CYBER FRAUD THE NEW FRONTIERS Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC Principal Consultant 2014 Asia- Pacific Fraud Conference November 17 th 2014 @ Hong Kong
Cyber Fraud - The New Frontiers
Jun 29, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CYBER FRAUDTHE NEW FRONTIERS
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISCPrincipal Consultant
2014 Asia-Pacific Fraud ConferenceNovember 17th 2014 @ Hong Kong
WHO AM I?
• Spoken at Black Hat, High Tech Crime Investigation Association (Asia Pacific Conference), and Economist Corporate Network.
• Risk Consultant for Banks, Government and Critical Infrastructures.
• SANS GIAC Advisory Board Member.
• Co-designed the first Computer Forensics curriculum forHong Kong Police Force.
• Former HKUST Computer Science lecturer.
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISCPrincipal Consultant
FOCUS
• Cyber Fraud• External Fraud• Mechanisms and Facilitators
AGENDA
Overview of 2 Prominent Fraud Scenarios• Phishing / Whaling• Man-in-the-Browser
Monetization• Hacker Supply Chain• Underground Economy• Money Laundering
Cyber Security Countermeasures
Copyright © 2014 Albert Hui
PHISHINGFROM AN END-USER PROBLEMTO A CORPORATE PROBLEM
CLASSIC PHISHING SCAM:NIGERIAN LETTER
Copyright © 2014 Albert Hui
ADVANCED FEES SCAMIS 200+ YEARS OLD
“Spanish Prisoner” scam letter from 1905
Copyright © 2014 Albert Hui
PHISHING EVOLUTION
more targetedmore transparent
spear phishing
phishing
whalingpharming
Copyright © 2014 Albert Hui
WHALING EXAMPLE
trojanCopyright © 2014 Albert Hui
CLASSIC PHISHING AND WHALING COMPARED
Classic Phishing• Ridiculous contents
• Opportunistic
• Straight-forward financial scam
Whaling• Make-Believe contents
• Targeted
• Lateral compromises possible,often leads to corporate espionage
Copyright © 2014 Albert Hui
CYBER KILL CHAIN
Recon Weaponize Deliver Exploit Install C2 Action
Copyright © 2014 Albert Hui
MONETIZATIONTURNING EXPLOITS INTO CASH
SOME MONETIZATION POSSIBILITIES
bank accounts
computer
file server
customer data stored values(e.g. Q-coins, Taobao credit)
credit cardsCopyright © 2014 Albert Hui
MAN-IN-THE-BROWSER ATTACK:SPOOFED SCREENS
trojan (e.g. Zeus)Copyright © 2014 Albert Hui
MAN-IN-THE-BROWSER ATTACK:REAL-TIME REDIRECT
trojan (e.g. Zeus)Copyright © 2014 Albert Hui
FOOD CHAIN
Fraud Rings(can launder money
“safely”)
Hackers(cannot)
Copyright © 2014 Albert Hui
MONEY LAUNDERING
MONEY MULES
Copyright © 2014 Albert Hui
STORED VALUES
Copyright © 2014 Albert Hui
HACKER SUPPLY CHAIN
Anon Payment
Hacker Tools /
Bulletproof Hosting
MonetizationImplications• Sophisticated attacks now available to
non-experts
• Lower breakeven point for attacks
• More “worthwhile” targets
Copyright © 2014 Albert Hui
UNDERGROUND ECONOMY
BITCOIN FOR MONEY LAUNDERING
Dark Wallet
CoinJoin
Copyright © 2014 Albert Hui
HIDDEN INTERNET
Dark Net / Deep Web Silk Road
The OnionRouter
Copyright © 2014 Albert Hui
CYBER SECURITY COUNTERMEASURES
PHILOSOPHY
Defender’s Dilemma• Must secure all possible vulnerabilities
Intruder’s Dilemma• Must evade all detections
Reason’s Swiss Cheese ModelPicture from NICPLD
Copyright © 2014 Albert Hui
ESSENTIALS FOR DETECTING CYBER ATTACKS
• Layered defense-in-depth• Redundant security (e.g. two different brands of FWs)• Security event correlation (e.g. SIEM)• Trustworthy logging• Up-to-date threat intelligence• Security awareness and reporting channel• Incident response capability (e.g. CSIRT)
Copyright © 2014 Albert Hui
processpeople
technology
ANY QUESTIONS?
???
Related Documents
