Cyber Security Project
Team:
Sukhada Kulkarni
Anoop Vintha
Yashwanth Takena
Shajay Jayaprakasan
1
Research Topics
 Smartphone Malware
 Cross-site scripting
 CloudFlare
 Social Engineering
2
Smartphone Malware
 85% of the world population uses smartphone
 Android OS to suffer more cybercriminal attacks
 Increased by 63% between 2012- 13
 Malicious Google Apps in Google play quadrupled between
2011- 13
10
5
0
60000
12.7%
Malicious Apps
Percentage of
Total Apps
15
2.7%
2011
Year
2013
42000
40000
20000
0
11000
2011
2013
Year
Source: http://www.infoworld.com/d/security/report-android-malware-and-spyware-apps-spike-in-the-google-play-store-236702
3
Different ways to hack
 Apps Downloadable from Google Play
 Constructing Malware Apps as Legitimate as possible
 More Chargeware type of Apps which employs deceptive charging
practices to siphon payments
 Targeting most addictive and popular Android games like FlappyBird
 Inserted Malware in game sends mobile related information like IMEI
number or mobile OS version number to hackers
Source:http://blog.trendmicro.com/trendlabs-security-intelligence/1730-malicious-apps-still-available-on-popular-android-app-providers/ 4
Different ways to hack
 Mobile Botnets
 Gain control of the victim’s handset, collects contact lists, phone
numbers, message details, geo-location data from the compromised
device.
 MDK Trojan, which uses Advanced Encryption Standard (AES)
algorithms to encrypt data and remain in stealthy mode and thus
closing the way for security researchers to conduct malware analysis.
 MisoSMS, mobile botnet known to steal SMS messages from the
infected phone.
5
Different ways to hack
 Mobile Banking Trojans
 Majority of mobile malware targeted user’s money and bankcards
 Zeus in the Mobile (ZITMO), designed to run on Android operating
system which steal the Mobile Transaction Authorization Numbers
(mTANs) without mobile users noticing
 Malware in QR code scanners
 MQR Codes are growing in popularity and seem to be popping
up everywhere.
 Hackers are using them to disguise the ultimate address stored in
the QR code which may lead to maliciously install malware on
devices, or direct them to questionable websites.
6
Android: SHODAN Findings
 Used Python program and the API to extract android related data
 Performed penetration testing to check for Android devices which
are vulnerable
SEARCH CRITERIA
RESULTS
Mobile Phones found on Shodan
478111
United States
7290
Android os
8940
Android (200)
5600
Android authenticate (401)
1595
Android last modified www-authenticate (403)
76
7
Android: HackerWeb Analytics
Android Related Posts
Author Rankings
Rank
1
2
3
4
5
6
7
8
9
10
AuthorName
virus_c
karlos
Tech-Bot
NiTrOwow
The System
Hess
Rein0
delphifocus
LeFF
DrunKnHack0r
Forum
vctool
vctool
vctool
hackhound
elitehack
hackhound
elitehack
hackhound
hackhound
vctool
Reputation
score
8
5
0
676
5
320
9
42
286
0
Number Of
Posts
59
16
13
10
9
8
5
5
4
4
8
Cross Site Scripting
 Cross-site scripting was revealed
as the most common weakness
making up to 55% of
vulnerabilities in 2013.
 Cross-site scripting is increasingly
common in the cloud computing
world, up more than 160% in the
fourth quarter of 2012.
Incident Frequency
9%
31%
16%
35%
9%
 Cross-site scripting has become
the most common security
vulnerability with 68% of websites
as likely open to XSS attacks.
9
Findings from Shodan
 The following logic is used to decide if the site is secured
or not:
X-XSS-Protection: 1; mode=block Site is secured
X-XSS-Protection: 0
Site is not secured
 Using Sodan search, we found sites which are not
secured by finding the string “X-XSS-Protection: 0 across
the various sites. The distribution of the unsecured sites
was plotted using the data collected.
10
Findings from HackerWeb
 The theme breakdown shows common motives behind
the exploited cross site scripting.
Themes Breakdown
Identity theft
Accessing restrictive information
Free access to paid services
Altering browser functionality
Spying web browsing habits
Denial of Service attacks
11
CloudFlare Security
 CloudFlare provides performance and security for any website.
Hundreds of thousands of websites use CloudFlare
 CloudFlare is neither hardware nor software. It works at the DNS level
 CloudFlare learns from data, it tracks traffic and any sudden
change/increase is investigated to asses whether it is legitimate or an
attack.
12
CloudFlare IP Resolvers
 From Hacker Web posts we found some of the ways to hack cloudflare
and get the website real IP address. A quick way to get the real IP off of
any forum which uses CloudFlare DDoS protection
 Go to http://iplogger.org/getnewid.php and copy the 3rd link in the
boxes
 Go to any forum where you can change your avatar.
/usercp.php?action=avatarStep
 Paste the image url retrieved from IPLogger earlier and click on change
avatar.
 Get back to IPLogger and click "View Log." button. This forwards to a
statistics page where real IP address can be found.
13
CloudFlare Hacker’s Solution
The following steps can ensure proper protection and does not allow any
malware into the cloudflare community
 Go to CloudFlare.com, login to your account and add your domain to
account.
 It scans all your DNS Records and let you update name servers to
cloudflare’s
 Update your name servers and wait for cloudflare to activate. Wait for
CloudFlare to activate your domain (You will get an email when it is
done).
 Go Login to your cloudflare account
 Click the gear beside your domain name and click DNS settings
 Delete all the records except these two and click on I'm done
14
CloudFlare: HackerWeb Analytics
CloudFlare Related Posts
Author Rankings
Rank
1
2
3
4
5
6
7
8
9
10
AuthorName
NiTrOwow
virus_c
Hess
Ravage
Neelix
0l1v3r Q33n
Nighthawk
tezhost
lucienx
EviL.rOmina
Forum
hackhound
vctool
hackhound
hackhound
hackhound
elitehack
anon
vctool
vctool
elitehack
Reputation
Score
676
8
320
534
356
4
0
0
0
18
Number of
Posts
10
4
3
3
2
2
1
1
1
1
15
Sentiment Analysis: Threats
Entities Sentiment Breakdown
 Analysis of hackerweb 14
12
forums reveal IP resolver
10
and DDoS attacks are 8
6
mostly talked about
4
 Text analysis is done to
find what kind of
attacks is Cloudflare
mostly prune to
2
0
 HackerWeb forums
analyzed: Vctool, Anon,
elitehack, hackhoud,
icode
cloudflare
hosting provider
Positive
CloudFlare IP
resolver
Neutral
cloudfare ddos
CloudFlare
Hacked
Negative
Themes Breakdown
cloudflare
hosting provider
CloudFlare IP resolver
cloudfare ddos
CloudFlare Hacked
16
Social Engineering
 Popular tool for cybercriminals to get hands on
confidential information
 The attack vector is a combination of
psychological and technical ploys
 Social engineering attacks are on the rise, 48 percent of large
companies have been targeted past 2 years
 The volume and sophistication of the mobile threats are also
increasing. The mobile world makes it much easier for hackers to
monetize attacks.
17
Sentiment Analysis: targets
 Analysis of hackerweb
forums reveal financial
services such as bank
accounts are the
primary targets
 Retail outlets payment
services and email
accounts follow closely
in the list
Entities Sentiment Breakdown
10
8
6
4
2
0
Bank Accounts Retail Outlets Email accounts
Positive
Neutral
Facebook
Microsoft
Negative
 HackerWeb forums
analyzed: Vctool, Anon,
elitehack, hackhoud,
icode
18
Sentiment Analysis: Medium
 Software and Internet are
the primary channel of
attacks
 Phone and SMS Phishing
has also surged in the past
few years.
 The common targets of
social engineering are
students, corporate
executives, countries and
religious groups.
19
References

http://midsizeinsider.com/en-us/article/mobile-applications-the-launch-pad-for

http://www.zdnet.com/banking-trojans-emerge-as-dominant-mobile-malware-threat-7000026707/

http://www.infoworld.com/d/security/report-android-malware-and-spyware-apps-spike-in-the-googleplay-store-236702

http://tech.firstpost.com/news-analysis/android-malware-increasing-tips-protect-phone-218395.html

https://www.cloudflare.com/

http://arstechnica.com/security/2014/02/biggest-ddos-ever-aimed-at-cloudflares-content-deliverynetwork/

http://shodanio.wordpress.com/2014/01/13/shodan-google-spreadsheets/

https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-SchearerSHODAN.pdf

https://www.virusbtn.com/index
20