Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Security Stream, reaching into cells
AhnLab
ASEC (AhnLab Security Emergency response Center)
Malware Researcher
Paul Chung
Contents
01
02
03
04
05
Introduction of ASEC
Traditional Organ Infection
Reaching into Cells
Capillaries as well
Always Be Prepared
1. Introduction of ASEC
© AhnLab, Inc. All rights reserved.
AhnLab資安應變中心 ASEC (AhnLab Security Emergency response Center)
ASEC have specific goal, it’s protect customer’s IT asset and infra from internet threats,
since October 2001
24/7應變中心
透過迅速回應降低資安損害
分析惡意程式碼並提供對應解決方案
更新佈署惡意程式碼至所有AhnLab產品線
© AhnLab, Inc. All rights reserved.
ASEC資安應變流程 ASEC Threat Response solutions and process
ENDPOINT SECURITY
Anti-Virus Engine for V3 and other products
1988 Vaccine, 1995 V3 Warp Engine, 2003 V3 Flight Engine and 2007 V3 TS Engine
Present ASD(AhnLab Smart Defense)
NETWORK SECURITY
Network signatures for TrusGuard and other network products
MOBILE SECURITY
Mobile Anti-Virus Engine for V3 Mobile
發現問題 分析病毒樣本 產生病毒碼 上傳至更新伺服器
© AhnLab, Inc. All rights reserved.
威脅整合報告,ASEC Report Threat Intelligence Report, ASEC Report
ASEC is a global security response group consisting of malware analysts and security
experts.
This monthly report is published by ASEC, and it focuses on the most significant security
threats and the latest security technologies to guard against these threats.
© AhnLab, Inc. All rights reserved.
威脅整合報告,ASEC Blog Threat Intelligence Report, ASEC Blog
ASD (AhnLab Smart Defense)
© AhnLab, Inc. All rights reserved.
AhnLab雲端智能中心 ASD (AhnLab Smart Defense)
Global Cyber Threat
Intelligence
• Real-time collection and analysis
• Millions of sensors around the world
• A wide range of cyber threats
• Collects 500,000+ samples per day
Hybrid Analysis
System
• DNA Scans
• Whitelists
• Signature/Behavior-based rules
• Reputation rules
• Correlation rules
The Power of
Cloud
• Fast identification of variants
• Automated responses
• Enhanced zero-day detection
• Minimized false-positives
Proactive Response to
Evolving Threats
Early Response to
Emerging Threats
AhnLab Smart Defense
© AhnLab, Inc. All rights reserved.
AhnLab雲端智能中心-多維度防護 ASD (AhnLab Smart Defense)
Multi-Dimensional
Protection
Cloud Feed
(ASD)
Signature
Correlation
Behavior
URL/IP
Filtering
Reputation
A-FIRST
AhnLab - Forensics &
Incident Response Service Team
© AhnLab, Inc. All rights reserved.
數位鑑識與災害回應 Digital Forensics & Incident Response
Digital Forensics
- Extracting evidence from computer or other any kind of digital devices
- Has been Focusing on the targeted attack such as APT
- Making a timeline in order to tracking any kind of footprints
Focusing
Generated Timeline
Rapidly Response
2. Traditional Organ Infection
© AhnLab, Inc. All rights reserved.
駭客就在你我身邊-Target Around the World – Target
2013, 1.1億 (110 million)
© AhnLab, Inc. All rights reserved.
駭客就在你我身邊-JPMorgan Chase Around the World – JPMorgan Chase
2014, 7600萬 (76 million)
© AhnLab, Inc. All rights reserved.
駭客就在你我身邊-SnapChat Around the World – SnapChat
2014, 460萬 (4.6 million)
3. Reaching into Cells
© AhnLab, Inc. All rights reserved.
目標式勒索 Ransomware
2013, 個體攻擊 Attacking Individuals
© AhnLab, Inc. All rights reserved.
文件加密 Documents Encrypted
檔案內容有問題,無法開啟
確定 更多資訊
© AhnLab, Inc. All rights reserved.
United States- 54262 infections
Canada- 2832 infections India- 2075 infections
Iran- 1281 infections
Thailand- 1209 infections
Indonesia- 970 infections
Australia- 2310 infections
United Kingdom- 9682 infections
France- 908 infections
Brazil- 862 infections
Source: CryptoLocker Working Group - “Roy Arends, Nominet UK” Sinkhole data collected Date: October 15 2013 – January 27 2014
勒索就在世界各地發生中 Ransomware
4. Capillaries as well
© AhnLab, Inc. All rights reserved.
行動銀行用戶逐年上升 Mobile Banking Users are Increasing
0
10000
20000
30000
40000
50000
60000
2013 1st 2013 2nd 2013 3rd 2013 4th 2014 1st 2014 2nd
The number of registered mobile users (unit:thousand)
The number of registered smartphone mobile banking service users (unit:thousand)
單位:千人
行動裝置用戶數
行動銀行用戶數
54
68
0
55
16
2
54
68
0
54
68
0
54
68
0
55
67
0
28
06
9
31
30
8
34
10
7
37
18
5
40
34
2
42
97
7
© AhnLab, Inc. All rights reserved.
行動銀行線上交易量逐年上升 Mobile Banking Users are Increasing
2013 1st 2013 2nd 2013 3rd 2013 4th 2014 1st 2014 2nd
1.22 1.35 1.37 1.53 1.63 1.69
THE AMOUNT OF ONLINE BANKING TRANSACTIONS (UNIT:BILLION DOLLARS)
單位:十億美元
© AhnLab, Inc. All rights reserved.
行動銀行-登入 Mobile Banking
• For Login
Password of Certificate
© AhnLab, Inc. All rights reserved.
行動銀行-轉帳交易 Mobile Banking
Password of certification
• For Transfer
Security Card Number
Password of account
© AhnLab, Inc. All rights reserved.
置換銀行apps成惡意軟體 Replace banking apps
Notification bar
Please update ‘KBStarBanking’
Uninstall ‘KBStarBanking’
Install malware application
© AhnLab, Inc. All rights reserved.
置換銀行apps成惡意軟體 Replace banking apps
Name
Registration number
Mobile number
Password
Password
Account Number
Password of
certification
Serial number of
security card
ID
Fake banking app
: request banking information from user
惡意軟體要求重新輸入所有銀行帳戶資料
© AhnLab, Inc. All rights reserved.
Touch
‘McDonald’
社交工程 Social Engineering
A month later….. $300 was added to the phone bill of the users
From. 010-1234-1234 ★McDonald★ ‘Bigmac set’ coupon arrival (Whole area) http://tiny.cc/hz****
McDonald
SMS Inbox
You can not access
due to server failure.
Please connect again
later.
Download ‘APK’
and
Install ‘APK’
© AhnLab, Inc. All rights reserved.
無線路由器的漏洞 Wireless router vulnerabilities
• Connected to normal AP
• Connected to AP in changed DNS
Download
malware
‘APK’
You may need to update app
to enhance security.
© AhnLab, Inc. All rights reserved.
Attacking Anti-Virus Apps
• Shutting down the anti-virus apps
• Uninstalling anti-virus apps
© AhnLab, Inc. All rights reserved.
DEVIL – DEX Visualizer
5. Always Be Prepared
© AhnLab, Inc. All rights reserved.
Full use of the functions
URL included
Always Be Prepared
Unknown Source
© AhnLab, Inc. All rights reserved.
Always Be Prepared
D E S I G N Y O U R S E C U R I T Y