Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak...

Cyber Security Issues inSouth Korea andCSIRTs Cooperation

September 17, 2014Eunju Pak

[email protected]@krcert.or.kr

[email protected]

AGENDA

01LATEST NEWS

02PHARMING

03SMS PHISHING

04CONCLUSION

01Latest News

4

01. Latest News

2014-09-17

A GROUP OF CYBER FRAUD CRIMINALS WAS ARRESTED

Unfair Profits 1 Billion KRW

Victims’ financial information stolen Money withdrawn money from their bank accounts

Cased by Phishing site, Pharming site and SMS Phishing

02Pharming Case

6

02. Pharming Case

2014-09-17

Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May2013 Y 2014 Y

0

200

400

600

800

1,000

Phishing/Pharming Sites in South Korea

Public Banking Others

Jan Feb Mar Apr May2014 Y

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Dropper PharmingSteal Infected PC's info Others

Types of Malwares in South Korea

Constant increase in the number of Phish-ing/Pharming Sites in South Korea

7

02. Pharming Case

2014-09-17

Pharming Incident?InfectionWeb defacement

8

02. Pharming Case

2014-09-17

Pharming Incident?

Falsificationhosts.ics falsified

9

02. Pharming Case

2014-09-17

Pharming Incident?Information Leak Victims’ bank account information

leaked

10

02. Pharming Case

2014-09-17

JPCERT/CC’s ASSISTANCE NEEDED!

2011 2012 2013 1H 2014

Statistics of Japanese IP misused

Japanese IPs misused by Korean Pharming cases

SOS to JPCERT/CC

What JPCERT/CC is Doing:Analyzing malwaresMonitoring servers distributing hosts.icsDiscussing with relevant ISP (i.e Blocking sites)

03SMS Phishing Case

12

03. SMS Phishing Case

2014-09-17

The more smartphone users are, the more SMS Phishing damages

increase

2012Y Jan

2012Y Jun

2012Y Dec

2013Y Mar

2013Y Jun

2013Y Dec

2014Y Mar

2014Y Jun

23,763,087

39,046,720

The number of Smart Phone users in South Korea

2012Y 2013Y FH. 2014Y

569M

5,733M

330M

Source : NPAUnit : KRW

Damaged Amount of SMS Phishing in South Korea

13


2014-09-17

Text Message Received

SMS Phishing Incident?

Promotion Coupon(for free)

Link to the URLAdd bookmarkCopy the text

Downloading Do you want to install?

14


2014-09-17

① Check Normal Banking Apps

Malicious Application Installed


15


2014-09-17

② Download the Additional Malicious Application



16


2014-09-17

③ Require Financial Information



17


2014-09-17



④ Send away PKI folder, financial Information to specific email address

182014-09-17


What KrCERT/CC is Doing: Providing CNCERT/CC with email addresses, related evidences, samples

Requesting takedown of related email addresses

What CNCERT/CC is Doing:Analyzing and Verifying malware samplesCoordinating with relevant service provider to takedown the misused email addresses

Chinese Famous Portal E-mail addresses are misused for Korean SMS Phishing incidents

CNCERT/CC’s ASSISTANCE NEEDED!

192014-09-17

04. Cooperation

Web Browser Notification to Infected PC Users : Received infected IP list from trusted organization and part-ners

Web browser notification to infected PC users

Respond CVE-2014-0515(Adobe Flash Player) : Received malware distributing URLs, suspicious URLs

Request for proper actions to the distributing URLs

Support technical measures, extract & analyze logs

Web browser notification to infected PC users

What KrCERT/CC is doing for Global Collab-oration:

WAIT!!!Remove mal-

ware from your PC

04Conclusion

212014-09-17

04. Conclusion

Actions Required

Each CSIRT has different capacities, rules,…

Each CSIRT team’s circumstances to be ex-plored

Seek Ways to collaborate toSupport Incident HandlingDevelop Information Sharing Protocol

22

04. Conclusion

Asia Pacific Computer Emergency Response Team

Forum of CSIRTs/CERTs in Asia Pacific region since 2003To help create a SAFE, CLEAN and RELIABLE cyber space in the Asia Pacific region through global collabora-tionAPCERT will maintain a trusted contact network of computer secu-rity experts in Asia Pacific region to improve the region’s aware-ness competency in relation to computer security incidents

2014-09-17

감사합니다THANK YOU

Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak...

Documents

Transcript of Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak...