Cyber Security Issues in South Korea and CSIRTs
Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak first-team@krcert. or. kr eunjupak@krcert. or. kr beunju@kisa. or. kr
01 LATEST NEWS 02 PHARMING 03 AGENDA SMS PHISHING 04 CONCLUSION
01 Latest News
01. Latest News A GROUP OF CYBER FRAUD CRIMINALS WAS ARRESTED Unfair Profits 1 Billion KRW Victims’ financial information stolen Money withdrawn money from their bank accounts Cased by Phishing site, Pharming site and SMS Phishing 2014 -09 -17 4
02 Pharming Case
02. Pharming Case Constant increase in the number of Phishing/Pharming Sites in South Korea Public 1, 000 900 800 700 600 500 400 300 200 100 0 Jun Jul Aug Sep 2013 Y 2014 -09 -17 Banking Oct Nov Dec 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Others Jan Feb Mar 2014 Y Apr Chart Title Types of Malwares in South Korea Jan Feb Mar Apr May 2014 Y May Dropper Pharming Steal Infected PC's info Others 6
02. Pharming Case Pharming Incident? Infection Web defacement 2014 -09 -17 7
02. Pharming Case Pharming Incident? Falsification hosts. ics falsified 2014 -09 -17 8
02. Pharming Case Pharming Incident? Information Leak Victims’ bank account information leaked 2014 -09 -17 9
02. Pharming Case JPCERT/CC’s ASSISTANCE NEEDED! Statistics of Japanese IP misused Japanese IPs misused by Korean Pharming cases SOS to JPCERT/CC 2011 2012 2013 1 H 2014 What JPCERT/CC is Doing: Analyzing malwares Monitoring servers distributing hosts. ics Discussing with relevant ISP (i. e Blocking sites) 2014 -09 -17 10
03 SMS Phishing Case
03. SMS Phishing Case The more smartphone users are, the more SMS Phishing damages increase The number of Smart Phone users in South Korea Damaged Amount of SMS Phishing in South Korea 39, 046, 720 Source : NPA Unit : KRW 23, 763, 087 5, 733 M 569 M 2012 Y Jan 2014 -09 -17 2012 Y Jun 2012 Y Dec 2013 Y Mar 2013 Y Jun 2013 Y Dec 2014 Y Mar 2014 Y Jun 2012 Y 330 M 2013 Y FH. 2014 Y 12
03. SMS Phishing Case SMS Phishing Incident? Text Message Received Promotion Coupon(for free) 2014 -09 -17 Link to the URL Add bookmark Copy the text Downloading Do you want to install? 13
03. SMS Phishing Case SMS Phishing Incident? Malicious Application Installed ① Check Normal Banking Apps 2014 -09 -17 14
03. SMS Phishing Case SMS Phishing Incident? Malicious Application Installed ② Download the Additional Malicious Application 2014 -09 -17 15
03. SMS Phishing Case SMS Phishing Incident? Malicious Application Installed ③ Require Financial Information 2014 -09 -17 16
03. SMS Phishing Case SMS Phishing Incident? Malicious Application Installed ④ Send away PKI folder, financial Information to specific email address 2014 -09 -17 17
03. SMS Phishing Case CNCERT/CC’s ASSISTANCE NEEDED! Chinese Famous Portal E-mail addresses are misused for Korean SMS Phishing incidents What Kr. CERT/CC is Doing: Providing CNCERT/CC with email addresses, related evidences, samples Requesting takedown of related email addresses What CNCERT/CC is Doing: Analyzing and Verifying malware samples Coordinating with relevant service provider to takedown the misused email addresses 2014 -09 -17 18
04. Cooperation What Kr. CERT/CC is doing for Global Collaboration: Web Browser Notification to Infected PC Users : Received infected IP list from trusted organization and partners WAIT!!! Remove malware from your PC Web browser notification to infected PC users Respond CVE-2014 -0515(Adobe Flash Player) : Received malware distributing URLs, suspicious URLs Request for proper actions to the distributing URLs Support technical measures, extract & analyze logs Web browser notification to infected PC users 2014 -09 -17 19
04 Conclusion
04. Conclusion Actions Required Each CSIRT team’s circumstances to be explored Each CSIRT has different capacities, rules, … Seek Ways to collaborate to Support Incident Handling Develop Information Sharing Protocol 2014 -09 -17 21
04. Conclusion Asia Pacific Computer Emergency Response Team Forum of CSIRTs/CERTs in Asia Pacific region since 2003 To help create a SAFE, CLEAN and RELIABLE cyber space in the Asia Pacific region through global collaboration APCERT will maintain a trusted contact network of computer security experts in Asia Pacific region to improve the region’s awareness competency in relation to computer security incidents 2014 -09 -17 22
- Slides: 23