CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert...
Transcript of CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert...
![Page 1: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/1.jpg)
CYBER FRAUDTHE NEW FRONTIERS
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC
Principal Consultant
2014 Asia-Pacific Fraud ConferenceNovember 17th 2014 @ Hong Kong
![Page 2: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/2.jpg)
WHO AM I?
• Spoken at Black Hat, High Tech Crime Investigation Association (Asia Pacific Conference), and Economist Corporate Network.
• Risk Consultant for Banks, Government and Critical Infrastructures.
• SANS GIAC Advisory Board Member.
• Co-designed the first Computer Forensics curriculum forHong Kong Police Force.
• Former HKUST Computer Science lecturer.
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC
Principal Consultant
![Page 3: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/3.jpg)
FOCUS
• Cyber Fraud
• External Fraud
• Mechanisms and Facilitators
![Page 4: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/4.jpg)
AGENDA
Overview of 2 Prominent Fraud Scenarios
• Phishing / Whaling
• Man-in-the-Browser
Monetization
• Hacker Supply Chain
• Underground Economy
• Money Laundering
Cyber Security Countermeasures
![Page 5: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/5.jpg)
PHISHINGFROM AN END-USER PROBLEMTO A CORPORATE PROBLEM
![Page 6: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/6.jpg)
CLASSIC PHISHING SCAM:NIGERIAN LETTER
![Page 7: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/7.jpg)
ADVANCED FEES SCAMIS 200+ YEARS OLD
“Spanish Prisoner” scam letter from 1905
![Page 8: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/8.jpg)
PHISHING EVOLUTION
more targetedmore transparent
spear phishing
phishing
whalingpharming
![Page 9: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/9.jpg)
WHALING EXAMPLE
trojan
![Page 10: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/10.jpg)
CLASSIC PHISHING AND WHALING COMPARED
Classic Phishing
• Ridiculous contents
• Opportunistic
• Straight-forward financial scam
Whaling
• Make-Believe contents
• Targeted
• Lateral compromises possible,often leads to corporate espionage
![Page 11: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/11.jpg)
CYBER KILL CHAIN
Recon Weaponize Deliver Exploit Install C2 Action
![Page 12: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/12.jpg)
MONETIZATIONTURNING EXPLOITS INTO CASH
![Page 13: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/13.jpg)
SOME MONETIZATION POSSIBILITIES
bank accounts
computer
file server
customer data stored values(e.g. Q-coins, Taobao credit)
credit cards
![Page 14: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/14.jpg)
MAN-IN-THE-BROWSER ATTACK:SPOOFED SCREENS
trojan (e.g. Zeus)
![Page 15: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/15.jpg)
MAN-IN-THE-BROWSER ATTACK:REAL-TIME REDIRECT
trojan (e.g. Zeus)
![Page 16: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/16.jpg)
FOOD CHAIN
Fraud Rings(can launder money
“safely”)
Hackers(cannot)
![Page 17: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/17.jpg)
MONEY LAUNDERING
![Page 18: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/18.jpg)
MONEY MULES
![Page 19: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/19.jpg)
STORED VALUES
![Page 20: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/20.jpg)
HACKER SUPPLY CHAIN
Anon Payment
Hacker Tools /
Bulletproof Hosting
MonetizationImplications
• Sophisticated attacks now available to non-experts
• Lower breakeven point for attacks
• More “worthwhile” targets
![Page 21: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/21.jpg)
ECONOMY
![Page 22: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/22.jpg)
BITCOIN FOR MONEY LAUNDERING
Dark Wallet
CoinJoin
![Page 23: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/23.jpg)
HIDDEN INTERNET
Dark Net / Deep Web Silk Road
The OnionRouter
![Page 24: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/24.jpg)
CYBER SECURITY COUNTERMEASURES
![Page 25: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/25.jpg)
PHILOSOPHY
Defender’s Dilemma
• Must secure all possible vulnerabilities
Intruder’s Dilemma
• Must evade all detections
Reason’s Swiss Cheese ModelPicture from NICPLD
![Page 26: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/26.jpg)
ESSENTIALS FOR DETECTING CYBER ATTACKS
• Layered defense-in-depth
• Redundant security (e.g. two different brands of FWs)
• Security event correlation (e.g. SIEM)
• Trustworthy logging
• Up-to-date threat intelligence
• Security awareness and reporting channel
• Incident response capability (e.g. CSIRT)
![Page 27: CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed16d6101419341f95fc0db/html5/thumbnails/27.jpg)
ANY QUESTIONS?
??