Cyber Security Threats and Data Breaches with special reference to Electronic Transaction Act 2063 and its

impact on auditors and auditee

August 14, 2015

Bijay Limbu Senihang(CEH)

Security Consultant

Penetration Tester

Security Researcher

Computer Forensic Enthusiast

Chief Technology Officer at Rigo Technology

Who am I?

Agenda

Cyber Security Threats to Nepal

Data Breaches cases in Nepal

Weakness in Electronic Transaction Act

Impact on Auditor and Auditee

What is Cyber Security Threat?

Any circumstance or event with the potential to

adversely impact organizational operations

(including mission, functions, image, or

reputation), organizational assets, or individuals

through an information system via unauthorized

access, destruction, disclosure, modification of

information, and/or denial of service. Also, the

potential for a threat-source to successfully exploit

a particular information system vulnerability.

--NIST

Cyber Security Threats to

Nepal

Script Kiddies

Hacktivist

Cyber Criminals

Cyber Espionage Groups

What is Script Kiddy?

Script kiddy (sometimes spelled kiddie) is a

derogative term, originated by the more sophisticated

crackers of computer security systems, for the more

immature, but unfortunately often just as dangerous

exploiter of security lapses on the Internet.

Script Kiddies from Nepal

Script Kiddies from Nepal

Script Kiddies from Nepal

Script Kiddies from Nepal

Script Kiddies from Nepal

What is Hacktivist?

A hacktivist is a group or a person who uses the same

tools and techniques as a hacker, but does so in order

to disrupt services and bring attention to a political

or social cause.

Hacktivist from Nepal

Hacktivist from Nepal

Hacktivist from Nepal

What Hacktivist and Script

Kiddie did?

What Hacktivist and Script

Kiddie did?

What Hacktivist and Script

Kiddie did?

What Hacktivist and Script

Kiddie did?

What Hacktivist and Script

Kiddie did?

Honorable Mention

Cybercriminal

A cybercriminal is an individual who commits

cybercrimes, where he/she makes use of the computer

either as a tool or as a target or as both.

Cybercrimes in Nepal

Hacking in Social Network

Security Breached of Nepali Bank

ATM Fraud

Ransomware

Hacking in Social Network

Security Breached of Nepali

Bank

Security Breached of Nepali

Bank

ATM Fraud in Nepal

ATM Fraud in Nepal

ATM Fraud in Nepal

ATM Fraud in Nepal

What is Ransomware?

Ransomware is a malware for data kidnapping, an

exploit in which the attacker encrypts the victim's

data and demands payment for the decryption key.

Azazel Ransomware from Nepal

Azazel Ransomware Forensic

Azazel Ransomware Forensic

Azazel Ransomware Author

Name: Madhav Poudel

Address: Malepatan5, Pokhara

Originally from Synagja

Phone no. +9779846583592

What is Cyber Espionage?

The use of computer networks to gain illicit access to

confidential information, typically that held by a

government or other organization:

Cyber Espionage attack in

Nepal

Cyber Espionage attack

(APT30 ESPIONAGE OPERATION)

Website Security Status of

Nepal

More than 120 Government Websites are hacked and

defaced after 2015 earthquake

Source: http://bhutabe.blogspot.com/2015/04/nepal-web-security-

status.html

Nepalese Financial

Institution Security Breaches

Source: www.rigotechnology.com

Policy, Guidelines and Cyber

Law of Nepal

IT Policy 2000

Nepal Rastra Bank IT Guidelines 2012

Electronic Transaction Act 2007

lacks in Policy, Guidelines

and Cyber Law of Nepal

Cyber Security Policy and Guidelines not mentioned

anywhere

Cyber Security Program not included anywhere

Unfavorable for IT Governance

Unfavorable for Cyber Security Space

Electronic Transaction Act is

incomplete

Electronic Transaction is not a Cyber Law.

Electronic Transaction Act was drafted for Public

Key Infrastructure (PKI) and Digital Signature

Out of 80 clause, only 16 clause is defined for

computer related crime.

Case Study of Carbanak Malware

Attack Performed via Spear phishing

Exploit used Microsoft Office

(CVE-2012-0158 and CVE-2013-3906) and Microsoft Word

(CVE- 2014-1761)

Command and Control (C2) servers located in China have

been identified in this campaign.

Source: https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf

Case Study of Carbanak Malware

Attack Performed via Spear phishing

Exploit used Microsoft Office

(CVE-2012-0158 and CVE-2013-3906) and Microsoft Word

(CVE- 2014-1761)

Command and Control (C2) servers located in China have

been identified in this campaign.

Source: https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf

Who is Responsible?

Lower Level Staff??

System Admin??

Network Admin??

Third Party Vendor??

IT Manager??

HR Manager??

Top Level Executives??

Regulatory Body??

Transferring Liability to

customer

Transferring Liability to

customer

What Electronic Transaction

Says?

Solutions

National IT Governance Policy

National IT Security Governance Policy

Cyber Security Policy and Guidelines for Financial

Institute

Information Security Management Program

Security Awareness