Improving Cooperation between CSIRTs and Law Enforcement ...
Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak...
-
Upload
chester-norman -
Category
Documents
-
view
215 -
download
0
Transcript of Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak...
![Page 1: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/1.jpg)
Cyber Security Issues inSouth Korea andCSIRTs Cooperation
September 17, 2014Eunju Pak
[email protected]@krcert.or.kr
![Page 2: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/2.jpg)
AGENDA
01LATEST NEWS
02PHARMING
03SMS PHISHING
04CONCLUSION
![Page 3: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/3.jpg)
01Latest News
![Page 4: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/4.jpg)
4
01. Latest News
2014-09-17
A GROUP OF CYBER FRAUD CRIMINALS WAS ARRESTED
Unfair Profits 1 Billion KRW
Victims’ financial information stolen Money withdrawn money from their bank accounts
Cased by Phishing site, Pharming site and SMS Phishing
![Page 5: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/5.jpg)
02Pharming Case
![Page 6: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/6.jpg)
6
02. Pharming Case
2014-09-17
Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May2013 Y 2014 Y
0
200
400
600
800
1,000
Phishing/Pharming Sites in South Korea
Public Banking Others
Jan Feb Mar Apr May2014 Y
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Dropper PharmingSteal Infected PC's info Others
Types of Malwares in South Korea
Constant increase in the number of Phish-ing/Pharming Sites in South Korea
![Page 7: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/7.jpg)
7
02. Pharming Case
2014-09-17
Pharming Incident?InfectionWeb defacement
![Page 8: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/8.jpg)
8
02. Pharming Case
2014-09-17
Pharming Incident?
Falsificationhosts.ics falsified
![Page 9: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/9.jpg)
9
02. Pharming Case
2014-09-17
Pharming Incident?Information Leak Victims’ bank account information
leaked
![Page 10: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/10.jpg)
10
02. Pharming Case
2014-09-17
JPCERT/CC’s ASSISTANCE NEEDED!
2011 2012 2013 1H 2014
Statistics of Japanese IP misused
Japanese IPs misused by Korean Pharming cases
SOS to JPCERT/CC
What JPCERT/CC is Doing:Analyzing malwaresMonitoring servers distributing hosts.icsDiscussing with relevant ISP (i.e Blocking sites)
![Page 11: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/11.jpg)
03SMS Phishing Case
![Page 12: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/12.jpg)
12
03. SMS Phishing Case
2014-09-17
The more smartphone users are, the more SMS Phishing damages
increase
2012Y Jan
2012Y Jun
2012Y Dec
2013Y Mar
2013Y Jun
2013Y Dec
2014Y Mar
2014Y Jun
23,763,087
39,046,720
The number of Smart Phone users in South Korea
2012Y 2013Y FH. 2014Y
569M
5,733M
330M
Source : NPAUnit : KRW
Damaged Amount of SMS Phishing in South Korea
![Page 13: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/13.jpg)
13
03. SMS Phishing Case
2014-09-17
Text Message Received
SMS Phishing Incident?
Promotion Coupon(for free)
Link to the URLAdd bookmarkCopy the text
Downloading Do you want to install?
![Page 14: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/14.jpg)
14
03. SMS Phishing Case
2014-09-17
① Check Normal Banking Apps
Malicious Application Installed
SMS Phishing Incident?
![Page 15: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/15.jpg)
15
03. SMS Phishing Case
2014-09-17
② Download the Additional Malicious Application
Malicious Application Installed
SMS Phishing Incident?
![Page 16: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/16.jpg)
16
03. SMS Phishing Case
2014-09-17
③ Require Financial Information
Malicious Application Installed
SMS Phishing Incident?
![Page 17: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/17.jpg)
17
03. SMS Phishing Case
2014-09-17
Malicious Application Installed
SMS Phishing Incident?
④ Send away PKI folder, financial Information to specific email address
![Page 18: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/18.jpg)
182014-09-17
03. SMS Phishing Case
What KrCERT/CC is Doing: Providing CNCERT/CC with email addresses, related evidences, samples
Requesting takedown of related email addresses
What CNCERT/CC is Doing:Analyzing and Verifying malware samplesCoordinating with relevant service provider to takedown the misused email addresses
Chinese Famous Portal E-mail addresses are misused for Korean SMS Phishing incidents
CNCERT/CC’s ASSISTANCE NEEDED!
![Page 19: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/19.jpg)
192014-09-17
04. Cooperation
Web Browser Notification to Infected PC Users : Received infected IP list from trusted organization and part-ners
Web browser notification to infected PC users
Respond CVE-2014-0515(Adobe Flash Player) : Received malware distributing URLs, suspicious URLs
Request for proper actions to the distributing URLs
Support technical measures, extract & analyze logs
Web browser notification to infected PC users
What KrCERT/CC is doing for Global Collab-oration:
WAIT!!!Remove mal-
ware from your PC
![Page 20: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/20.jpg)
04Conclusion
![Page 21: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/21.jpg)
212014-09-17
04. Conclusion
Actions Required
Each CSIRT has different capacities, rules,…
Each CSIRT team’s circumstances to be ex-plored
Seek Ways to collaborate toSupport Incident HandlingDevelop Information Sharing Protocol
![Page 22: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/22.jpg)
22
04. Conclusion
Asia Pacific Computer Emergency Response Team
Forum of CSIRTs/CERTs in Asia Pacific region since 2003To help create a SAFE, CLEAN and RELIABLE cyber space in the Asia Pacific region through global collabora-tionAPCERT will maintain a trusted contact network of computer secu-rity experts in Asia Pacific region to improve the region’s aware-ness competency in relation to computer security incidents
2014-09-17
![Page 23: Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert.or.kr eunjupak@krcert.or.kr beunju@kisa.or.kr.](https://reader036.fdocuments.net/reader036/viewer/2022062716/56649dd45503460f94acbab9/html5/thumbnails/23.jpg)
감사합니다THANK YOU