MWC 2015 – That’s A Wrap!

Another Mobile World Congress (MWC) has come to a close. As we travel home from Barcelona and settle back into our normal routines, we can’t help but reflect on what was an exciting and packed four days at MWC.

At Intel Security, we discussed the future of mobile technology, top mobile trends for 2015, and even shared news of some of our great new mobile apps! Thanks to everyone who stopped by the booth, participated in one of our demos, or played our #LockItDown contest.

But the fun didn’t stop there! All of MWC was abuzz with news of the latest innovations from vendors across the globe. In case you weren’t able to keep track of all the news, we’ve made things easy by providing you with a recap of the top trends and news.

IMG_1462

The Future of Mobile Technology

In my previous blog, I predicted we’d see buzz around mobile payment systems, security apps and wearables at MWC. And boy, did those predictions turn out to be true!

This year, we saw a slew of smarter smartphones, a heavy push toward 5G mobile networks, and sleeker, more refined versions of existing technology.

Another non-surprise: the omnipresence of wearables. From smart watches and ‘invisibility glasses’ to virtual reality headsets and fitness bracelets designed for business executives, we saw it all. Pretty soon there will be a need for a wearables-only Fashion Week!

Vendors also cashed in on mobile payments, and it seems that existing payment systems now have some tough competition ahead. News of payment systems for Galaxy phones and Android devices surfaced, leaving us all curious to see how the mobile payment competition will play out. 

Mobile Security is Better Together

As noted in the McAfee Labs™ February 2015 Threats Report, mobile malware is on the rise, and this year at MWC, mobile vendors certainly stepped up their security game!

And as part of our own efforts to reduce that trend, we announced a joint effort with Samsung to provide built-in security software on the new Galaxy S6 and Galaxy S6 Edge devices.

Now, when you purchase a Galaxy S6 or S6 Edge device, it will come pre-loaded with McAfee VirusScan Mobile™, the anti-malware technology from Intel Security. This will provide users with a more secure online mobile experience.

We also announced an extended partnership with LG Electronics to help secure your personal data. McAfee® Mobile Security will be available on the LG Watch Urbane LTE so users can track, lock, and wipe their device in the event that it is stolen.

Finally, we discussed the steps we are taking to advance True Key™ by Intel Security. With new customers such as Brightstar Corp, Deutsche Telekom and Prestigio, we are taking True Key global and ensuring that all have access to its powerful identity management technology.

Mobile World Congress may have gone by in a flash, but the innovations coming out of it are sure to be long-lasting. Let’s get back to the drawing board and put our mobile minds to work so we can aim higher and achieve even more next year, at MWC 2016!

As always, for the latest updates on mobile security, make sure to follow @IntelSec_Home on Twitter and Like us on Facebook.

lianne-caetano

Dyre Targets More Websites

The Dyre Trojan has expanded its attack vectors, aiming to harvest sensitive data from an expanding list of targeted websites.

Previously, Dyre had been known to seek out banking credentials as its primary targets, but ThreatTrack Security Labs researchers recently discovered multiple new types of domains, which have become part of Dyre’s standard target index.

While Dyre has added more file hosting and email domains to its attack list — pretty standard fodder for redistributing itself via malware — it has now appended a few new types of domains, including popular job hunting, file hosting, tax services, online retail and Internet Service Provider (ISP) websites.

Labs researchers used Wireshark to monitor Dyre’s TCP connections.

TCP snapshot of Dyre sending the contents of an HTTPS connection to Dyre’s server

The Labs team was then able to acquire configuration data from an active infection. Click here for the configuration file they pulled.

Based on experience in the field and initial investigations into these new targets, our Labs team has compiled the following list of potential reasons for attack:

FILE HOSTING

Could be used to register new sites and modify existing ones. Likely used for hosting malware.

  • iweb.com
  • lunarpages.com
  • networksolutions.com
  • godaddy.com
  • hostgator.com
  • bluehost.com
  • enom.com

JOB HUNTING

Gathering identity information, campaign templates or targets.

  • glassdoor.com
  • monster.com
  • indeed.com
  • simplyhired.com
  • careerbuilder.com

E-COMMERCE

Acquiring hardware and user information.

  • newegg.com
  • sellerportal.newegg.com

GENERAL INFORMATION

Site records for targeting, templates and other attacks.

  • accurint.com
  • thomsonreuters.com
  • stamps.com

CORPORATE MAILING

Can aid in email distribution of malware or other attacks.

  • mailchimp.com
  • mandrillapp.com

INTERNET SERVICE PROVIDERS

Enterprise account information used for further targeting or templates, data gathering, access corporate data and similar purposes.

  • wireless.att.com
  • smb.att.com
  • businessdirect.att.com
  • verizonenterprise.com
  • verizon.com

INCOME TAX SERVICES

Personal income and account information, due to the nearing proximity of tax season.

  • turbotax.com
  • intuit.com
  • hrblock.com

Defend Yourself Against Dyre

End users should be reminded not to open attachments without regard for security. Dyre is often triggered via infected .zip files (containing Upatre) and .pdf attachment exploits.

For help educating users, reference Users Beware: 10 Security Tips to Share with Your Users.

Disclaimer

The information presented in this post may contain names and images associated with real companies. There is no evidence that any of the sites mentioned have been compromised. Users with computers infected with Dyre may be at risk of having their personal information stolen when visiting these sites. 

Credit: Matthew Mesa, Malware Researcher, ThreatTrack Security Labs

Share via email Share

ThreatTrack Security Labs
About Author

ThreatTrack Security Labs is the power behind the malware analysis, detection and remediation technologies developed by ThreatTrack Security. From facilities in the United States and the Philippines, our team of cybersecurity professionals, malware researchers, engineers and software developers work around the clock to discover and combat Advanced Persistent Threats, targeted attacks, Zero-days and other sophisticated malware. The company develops advanced cybersecurity solutions that Expose, Analyze and Eliminate the latest malicious threats, including its ThreatSecure advanced threat detection and remediation platform, ThreatAnalyzer malware behavioral analysis sandbox, ThreatIQ real-time threat intelligence service, and VIPRE business antivirus endpoint protection. Learn more about ThreatTrack Security.

MWC 2015: All About the Apps

Mobile World Congress (MWC) is officially underway in beautiful Barcelona! One thing we can already tell from day one of MWC? This year, it’s all about the apps.

And with that, we are excited to announce three of the latest mobile apps from Intel Security, as seen on display at MWC this week. Read on to learn more about each one.

Intel Security Battery Optimizer

Tired of looking at your smartphone midday only to see the battery is completely drained? We can relate!

The Intel Security Battery Optimizer is an energy saving Android app that provides you with accurate battery usage allowing you to manipulate and extend the battery life of your mobile device. Battery life is displayed down to the minute so you can more effectively track usage and identify which apps are draining your battery the most.

Another unique feature of Battery Optimizer is that it extends call time on a low battery device. For example, if you’re on a call and have less than 20 minutes of life left, it will prompt you with an alert. The alert then provides you with the option to extend the length of a call by shutting off other, non-core apps that are draining battery life in the background.

Intel Security File Protect

In today’s highly connected world, consumers are carrying their personal lives on their devices. So how can they ensure this sensitive information stays protected? Here’s where Intel Security File Protect comes in.

File Protect is an Android privacy app that provides reliable encrypted protection for sensitive information across all of your devices and favorite cloud storage services. By linking File Protect to your preferred cloud storage provider, you can rest assured that your data is safely encrypted in the cloud.

Want to snap safe photos on the go? File Protect can handle that as well! Switch to the “Secure Snap” mode and all of the photos you capture will be automatically encrypted and sent to File Protect for storage.

True Key™ by Intel Security

True Key™ by Intel Security is an easier and safer way to unlock your digital world. You can access your apps and websites without the hassle of having to remember, create or type in multiple passwords – with the True Key app, you are the password.

Log in using things that are unique to you, such as your facial features—the distance between your eyes and nose, a fingerprint, or even a device you own. From there, True Key helps make your current passwords stronger with it’s password generator, remembers them and instantly logs you in, so you don’t have to.

True Key is currently available through a limited release and will be generally available later in the year. You can request early access at www.truekey.com to join the waitlist.

Don’t miss the chance to see each of these apps in person, during demos at the Intel booth in Hall 3, Stand #3D30 this week at Mobile World Congress. And if you need more incentive to visit the stand, swing by to learn how you could get a free, 1-year premium subscription of True Key!

Stay tuned for more Mobile World Congress updates from Intel Security by following @IntelSec_Home on Twitter, Liking our page on Facebook, and checking back here on the blog.

lianne-caetano

We’re Going to Change the Way You Think About Mobile Security

Finally, I can go to Mobile World Congress (MWC) without having to sacrifice a visit to the RSA Conference in San Francisco.  It’s always an interesting experience to go to a technology conference and be the unpopular security guy.

What is certain is that this year we’re going to see a vast range of new hardware and software offerings, from trendy wearables to televisions  that record and transmit our every conversation.

We are also certain that the number of features in these new mobile devices is even longer than before, but there exists uncertainty whether these devices of tomorrow elicit the level of trust we need in the future. Without the level of trust we need it does raise the question of whether should even exist? Or should they even be launched to the market at all?

There can be no doubt that our reliance on mobile technology is now absolute. That tipping point passed some time ago (probably about the same time that the term “tipping point” became uncool). Whether we’re working, resting or even sleeping, there is an app, a device or a connected thing tracking us, nudging us or attempting to make our lives easier. Remembering a time when this wasn’t the case is actually getting quite hard.

The nagging issue here though is that the industry’s approach to security (and therefore consumers’ and businesses’ approach to security) just hasn’t caught up with this infinitely connected world.

At MWC 2015 we are planning to change this approach so that we’re reinstating a level of trust and enablement for technology and services that are used in everyday and business life. We have got some incredibly exciting news lined up that will show how some parts of the industry are already beginning to make that change. We think that this is just the tip of the iceberg though.

Our announcement of True Key™ by Intel Security back at CES is another demonstration that we have to think differently about the security challenges posed in a mobile world. Password-based security seems to present more headaches than it solves with so many of the high-profile breaches circumventing these basic measures. During MWC we’ll begin to reveal more details about True Key and how it is being used to change the way that we’ll secure mobile.

raj-samani

Connect with me on Twitter:  @raj_samani