CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert...
Transcript of CYBER FRAUD - Association of Certified Fraud Examiners€¦ · CYBER FRAUD THE NEW FRONTIERS Albert...
CYBER FRAUDTHE NEW FRONTIERS
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC
Principal Consultant
2014 Asia-Pacific Fraud ConferenceNovember 17th 2014 @ Hong Kong
WHO AM I?
• Spoken at Black Hat, High Tech Crime Investigation Association (Asia Pacific Conference), and Economist Corporate Network.
• Risk Consultant for Banks, Government and Critical Infrastructures.
• SANS GIAC Advisory Board Member.
• Co-designed the first Computer Forensics curriculum forHong Kong Police Force.
• Former HKUST Computer Science lecturer.
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC
Principal Consultant
FOCUS
• Cyber Fraud
• External Fraud
• Mechanisms and Facilitators
AGENDA
Overview of 2 Prominent Fraud Scenarios
• Phishing / Whaling
• Man-in-the-Browser
Monetization
• Hacker Supply Chain
• Underground Economy
• Money Laundering
Cyber Security Countermeasures
PHISHINGFROM AN END-USER PROBLEMTO A CORPORATE PROBLEM
CLASSIC PHISHING SCAM:NIGERIAN LETTER
ADVANCED FEES SCAMIS 200+ YEARS OLD
“Spanish Prisoner” scam letter from 1905
PHISHING EVOLUTION
more targetedmore transparent
spear phishing
phishing
whalingpharming
WHALING EXAMPLE
trojan
CLASSIC PHISHING AND WHALING COMPARED
Classic Phishing
• Ridiculous contents
• Opportunistic
• Straight-forward financial scam
Whaling
• Make-Believe contents
• Targeted
• Lateral compromises possible,often leads to corporate espionage
CYBER KILL CHAIN
Recon Weaponize Deliver Exploit Install C2 Action
MONETIZATIONTURNING EXPLOITS INTO CASH
SOME MONETIZATION POSSIBILITIES
bank accounts
computer
file server
customer data stored values(e.g. Q-coins, Taobao credit)
credit cards
MAN-IN-THE-BROWSER ATTACK:SPOOFED SCREENS
trojan (e.g. Zeus)
MAN-IN-THE-BROWSER ATTACK:REAL-TIME REDIRECT
trojan (e.g. Zeus)
FOOD CHAIN
Fraud Rings(can launder money
“safely”)
Hackers(cannot)
MONEY LAUNDERING
MONEY MULES
STORED VALUES
HACKER SUPPLY CHAIN
Anon Payment
Hacker Tools /
Bulletproof Hosting
MonetizationImplications
• Sophisticated attacks now available to non-experts
• Lower breakeven point for attacks
• More “worthwhile” targets
ECONOMY
BITCOIN FOR MONEY LAUNDERING
Dark Wallet
CoinJoin
HIDDEN INTERNET
Dark Net / Deep Web Silk Road
The OnionRouter
CYBER SECURITY COUNTERMEASURES
PHILOSOPHY
Defender’s Dilemma
• Must secure all possible vulnerabilities
Intruder’s Dilemma
• Must evade all detections
Reason’s Swiss Cheese ModelPicture from NICPLD
ESSENTIALS FOR DETECTING CYBER ATTACKS
• Layered defense-in-depth
• Redundant security (e.g. two different brands of FWs)
• Security event correlation (e.g. SIEM)
• Trustworthy logging
• Up-to-date threat intelligence
• Security awareness and reporting channel
• Incident response capability (e.g. CSIRT)
ANY QUESTIONS?
??
THANK YOU