Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak...
-
Upload
chester-norman -
Category
Documents
-
view
215 -
download
0
Transcript of Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak...
Cyber Security Issues inSouth Korea andCSIRTs Cooperation
September 17, 2014Eunju Pak
[email protected]@krcert.or.kr
AGENDA
01LATEST NEWS
02PHARMING
03SMS PHISHING
04CONCLUSION
01Latest News
4
01. Latest News
2014-09-17
A GROUP OF CYBER FRAUD CRIMINALS WAS ARRESTED
Unfair Profits 1 Billion KRW
Victims’ financial information stolen Money withdrawn money from their bank accounts
Cased by Phishing site, Pharming site and SMS Phishing
02Pharming Case
6
02. Pharming Case
2014-09-17
Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May2013 Y 2014 Y
0
200
400
600
800
1,000
Phishing/Pharming Sites in South Korea
Public Banking Others
Jan Feb Mar Apr May2014 Y
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Dropper PharmingSteal Infected PC's info Others
Types of Malwares in South Korea
Constant increase in the number of Phish-ing/Pharming Sites in South Korea
7
02. Pharming Case
2014-09-17
Pharming Incident?InfectionWeb defacement
8
02. Pharming Case
2014-09-17
Pharming Incident?
Falsificationhosts.ics falsified
9
02. Pharming Case
2014-09-17
Pharming Incident?Information Leak Victims’ bank account information
leaked
10
02. Pharming Case
2014-09-17
JPCERT/CC’s ASSISTANCE NEEDED!
2011 2012 2013 1H 2014
Statistics of Japanese IP misused
Japanese IPs misused by Korean Pharming cases
SOS to JPCERT/CC
What JPCERT/CC is Doing:Analyzing malwaresMonitoring servers distributing hosts.icsDiscussing with relevant ISP (i.e Blocking sites)
03SMS Phishing Case
12
03. SMS Phishing Case
2014-09-17
The more smartphone users are, the more SMS Phishing damages
increase
2012Y Jan
2012Y Jun
2012Y Dec
2013Y Mar
2013Y Jun
2013Y Dec
2014Y Mar
2014Y Jun
23,763,087
39,046,720
The number of Smart Phone users in South Korea
2012Y 2013Y FH. 2014Y
569M
5,733M
330M
Source : NPAUnit : KRW
Damaged Amount of SMS Phishing in South Korea
13
03. SMS Phishing Case
2014-09-17
Text Message Received
SMS Phishing Incident?
Promotion Coupon(for free)
Link to the URLAdd bookmarkCopy the text
Downloading Do you want to install?
14
03. SMS Phishing Case
2014-09-17
① Check Normal Banking Apps
Malicious Application Installed
SMS Phishing Incident?
15
03. SMS Phishing Case
2014-09-17
② Download the Additional Malicious Application
Malicious Application Installed
SMS Phishing Incident?
16
03. SMS Phishing Case
2014-09-17
③ Require Financial Information
Malicious Application Installed
SMS Phishing Incident?
17
03. SMS Phishing Case
2014-09-17
Malicious Application Installed
SMS Phishing Incident?
④ Send away PKI folder, financial Information to specific email address
182014-09-17
03. SMS Phishing Case
What KrCERT/CC is Doing: Providing CNCERT/CC with email addresses, related evidences, samples
Requesting takedown of related email addresses
What CNCERT/CC is Doing:Analyzing and Verifying malware samplesCoordinating with relevant service provider to takedown the misused email addresses
Chinese Famous Portal E-mail addresses are misused for Korean SMS Phishing incidents
CNCERT/CC’s ASSISTANCE NEEDED!
192014-09-17
04. Cooperation
Web Browser Notification to Infected PC Users : Received infected IP list from trusted organization and part-ners
Web browser notification to infected PC users
Respond CVE-2014-0515(Adobe Flash Player) : Received malware distributing URLs, suspicious URLs
Request for proper actions to the distributing URLs
Support technical measures, extract & analyze logs
Web browser notification to infected PC users
What KrCERT/CC is doing for Global Collab-oration:
WAIT!!!Remove mal-
ware from your PC
04Conclusion
212014-09-17
04. Conclusion
Actions Required
Each CSIRT has different capacities, rules,…
Each CSIRT team’s circumstances to be ex-plored
Seek Ways to collaborate toSupport Incident HandlingDevelop Information Sharing Protocol
22
04. Conclusion
Asia Pacific Computer Emergency Response Team
Forum of CSIRTs/CERTs in Asia Pacific region since 2003To help create a SAFE, CLEAN and RELIABLE cyber space in the Asia Pacific region through global collabora-tionAPCERT will maintain a trusted contact network of computer secu-rity experts in Asia Pacific region to improve the region’s aware-ness competency in relation to computer security incidents
2014-09-17
감사합니다THANK YOU