Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak...

23
yber Security Issues in outh Korea and SIRTs Cooperation September 17, 2014 Eunju Pak [email protected] [email protected] [email protected]

Transcript of Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak...

Page 1: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

Cyber Security Issues inSouth Korea andCSIRTs Cooperation

September 17, 2014Eunju Pak

[email protected]@krcert.or.kr

[email protected]

Page 2: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

AGENDA

01LATEST NEWS

02PHARMING

03SMS PHISHING

04CONCLUSION

Page 3: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

01Latest News

Page 4: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

4

01. Latest News

2014-09-17

A GROUP OF CYBER FRAUD CRIMINALS WAS ARRESTED

Unfair Profits 1 Billion KRW

Victims’ financial information stolen Money withdrawn money from their bank accounts

Cased by Phishing site, Pharming site and SMS Phishing

Page 5: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

02Pharming Case

Page 6: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

6

02. Pharming Case

2014-09-17

Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May2013 Y 2014 Y

0

200

400

600

800

1,000

Phishing/Pharming Sites in South Korea

Public Banking Others

Jan Feb Mar Apr May2014 Y

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Dropper PharmingSteal Infected PC's info Others

Types of Malwares in South Korea

Constant increase in the number of Phish-ing/Pharming Sites in South Korea

Page 7: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

7

02. Pharming Case

2014-09-17

Pharming Incident?InfectionWeb defacement

Page 8: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

8

02. Pharming Case

2014-09-17

Pharming Incident?

Falsificationhosts.ics falsified

Page 9: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

9

02. Pharming Case

2014-09-17

Pharming Incident?Information Leak Victims’ bank account information

leaked

Page 10: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

10

02. Pharming Case

2014-09-17

JPCERT/CC’s ASSISTANCE NEEDED!

2011 2012 2013 1H 2014

Statistics of Japanese IP misused

Japanese IPs misused by Korean Pharming cases

SOS to JPCERT/CC

What JPCERT/CC is Doing:Analyzing malwaresMonitoring servers distributing hosts.icsDiscussing with relevant ISP (i.e Blocking sites)

Page 11: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

03SMS Phishing Case

Page 12: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

12

03. SMS Phishing Case

2014-09-17

The more smartphone users are, the more SMS Phishing damages

increase

2012Y Jan

2012Y Jun

2012Y Dec

2013Y Mar

2013Y Jun

2013Y Dec

2014Y Mar

2014Y Jun

23,763,087

39,046,720

The number of Smart Phone users in South Korea

2012Y 2013Y FH. 2014Y

569M

5,733M

330M

Source : NPAUnit : KRW

Damaged Amount of SMS Phishing in South Korea

Page 13: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

13

03. SMS Phishing Case

2014-09-17

Text Message Received

SMS Phishing Incident?

Promotion Coupon(for free)

Link to the URLAdd bookmarkCopy the text

Downloading Do you want to install?

Page 14: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

14

03. SMS Phishing Case

2014-09-17

① Check Normal Banking Apps

Malicious Application Installed

SMS Phishing Incident?

Page 15: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

15

03. SMS Phishing Case

2014-09-17

② Download the Additional Malicious Application

Malicious Application Installed

SMS Phishing Incident?

Page 16: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

16

03. SMS Phishing Case

2014-09-17

③ Require Financial Information

Malicious Application Installed

SMS Phishing Incident?

Page 17: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

17

03. SMS Phishing Case

2014-09-17

Malicious Application Installed

SMS Phishing Incident?

④ Send away PKI folder, financial Information to specific email address

Page 18: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

182014-09-17

03. SMS Phishing Case

What KrCERT/CC is Doing: Providing CNCERT/CC with email addresses, related evidences, samples

Requesting takedown of related email addresses

What CNCERT/CC is Doing:Analyzing and Verifying malware samplesCoordinating with relevant service provider to takedown the misused email addresses

Chinese Famous Portal E-mail addresses are misused for Korean SMS Phishing incidents

CNCERT/CC’s ASSISTANCE NEEDED!

Page 19: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

192014-09-17

04. Cooperation

Web Browser Notification to Infected PC Users : Received infected IP list from trusted organization and part-ners

Web browser notification to infected PC users

Respond CVE-2014-0515(Adobe Flash Player) : Received malware distributing URLs, suspicious URLs

Request for proper actions to the distributing URLs

Support technical measures, extract & analyze logs

Web browser notification to infected PC users

What KrCERT/CC is doing for Global Collab-oration:

WAIT!!!Remove mal-

ware from your PC

Page 20: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

04Conclusion

Page 21: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

212014-09-17

04. Conclusion

Actions Required

Each CSIRT has different capacities, rules,…

Each CSIRT team’s circumstances to be ex-plored

Seek Ways to collaborate toSupport Incident HandlingDevelop Information Sharing Protocol

Page 22: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

22

04. Conclusion

Asia Pacific Computer Emergency Response Team

Forum of CSIRTs/CERTs in Asia Pacific region since 2003To help create a SAFE, CLEAN and RELIABLE cyber space in the Asia Pacific region through global collabora-tionAPCERT will maintain a trusted contact network of computer secu-rity experts in Asia Pacific region to improve the region’s aware-ness competency in relation to computer security incidents

2014-09-17

Page 23: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.

감사합니다THANK YOU