Field of the Invention
The present invention relates to a system and method for analyzing mobile cyber incidents, and more particularly, to a system and method for analyzing mobile cyber incidents that checks whether codes attacking the weaknesses of mobile users are inserted into collected URLs and whether applications are downloaded and automatically executed, without the agreement of users.
Background of the Related Art
Recently, mobile terminal users have been drastically increased. The populations using mobile terminals in the first quarter of 2014 reach about 6.8 billion all over the world, and especially, the number of new mobile users in 2013 is 2 billion. The mobile terminal users are drastically increased because internet is freely used without any limitations in time and space and the friendliness among the users is improved through services like SNS. Further, they obtain many conveniences like financial service availability, free service coupons issuing and so on through simple procedures.
Recent mobile terminals, which provide conveniences through various applications and support fast internet services, are called ‘smartphones’.
Such smartphones store and manage various kinds of personal information. That is, they store telephone numbers, text messages, bank account numbers for financial services, password numbers, authenticated certificates, card numbers and the like.
Like this, since the smartphones store various kinds of personal information therein, they may be attacked by hackers, but unfortunately, the smartphone users do not recognize the attacks from the hackers well.
According to Kaspersky Lab, PC and mobile malicious code analyzing company, the mobile malicious codes found in the second quarter of 2014 are 65,118, and the APK files installing the malicious codes are 727,790.
The malicious codes operating for mobile banking among the mobile malicious codes are 2,033. The number of total mobile malicious codes is lower than that in the first quarter of 2014, but the number of mobile banking malicious codes is greater by two times than in the first quarter of 2014. More than 90% of the mobile banking malicious codes are found in Russia, and even in Korea, 30 mobile banking malicious codes are detected.
Accordingly, the incidents using the mobile malicious codes have been increased, and they are handled with mobile vaccine. The mobile vaccine analyzes the mobile malicious codes, creates information for detecting the mobile malicious codes, transmits the information to a user, and provides a function of detecting the malicious codes. However, actually, most of mobile users do not use the mobile vaccine.
According to Korea Internet & Security Agency, it is investigated that only about 33.5% of the mobile terminal users adopt mobile vaccine. So as to make a vaccine signature detecting mobile malicious codes, specific information on the malicious codes should be extracted through manual analysis of analyzers. Further, a method for deleting the detected malicious codes should be found and sent to the user.
However, lots of systems for collecting the mobile malicious codes to be checked do not exist. At present, the mobile applications suspected on malicious behaviors are received from a user or the applications suspected in application market are collected. The systems for collecting the mobile malicious codes by means of the sharing of the application through downloading, black markets and blogs have been not sufficient. Accordingly, the attackers who spread the mobile malicious codes insert download link into web sites or connect application download addresses through SMS/MMS.
Moreover, the collected applications are analyzed directly by analyzers, and accordingly, the number of collected applications to be analyzed is limited. The system assisting the analysis has been recently developed as a tester, and further, the determination whether malicious behavior exists in the analyzed results of the system has to be made by the analyzers.