Cyber Fraud - The New Frontiers
-
Upload
albert-hui -
Category
Technology
-
view
206 -
download
2
Transcript of Cyber Fraud - The New Frontiers
CYBER FRAUDTHE NEW FRONTIERS
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISCPrincipal Consultant
2014 Asia-Pacific Fraud ConferenceNovember 17th 2014 @ Hong Kong
WHO AM I?
• Spoken at Black Hat, High Tech Crime Investigation Association (Asia Pacific Conference), and Economist Corporate Network.
• Risk Consultant for Banks, Government and Critical Infrastructures.
• SANS GIAC Advisory Board Member.
• Co-designed the first Computer Forensics curriculum forHong Kong Police Force.
• Former HKUST Computer Science lecturer.
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISCPrincipal Consultant
FOCUS
• Cyber Fraud• External Fraud• Mechanisms and Facilitators
AGENDA
Overview of 2 Prominent Fraud Scenarios• Phishing / Whaling• Man-in-the-Browser
Monetization• Hacker Supply Chain• Underground Economy• Money Laundering
Cyber Security Countermeasures
Copyright © 2014 Albert Hui
PHISHINGFROM AN END-USER PROBLEMTO A CORPORATE PROBLEM
CLASSIC PHISHING SCAM:NIGERIAN LETTER
Copyright © 2014 Albert Hui
ADVANCED FEES SCAMIS 200+ YEARS OLD
“Spanish Prisoner” scam letter from 1905
Copyright © 2014 Albert Hui
PHISHING EVOLUTION
more targetedmore transparent
spear phishing
phishing
whalingpharming
Copyright © 2014 Albert Hui
WHALING EXAMPLE
trojanCopyright © 2014 Albert Hui
CLASSIC PHISHING AND WHALING COMPARED
Classic Phishing• Ridiculous contents
• Opportunistic
• Straight-forward financial scam
Whaling• Make-Believe contents
• Targeted
• Lateral compromises possible,often leads to corporate espionage
Copyright © 2014 Albert Hui
CYBER KILL CHAIN
Recon Weaponize Deliver Exploit Install C2 Action
Copyright © 2014 Albert Hui
MONETIZATIONTURNING EXPLOITS INTO CASH
SOME MONETIZATION POSSIBILITIES
bank accounts
computer
file server
customer data stored values(e.g. Q-coins, Taobao credit)
credit cardsCopyright © 2014 Albert Hui
MAN-IN-THE-BROWSER ATTACK:SPOOFED SCREENS
trojan (e.g. Zeus)Copyright © 2014 Albert Hui
MAN-IN-THE-BROWSER ATTACK:REAL-TIME REDIRECT
trojan (e.g. Zeus)Copyright © 2014 Albert Hui
FOOD CHAIN
Fraud Rings(can launder money
“safely”)
Hackers(cannot)
Copyright © 2014 Albert Hui
MONEY LAUNDERING
MONEY MULES
Copyright © 2014 Albert Hui
STORED VALUES
Copyright © 2014 Albert Hui
HACKER SUPPLY CHAIN
Anon Payment
Hacker Tools /
Bulletproof Hosting
MonetizationImplications• Sophisticated attacks now available to
non-experts
• Lower breakeven point for attacks
• More “worthwhile” targets
Copyright © 2014 Albert Hui
UNDERGROUND ECONOMY
BITCOIN FOR MONEY LAUNDERING
Dark Wallet
CoinJoin
Copyright © 2014 Albert Hui
HIDDEN INTERNET
Dark Net / Deep Web Silk Road
The OnionRouter
Copyright © 2014 Albert Hui
CYBER SECURITY COUNTERMEASURES
PHILOSOPHY
Defender’s Dilemma• Must secure all possible vulnerabilities
Intruder’s Dilemma• Must evade all detections
Reason’s Swiss Cheese ModelPicture from NICPLD
Copyright © 2014 Albert Hui
ESSENTIALS FOR DETECTING CYBER ATTACKS
• Layered defense-in-depth• Redundant security (e.g. two different brands of FWs)• Security event correlation (e.g. SIEM)• Trustworthy logging• Up-to-date threat intelligence• Security awareness and reporting channel• Incident response capability (e.g. CSIRT)
Copyright © 2014 Albert Hui
processpeople
technology
ANY QUESTIONS?
???
THANK YOU