{"id":2147,"date":"2015-12-18T12:44:34","date_gmt":"2015-12-18T10:44:34","guid":{"rendered":"http:\/\/sseblog.ec-spride.de\/?p=2147"},"modified":"2015-12-18T12:44:34","modified_gmt":"2015-12-18T10:44:34","slug":"mcafee-threat-report","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/12\/18\/mcafee-threat-report\/","title":{"rendered":"SSE Group contributes to McAfee&#8217;s Q4 Threat Report"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_2147 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_2147')){$('.twoclick_social_bookmarks_post_2147').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2015\\\/12\\\/18\\\/mcafee-threat-report\\\/\",\"post_id\":2147,\"post_title_referrer_track\":\"SSE+Group+contributes+to+McAfee%26%238217%3Bs+Q4+Threat+Report\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>As a follow up to our <a href=\"http:\/\/sseblog.ec-spride.de\/2015\/11\/blackhat\/\">BlackHat EU 2015 presentation<\/a> about benign applications not securing user data in the cloud (Backend-as-a-Service) we also looked into malicious applications whether we can find similar data leakages. In a collaboration\u00a0with McAfee Security Lab (Intel Security Lab) we analyzed 294,817 malware-laden mobile apps and found that 16 of them are connected with vulnerable Backend-as-a-Service instances implemented in Facebook Parse. Since the malware authors did not secure the backend (BaaS-backend) securely we\u00a0had access to\u00a0the complete database\u00a0including Command&amp;Control (C&amp;C)\u00a0communications and tasks for victims. This gave us very interesting insights\u00a0about current state-of-the-art C&amp;C communication\/protocols in the context of mobile malware.<br \/>\nThe results were presented at VirusBulletin 2015 and AVAR 2015. More details can be looked up\u00a0from our <a href=\"http:\/\/www.ec-spride.tu-darmstadt.de\/fileadmin\/user_upload\/Group_EC_Spride\/secsofteng_group\/documents\/siegfriedrasthofer\/AVAR2015_AndroidBankingTrojansExposingSinsCloud-whitepaper.pdf\">whitepaper<\/a> and the <a href=\"http:\/\/www.ec-spride.tu-darmstadt.de\/fileadmin\/user_upload\/Group_EC_Spride\/secsofteng_group\/documents\/siegfriedrasthofer\/AVAR2015_AndroidBankingTrojansExposingSinsCloud-slides.pdf\">corresponding slides<\/a>. This\u00a0project is also part of McAfee&#8217;s Q4 <a href=\"http:\/\/www.mcafee.com\/us\/resources\/reports\/rp-quarterly-threats-nov-2015.pdf\">Threat report<\/a>.<\/p>\n<p>Media report:<\/p>\n<ul>\n<li><a href=\"http:\/\/www.darkreading.com\/partner-perspectives\/intel\/investigating-mobile-banking-attacks-\/a\/d-id\/1323569\">Darkread<\/a> [12\/15\/2015]<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>As a follow up to our BlackHat EU 2015 presentation about benign applications not securing user data in the cloud (Backend-as-a-Service) we also looked into malicious applications whether we can find similar data leakages. In a collaboration\u00a0with McAfee Security Lab &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2015\/12\/18\/mcafee-threat-report\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6581,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,51,61],"tags":[],"class_list":["post-2147","post","type-post","status-publish","format-standard","hentry","category-android","category-security-analysis","category-security-vulnerability"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/2147","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6581"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=2147"}],"version-history":[{"count":0,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/2147\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=2147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=2147"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=2147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}