know droppers actually of course well just like they do in traditional end points they will actually drop a payload that will be designed to to basically wake itself back up later if you're if you're not familiar with HQ war it's it's been around since mmm you know 2016 something along those lines we saw a bunch of it in in 2018 but then in 2019 it's still around which is absolutely amazing it basically implements if you're not familiar with it it basically implements a wrapper and then dynamically loads an embedded payload so it's it's a you know obviously a funky little funky little dude there another classification same concept of the of the dropper but in this case risk where risk where is something that we actually have an entire service around called z3 a which is the security and privacy risks associated with a lot of these apps that are out there in this case it's actually doing things like very aggressive ad networks and other things that are very privacy impacting and then ransomware you know and again on mobile ransomware is kind of interesting there was a Chinese locker screen lock screen locker that we detected but again has been out for years and years and years and because of the fact that again apps can't play with that in some ways it's interestingly similar to Bank bots in terms of these overlays screens that in this case you you don't think you can get rid of unless you're really technically sophisticated and people will basically pay to unbreak their system even though the reality is unlike the traditional side of the world quite often the ransomware is not actually encrypting anything it's more of a it's more of a bluff from a poker standpoint well people are so used to now ransomware that they think of it so but the key to all of these as we dive in and again kind of be you know respectful of your time if you're really into the technical stuff hit the blog and you'll actually see all of the similarities that that Bay sickly painted out showed how all of these things are connected and why in this particular case like I said we were fascinated by the fact that so many of these were coming from families that have been around forever no I mentioned Google Play a few times the fact that Google is is asking us and that we're working with our partners at Google to vet everything coming into the Google Play Store I think it's really important to note that the Google Play Store actually does a really good job and I'm not just saying that because they're partners of ours they do a really good job that same mobile threat report that I mentioned beforehand the vast majority of all the Android malware comes from third-party app stores not Google Play okay so we're helping Google Play but the real issue or all these other third-party app stores all of this malware that we talked about here came from third-party app stores so when you actually that when you go back and look at it and what that what that says is you still need to do your on device protection and I mentioned that z-9 is our engine z-9 protects devices in one of two ways if you want to protect your device 100% of time against all these threats we just talked about so you use a device access and corporate resources whether it's BYOD or corporate doesn't matter its protocols zips and that stands for zi intrusion prevention system think of it as mobile EDR it sits there under some of the time detecting and responding to attacks if you have a mobile app you can take z-9 and drop it directly inside of the mobile app in that case you're not protecting the device 90% of the time your defect you're protecting that app and the session that APIs ivic tank bank bot is an example right we have customers that are using zips to protect their employees we have banking customers protect their employees but they're using Z app to protect their mobile banking apps a mobile banking app was Z app embedded would be able to detect if bank Bob just tried to do what it was doing that Bank bot is on there and then you can take steps to figure out what you want to do about that both those come into our cloud-based console this is not designed to be an entire product page a huge advantage of doing detection on devices we can work on any cloud so that's you know for instance we do a lot of stuff on Azure we're the only guys that are FedRAMP ATO that happens to be AWS cloud Google cloud back to our partners at Google and then we integrated with the largest set of you EMS we also as from a uem standpoint particularly interesting is a couple weeks ago Microsoft announced a partnership with us where we actually can work with their man's solution for view our key customers then we provide all the information in the sim so you can actually deal with these threats like the ones we're talking about z3 egg as I mentioned is the capability to talk about security and privacy risks that are not malicious but still create a risk so with that I would like to thank you I highly recommend reading the blog if you're into obfuscation D obfuscation I recommend reading the one that's coming out in the next couple days and then again if you're trying to get familiar with the space hit the the Google MTD market guy I mean the Gartner Market guide that is also available on our site so I don't see any questions I would just like to thank everybody I hope that's been helpful and I hope you have a great day