ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
TRANSCRIPT
![Page 1: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/1.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Mobile Threat Detection usingOn-Device Machine Learning Engine
Mark Szewczul, CISSP
IoT Security Architect
Zimperium, Inc.
11/10/2017
![Page 2: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/2.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Rhetorical Questions
• How many of you carry a Smartphone or a Tablet?
• How many have access to corporate information?
![Page 3: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/3.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
• How many believe that your mobile is completely safe?
• How many of you would know if it was not?
Not-so-Rhetorical Questions
![Page 4: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/4.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Mobile Is the New PC
![Page 5: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/5.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Mobile Is the New PC
Source: “Mobile Advertising Forecast, 2016”, Zenith
Global Internet Consumption: Desktop vs MobileMinutes per day
2014 ‘16 2018
26.90
40
60
80
100
112.9
Mobile Internet
Desktop Internet
![Page 6: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/6.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Mobile Compromise → → Risk to Enterprise
Emails Pictures Company
Confidential
files
Technology Contacts Calendar
Credentials
Assets Access
Servers
Document
Repositories
Enterprise
Apps
Corporate
Servers
Further
compromise
…
Avoid the ripple effect...
![Page 7: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/7.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
The Threat Is Real.
And It Is Everywhere
![Page 8: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/8.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Malicious App
![Page 9: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/9.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Install app from
third party storePermissions abuse Exploit executed Leak data
Used as pivot to
internal network
Ap
p
Ap
p
Malicious AppM o b i l e T h r e a t s A r e R e a l …
Ap
p
ALLOW
![Page 10: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/10.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
iOS Profile
![Page 11: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/11.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Consultant that goes in
and out of client networks
Doesn’t like client network
restrictions on-site
Installs “free” VPN profile
to bypass restrictions
Installs SSL cert to encrypt
/ decrypt device traffic
All company data is
decrypted to the hacker
client3_wifi
CONNECTED!
client1_wifi
client2_wifi
client3_wifi
client4_wifi SSL
CERT
iOS ProfileM o b i l e T h r e a t s A r e R e a l …
![Page 12: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/12.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Wi-Fi MITM
![Page 13: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/13.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
At a coffee shop
near an officeWi-Fi MITM Redirect to phishing page Data exploit
Access to cloud
source data
coffee_wifi
CONNECTED!
LOGIN
Wi-Fi MITMM o b i l e T h r e a t s A r e R e a l …
![Page 14: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/14.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Silent Device Exploit
![Page 15: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/15.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Phone on table
while you sleep
MMS sent to
dormant device
MMS
processed
Device
compromised
Persistence for
targeted attack
New
Message
Received!
Silent Device Exploit (e.g., Stagefright)M o b i l e T h r e a t s A r e R e a l …
Exploit
executed
Privilege
elevation
![Page 16: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/16.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
The Threat is Real… & Pervasive
Network Attacks:
10% of Devices
Source: “1Q/2017 Global Threat Intelligence”, Zimperium
Malicious Apps:
11% of Devices
Dangerously Configured
Devices:
12% of Devices
Vulnerable (e.g., Out of Date OS,
Leaky App…):
87% of Devices
![Page 17: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/17.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
The Threat Is Real.
What does a CISO do?
![Page 18: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/18.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Two Areas of Consideration
1. Manage Risk with Conditional Entitlement
2. Active Threat Defense
![Page 19: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/19.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
z9™ Detection Engine uses machine learning to provide
real-time, on-device protection against both
known & unknown threats
Network
Attacks
Application
AttacksDevice
Attacks
On-Device ML DETECTION ENGINE
![Page 20: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/20.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
STAGES of Cyber Kill Chain
• Stage 1 – Reconnaissance
• Stage 2 – Network Manipulation
• Stage 3 – Delivery
• Stage 4 – Command & Control
• Stage 5 – EOP
• Stage 6 – Data Exfiltration
![Page 21: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/21.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Compromised
Data Exfiltration
Privileges Elevation
OS / Kernel Exploit
EOP
Get Reverse Shell
Exploit
Command & Control
Social Engineering
Delivery
Malware
Intercept Traffic
MITM
Network Manipulation
Scan (IPv4/IPv6)
Target discovery
Coffee
Shop
Connect
to Wi-Fi
Found
Infection
Run Cleaning
Tool
Check
Emails
2 3 4 5 6
Download
Attachments
Recon 1
![Page 22: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/22.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Let’s Attack !
![Page 23: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/23.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Q & A
![Page 24: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/24.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
24
Thank you !
![Page 25: Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul](https://reader031.vdocuments.net/reader031/viewer/2022030318/5a67762c7f8b9a656a8b5431/html5/thumbnails/25.jpg)
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5
Mark Szewczul, CISSP, is an IoT Security Architect at Zimperium with over 20 years of experience from Semiconductor, Telecom/Datacom, and Computing sectors. He currently is Director of Marketing at the Dallas/Fort Worth Cisco Users Group, has led the IEEE-Electromagnetic Compatibility Society and co-founded the IEEE-Consumer Electronics Society, both in Dallas. Along the journey, he has mastered design, testing, integration and deployment of numerous systems. His passion entails implementing best practices of security and privacy principles at all 7-layers and beyond. He has his MS in Information Science and Systems from Texas A&M University and 3 patents.
[email protected]@vslick1
469-996-7942
About me