Security Stream, reaching into cells › infosec › 2015 › track+f-2.pdfContents 01 02 03 04 05 Introduction of ASEC Traditional Organ Infection Reaching into Cells Capillaries

Security Stream, reaching into cells

AhnLab

ASEC (AhnLab Security Emergency response Center)

Malware Researcher

Paul Chung

Contents

01

02

03

04

05

Introduction of ASEC

Traditional Organ Infection

Reaching into Cells

Capillaries as well

Always Be Prepared

1. Introduction of ASEC

© AhnLab, Inc. All rights reserved.

AhnLab資安應變中心 ASEC (AhnLab Security Emergency response Center)

ASEC have specific goal, it’s protect customer’s IT asset and infra from internet threats,

since October 2001

24/7應變中心

透過迅速回應降低資安損害

分析惡意程式碼並提供對應解決方案

更新佈署惡意程式碼至所有AhnLab產品線


ASEC資安應變流程 ASEC Threat Response solutions and process

ENDPOINT SECURITY

Anti-Virus Engine for V3 and other products

1988 Vaccine, 1995 V3 Warp Engine, 2003 V3 Flight Engine and 2007 V3 TS Engine

Present ASD(AhnLab Smart Defense)

NETWORK SECURITY

Network signatures for TrusGuard and other network products

MOBILE SECURITY

Mobile Anti-Virus Engine for V3 Mobile

發現問題分析病毒樣本產生病毒碼上傳至更新伺服器


威脅整合報告，ASEC Report Threat Intelligence Report, ASEC Report

ASEC is a global security response group consisting of malware analysts and security

experts.

This monthly report is published by ASEC, and it focuses on the most significant security

threats and the latest security technologies to guard against these threats.


威脅整合報告，ASEC Blog Threat Intelligence Report, ASEC Blog

ASD (AhnLab Smart Defense)


AhnLab雲端智能中心 ASD (AhnLab Smart Defense)

Global Cyber Threat

Intelligence

• Real-time collection and analysis

• Millions of sensors around the world

• A wide range of cyber threats

• Collects 500,000+ samples per day

Hybrid Analysis

System

• DNA Scans

• Whitelists

• Signature/Behavior-based rules

• Reputation rules

• Correlation rules

The Power of

Cloud

• Fast identification of variants

• Automated responses

• Enhanced zero-day detection

• Minimized false-positives

Proactive Response to

Evolving Threats

Early Response to

Emerging Threats

AhnLab Smart Defense


AhnLab雲端智能中心-多維度防護 ASD (AhnLab Smart Defense)

Multi-Dimensional

Protection

Cloud Feed

(ASD)

Signature

Correlation

Behavior

URL/IP

Filtering

Reputation

A-FIRST

AhnLab - Forensics &

Incident Response Service Team


數位鑑識與災害回應 Digital Forensics & Incident Response

Digital Forensics

- Extracting evidence from computer or other any kind of digital devices

- Has been Focusing on the targeted attack such as APT

- Making a timeline in order to tracking any kind of footprints

Focusing

Generated Timeline

Rapidly Response

2. Traditional Organ Infection


駭客就在你我身邊-Target Around the World – Target

2013, 1.1億 (110 million)


駭客就在你我身邊-JPMorgan Chase Around the World – JPMorgan Chase

2014, 7600萬 (76 million)


駭客就在你我身邊-SnapChat Around the World – SnapChat

2014, 460萬 (4.6 million)

3. Reaching into Cells


目標式勒索 Ransomware

2013, 個體攻擊 Attacking Individuals


文件加密 Documents Encrypted

檔案內容有問題，無法開啟

確定更多資訊


United States- 54262 infections

Canada- 2832 infections India- 2075 infections

Iran- 1281 infections

Thailand- 1209 infections

Indonesia- 970 infections

Australia- 2310 infections

United Kingdom- 9682 infections

France- 908 infections

Brazil- 862 infections

Source: CryptoLocker Working Group - “Roy Arends, Nominet UK” Sinkhole data collected Date: October 15 2013 – January 27 2014

勒索就在世界各地發生中 Ransomware

4. Capillaries as well


行動銀行用戶逐年上升 Mobile Banking Users are Increasing

0

10000

20000

30000

40000

50000

60000

2013 1st 2013 2nd 2013 3rd 2013 4th 2014 1st 2014 2nd

The number of registered mobile users (unit:thousand)

The number of registered smartphone mobile banking service users (unit:thousand)

單位：千人

行動裝置用戶數

行動銀行用戶數

54

68

0

55

16

2

54

68

0

54

68

0

54

68

0

55

67

0

28

06

9

31

30

8

34

10

7

37

18

5

40

34

2

42

97

7


行動銀行線上交易量逐年上升 Mobile Banking Users are Increasing

2013 1st 2013 2nd 2013 3rd 2013 4th 2014 1st 2014 2nd

1.22 1.35 1.37 1.53 1.63 1.69

THE AMOUNT OF ONLINE BANKING TRANSACTIONS (UNIT:BILLION DOLLARS)

單位：十億美元


行動銀行-登入 Mobile Banking

• For Login

Password of Certificate


行動銀行-轉帳交易 Mobile Banking

Password of certification

• For Transfer

Security Card Number

Password of account


置換銀行apps成惡意軟體 Replace banking apps

Notification bar

Please update ‘KBStarBanking’

Uninstall ‘KBStarBanking’

Install malware application


置換銀行apps成惡意軟體 Replace banking apps

Name

Registration number

Mobile number

Password

Password

Account Number

Password of

certification

Serial number of

security card

ID

Fake banking app

: request banking information from user

惡意軟體要求重新輸入所有銀行帳戶資料


Touch

‘McDonald’

社交工程 Social Engineering

A month later….. $300 was added to the phone bill of the users

From. 010-1234-1234 ★McDonald★ ‘Bigmac set’ coupon arrival (Whole area) http://tiny.cc/hz****

McDonald

SMS Inbox

You can not access

due to server failure.

Please connect again

later.

Download ‘APK’

and

Install ‘APK’


無線路由器的漏洞 Wireless router vulnerabilities

• Connected to normal AP

• Connected to AP in changed DNS

Download

malware

‘APK’

You may need to update app

to enhance security.


Attacking Anti-Virus Apps

• Shutting down the anti-virus apps

• Uninstalling anti-virus apps


DEVIL – DEX Visualizer

5. Always Be Prepared


Full use of the functions

URL included

Always Be Prepared

Unknown Source


Always Be Prepared

D E S I G N Y O U R S E C U R I T Y