Cyber Security Issues in
South Korea and
CSIRTs Cooperation
September 17, 2014
Eunju Pak
[email protected]
[email protected]
[email protected]
01
LATEST NEWS
02
PHARMING
03
AGENDA
SMS PHISHING
04
CONCLUSION
01
Latest News
01. Latest News
A GROUP OF CYBER FRAUD
CRIMINALS WAS ARRESTED
Unfair Profits 1 Billion KRW
Victims’ financial information stolen
Money withdrawn money from their bank accounts
Cased by Phishing site, Pharming site and SMS Phishing
2014-09-17
4
02
Pharming Case
02. Pharming Case
Constant increase in the number of
Phishing/Pharming Sites in South Korea
Types of Malwares in South Korea
Phishing/Pharming Sites in South Korea
Public
Banking
100%
Others
1,000
80%
800
60%
600
40%
400
20%
200
0%
Jan
0
Jun
Jul
Aug Sep
2013 Y
2014-09-17
Oct
Nov Dec
Jan
Feb
Mar
2014 Y
Feb
Mar
Apr
May
2014 Y
Apr May
Dropper
Pharming
Steal Infected PC's info
Others
6
02. Pharming Case
Pharming Incident?
Infection Web defacement
2014-09-17
7
02. Pharming Case
Pharming Incident?
Falsification hosts.ics falsified
2014-09-17
8
02. Pharming Case
Pharming Incident?
Information Leak Victims’ bank account information leaked
2014-09-17
9
02. Pharming Case
JPCERT/CC’s ASSISTANCE NEEDED!
Statistics of Japanese IP misused
Japanese IPs misused by Korean Pharming cases
SOS to JPCERT/CC
2011
2012
2013
1H 2014
What JPCERT/CC is Doing:
Analyzing malwares
Monitoring servers distributing hosts.ics
Discussing with relevant ISP (i.e Blocking sites)
2014-09-17
10
03
SMS Phishing Case
03. SMS Phishing Case
The more smartphone users are,
the more SMS Phishing damages increase
Damaged Amount of SMS Phishing in South Korea
The number of Smart Phone users in South Korea
39,046,720
Source : NPA
Unit : KRW
23,763,087
5,733M
569M
2012Y
2012Y
2012Y
2013Y
2013Y
2013Y
2014Y
2014Y
Jan
Jun
Dec
Mar
Jun
Dec
Mar
Jun
2014-09-17
2012Y
330M
2013Y
FH. 2014Y
12
03. SMS Phishing Case
SMS Phishing Incident?
Text Message Received
Promotion Coupon(for free)
2014-09-17
Link to the URL
Add bookmark
Copy the text
Downloading
Do you want to install?
13
03. SMS Phishing Case
SMS Phishing Incident?
Malicious Application Installed
① Check Normal Banking Apps
2014-09-17
14
03. SMS Phishing Case
SMS Phishing Incident?
Malicious Application Installed
② Download the Additional Malicious Application
2014-09-17
15
03. SMS Phishing Case
SMS Phishing Incident?
Malicious Application Installed
③ Require Financial Information
2014-09-17
16
03. SMS Phishing Case
SMS Phishing Incident?
Malicious Application Installed
④ Send away PKI folder, financial Information to specific email address
2014-09-17
17
03. SMS Phishing Case
CNCERT/CC’s ASSISTANCE NEEDED!
Chinese Famous Portal E-mail addresses are misused for Korean SMS Phishing incidents
What KrCERT/CC is Doing:
Providing CNCERT/CC with email addresses, related evidences, samples
Requesting takedown of related email addresses
What CNCERT/CC is Doing:
Analyzing and Verifying malware samples
Coordinating with relevant service provider to takedown the misused
email addresses
2014-09-17
18
04. Cooperation
What KrCERT/CC is doing for Global Collaboration:
Web Browser Notification to Infected PC Users :
Received infected IP list from trusted organization and partners
WAIT!!!
Remove malware
from your PC
Web browser notification to infected PC users
Respond CVE-2014-0515(Adobe Flash Player) :
Received malware distributing URLs, suspicious URLs
Request for proper actions to the distributing URLs
Support technical measures, extract & analyze logs
Web browser notification to infected PC users
2014-09-17
19
04
Conclusion
04. Conclusion
Actions Required
Each CSIRT team’s circumstances to be explored
Each CSIRT has different capacities, rules,…
Seek Ways to collaborate to
Support Incident Handling
Develop Information Sharing Protocol
2014-09-17
21
04. Conclusion
Asia Pacific Computer Emergency Response Team
Forum of CSIRTs/CERTs in Asia Pacific region since 2003
To help create a SAFE, CLEAN and RELIABLE cyber space
in the Asia Pacific region through global collaboration
APCERT will maintain a trusted contact network of computer security experts
in Asia Pacific region to improve the region’s awareness competency in
relation to computer security incidents
2014-09-17
22
감사합니다
THANK YOU