cyber fraud - the new frontiers
TRANSCRIPT
![Page 1: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/1.jpg)
CYBER FRAUDTHE NEW FRONTIERS
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISCPrincipal Consultant
2014 Asia-Pacific Fraud ConferenceNovember 17th 2014 @ Hong Kong
![Page 2: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/2.jpg)
WHO AM I?
• Spoken at Black Hat, High Tech Crime Investigation Association (Asia Pacific Conference), and Economist Corporate Network.
• Risk Consultant for Banks, Government and Critical Infrastructures.
• SANS GIAC Advisory Board Member.
• Co-designed the first Computer Forensics curriculum forHong Kong Police Force.
• Former HKUST Computer Science lecturer.
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISCPrincipal Consultant
![Page 3: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/3.jpg)
FOCUS
• Cyber Fraud• External Fraud• Mechanisms and Facilitators
![Page 4: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/4.jpg)
AGENDA
Overview of 2 Prominent Fraud Scenarios• Phishing / Whaling• Man-in-the-Browser
Monetization• Hacker Supply Chain• Underground Economy• Money Laundering
Cyber Security Countermeasures
Copyright © 2014 Albert Hui
![Page 5: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/5.jpg)
PHISHINGFROM AN END-USER PROBLEMTO A CORPORATE PROBLEM
![Page 6: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/6.jpg)
CLASSIC PHISHING SCAM:NIGERIAN LETTER
Copyright © 2014 Albert Hui
![Page 7: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/7.jpg)
ADVANCED FEES SCAMIS 200+ YEARS OLD
“Spanish Prisoner” scam letter from 1905
Copyright © 2014 Albert Hui
![Page 8: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/8.jpg)
PHISHING EVOLUTION
more targetedmore transparent
spear phishing
phishing
whalingpharming
Copyright © 2014 Albert Hui
![Page 9: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/9.jpg)
WHALING EXAMPLE
trojanCopyright © 2014 Albert Hui
![Page 10: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/10.jpg)
CLASSIC PHISHING AND WHALING COMPARED
Classic Phishing• Ridiculous contents
• Opportunistic
• Straight-forward financial scam
Whaling• Make-Believe contents
• Targeted
• Lateral compromises possible,often leads to corporate espionage
Copyright © 2014 Albert Hui
![Page 11: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/11.jpg)
CYBER KILL CHAIN
Recon Weaponize Deliver Exploit Install C2 Action
Copyright © 2014 Albert Hui
![Page 12: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/12.jpg)
MONETIZATIONTURNING EXPLOITS INTO CASH
![Page 13: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/13.jpg)
SOME MONETIZATION POSSIBILITIES
bank accounts
computer
file server
customer data stored values(e.g. Q-coins, Taobao credit)
credit cardsCopyright © 2014 Albert Hui
![Page 14: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/14.jpg)
MAN-IN-THE-BROWSER ATTACK:SPOOFED SCREENS
trojan (e.g. Zeus)Copyright © 2014 Albert Hui
![Page 15: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/15.jpg)
MAN-IN-THE-BROWSER ATTACK:REAL-TIME REDIRECT
trojan (e.g. Zeus)Copyright © 2014 Albert Hui
![Page 16: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/16.jpg)
FOOD CHAIN
Fraud Rings(can launder money
“safely”)
Hackers(cannot)
Copyright © 2014 Albert Hui
![Page 17: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/17.jpg)
MONEY LAUNDERING
![Page 18: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/18.jpg)
MONEY MULES
Copyright © 2014 Albert Hui
![Page 19: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/19.jpg)
STORED VALUES
Copyright © 2014 Albert Hui
![Page 20: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/20.jpg)
HACKER SUPPLY CHAIN
Anon Payment
Hacker Tools /
Bulletproof Hosting
MonetizationImplications• Sophisticated attacks now available to
non-experts
• Lower breakeven point for attacks
• More “worthwhile” targets
Copyright © 2014 Albert Hui
![Page 21: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/21.jpg)
UNDERGROUND ECONOMY
![Page 22: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/22.jpg)
BITCOIN FOR MONEY LAUNDERING
Dark Wallet
CoinJoin
Copyright © 2014 Albert Hui
![Page 23: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/23.jpg)
HIDDEN INTERNET
Dark Net / Deep Web Silk Road
The OnionRouter
Copyright © 2014 Albert Hui
![Page 24: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/24.jpg)
CYBER SECURITY COUNTERMEASURES
![Page 25: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/25.jpg)
PHILOSOPHY
Defender’s Dilemma• Must secure all possible vulnerabilities
Intruder’s Dilemma• Must evade all detections
Reason’s Swiss Cheese ModelPicture from NICPLD
Copyright © 2014 Albert Hui
![Page 26: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/26.jpg)
ESSENTIALS FOR DETECTING CYBER ATTACKS
• Layered defense-in-depth• Redundant security (e.g. two different brands of FWs)• Security event correlation (e.g. SIEM)• Trustworthy logging• Up-to-date threat intelligence• Security awareness and reporting channel• Incident response capability (e.g. CSIRT)
Copyright © 2014 Albert Hui
processpeople
technology
![Page 27: Cyber Fraud - The New Frontiers](https://reader035.vdocuments.mx/reader035/viewer/2022062419/55908e4e1a28ab8c6d8b46b3/html5/thumbnails/27.jpg)
ANY QUESTIONS?
???