Upload
vudat
View
223
Download
0
Embed Size (px)
Citation preview
CYBER FRAUDTHE NEW FRONTIERS
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC
Principal Consultant
2014 Asia-Pacific Fraud ConferenceNovember 17th 2014 @ Hong Kong
WHO AM I?
• Spoken at Black Hat, High Tech Crime Investigation Association (Asia Pacific Conference), and Economist Corporate Network.
• Risk Consultant for Banks, Government and Critical Infrastructures.
• SANS GIAC Advisory Board Member.
• Co-designed the first Computer Forensics curriculum forHong Kong Police Force.
• Former HKUST Computer Science lecturer.
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC
Principal Consultant
AGENDA
Overview of 2 Prominent Fraud Scenarios
• Phishing / Whaling
• Man-in-the-Browser
Monetization
• Hacker Supply Chain
• Underground Economy
• Money Laundering
Cyber Security Countermeasures
CLASSIC PHISHING AND WHALING COMPARED
Classic Phishing
• Ridiculous contents
• Opportunistic
• Straight-forward financial scam
Whaling
• Make-Believe contents
• Targeted
• Lateral compromises possible,often leads to corporate espionage
SOME MONETIZATION POSSIBILITIES
bank accounts
computer
file server
customer data stored values(e.g. Q-coins, Taobao credit)
credit cards
HACKER SUPPLY CHAIN
Anon Payment
Hacker Tools /
Bulletproof Hosting
MonetizationImplications
• Sophisticated attacks now available to non-experts
• Lower breakeven point for attacks
• More “worthwhile” targets
PHILOSOPHY
Defender’s Dilemma
• Must secure all possible vulnerabilities
Intruder’s Dilemma
• Must evade all detections
Reason’s Swiss Cheese ModelPicture from NICPLD
ESSENTIALS FOR DETECTING CYBER ATTACKS
• Layered defense-in-depth
• Redundant security (e.g. two different brands of FWs)
• Security event correlation (e.g. SIEM)
• Trustworthy logging
• Up-to-date threat intelligence
• Security awareness and reporting channel
• Incident response capability (e.g. CSIRT)