All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
Cyber Security Issues in South Korea and CSIRTs Cooperation, by Eunju Pak [APNIC 38]
1. Cyber Security Issues in
South Korea and
CSIRTs Cooperation
September 17, 2014
Eunju Pak
first-team@krcert.or.kr
eunjupak@krcert.or.kr
beunju@kisa.or.kr
4. 01. Latest News
2014-09-17
A GROUP OF CYBER FRAUD
CRIMINALS WAS ARRESTED
Unfair Profits 1 Billion KRW
Victims’ financial information stolen
Money withdrawn money from their bank accounts
Cased by Phishing site, Pharming site and SMS Phishing
4
6. 02. Pharming Case
Constant increase in the number of
Phishing/Pharming Sites in South Korea
1,000
800
600
400
200
0
2014-09-17
Phishing/Pharming Sites in South Korea
Public Banking Others
Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May
2013 Y 2014 Y
100%
80%
60%
40%
20%
0%
Types of Malwares in South Korea
Jan Feb Mar Apr May
2014 Y
Dropper Pharming Steal Infected PC's info Others
6
7. 02. Pharming Case
Pharming Incident?
Infection Web defacement
2014-09-17
7
9. 02. Pharming Case
Pharming Incident?
Information Leak Victims’ bank account information leaked
2014-09-17
9
10. 02. Pharming Case
JPCERT/CC’s ASSISTANCE NEEDED!
2014-09-17
Statistics of Japanese IP misused Japanese IPs misused by Korean Pharming cases
2011 2012 2013 1H 2014
SOS to JPCERT/CC
What JPCERT/CC is Doing:
Analyzing malwares
Monitoring servers distributing hosts.ics
Discussing with relevant ISP (i.e Blocking sites) 10
12. 03. SMS Phishing Case
The more smartphone users are,
2014-09-17
the more SMS Phishing damages increase
23,763,087
39,046,720
2012Y
Jan
2012Y
Jun
2012Y
Dec
2013Y
Mar
2013Y
Jun
2013Y
Dec
2014Y
Mar
2014Y
Jun
The number of Smart Phone users in South Korea
Damaged Amount of SMS Phishing in South Korea
569M
5,733M
Source : NPA
Unit : KRW
330M
2012Y 2013Y FH. 2014Y
12
13. 03. SMS Phishing Case
SMS Phishing Incident?
Text Message Received
2014-09-17
Promotion Coupon(for free)
Link to the URL
Add bookmark
Copy the text
Downloading Do you want to install?
13
14. 03. SMS Phishing Case
SMS Phishing Incident?
Malicious Application Installed
① Check Normal Banking Apps
2014-09-17
14
15. 03. SMS Phishing Case
SMS Phishing Incident?
Malicious Application Installed
② Download the Additional Malicious Application
2014-09-17
15
16. 03. SMS Phishing Case
SMS Phishing Incident?
Malicious Application Installed
③ Require Financial Information
2014-09-17
16
17. 03. SMS Phishing Case
17
SMS Phishing Incident?
Malicious Application Installed
④ Send away PKI folder, financial Information to specific email address
2014-09-17
18. CNCERT/CC’s ASSISTANCE NEEDED!
Chinese Famous Portal E-mail addresses are misused for Korean SMS Phishing incidents
2014-09-17
03. SMS Phishing Case
What KrCERT/CC is Doing:
Providing CNCERT/CC with email addresses, related evidences, samples
Requesting takedown of related email addresses
What CNCERT/CC is Doing:
Analyzing and Verifying malware samples
Coordinating with relevant service provider to takedown the misused
email addresses
18
19. What KrCERT/CC is doing for Global Collaboration:
2014-09-17
04. Cooperation
Web Browser Notification to Infected PC Users :
Received infected IP list from trusted organization and partners
Web browser notification to infected PC users
Respond CVE-2014-0515(Adobe Flash Player) :
Received malware distributing URLs, suspicious URLs
Request for proper actions to the distributing URLs
Support technical measures, extract & analyze logs
Web browser notification to infected PC users
WAIT!!!
Remove malware
from your PC
19
21. Each CSIRT team’s circumstances to be explored
2014-09-17
04. Conclusion
Actions Required
Each CSIRT has different capacities, rules,…
Seek Ways to collaborate to
Support Incident Handling
Develop Information Sharing Protocol
21
22. 04. Conclusion
Asia Pacific Computer Emergency Response Team
Forum of CSIRTs/CERTs in Asia Pacific region since 2003
To help create a SAFE, CLEAN and RELIABLE cyber space
in the Asia Pacific region through global collaboration
APCERT will maintain a trusted contact network of computer security experts
in Asia Pacific region to improve the region’s awareness competency in
relation to computer security incidents
2014-09-17 22