The document summarizes several cyber attacks and security issues faced by South Korea between 2003-2014. It describes hacks against the Bangladesh central bank, South Korean companies like KHNP and cyber threats experienced more broadly by South Korea. The government has established a national cybersecurity system coordinated by the Presidential Office to counter continuous cyber attacks, and works to strengthen capacity through strategic plans, education and international cooperation.
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ransomware Attacks Perspective (pp. 79-82)
Sulaiman Al Amro, Computer Science Department, Computer College, Qassim University, Qassim, Saudi Arabia.
Vol. 18 No. 6 JUNE 2020 International Journal of Computer Science and Information Security
https://sites.google.com/site/ijcsis/vol-18-no-6-jun-2020
Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ransomware Attacks Perspective (pp. 79-82)
Sulaiman Al Amro, Computer Science Department, Computer College, Qassim University, Qassim, Saudi Arabia.
Vol. 18 No. 6 JUNE 2020 International Journal of Computer Science and Information Security
https://sites.google.com/site/ijcsis/vol-18-no-6-jun-2020
Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.
Prepared for the Ethical and Socıal Issues ın Informatıon Systems.
Titles:
What is Cybercrime ?
Types of Cybercrimes.
Cyberbullying.
Online child sexual abuse material.
Facts and statistics.
Protecting your child.
Protecting your computers.
With the advent of Social Media and Internet Technology, children have become vulnerable to cybercrimes such as cyberbullying, cyber stalking and childabuse. This presentation is an eyeopener and spreads awareness about the cyber threats prevalent on internet and gives tips on best practices for ensuring cyber safety and educates the children and the parent on how to deal with such problems .This presentation was delivered recently by Cyber law expert, Karnika Seth in Thiruvanthpuram at a National Consultation on Legislative and Executive measures required to safeguard children online.
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
From corporate crimes to murder, computer place a role in nefarious activities either as a target, medium or containing evidence and thus, requiring specialist with a skill in the various technologies and legal knowledge to gather evidence stored digitally.
Cybercrime Threat Landscape: Cyber Criminals Never SleepIBM Security
A Glimpse into the Cybercrime Underground
In this session, Trusteer’s senior fraud prevention strategist, Etay Maor, will dive into the latest tools, techniques and threats developed and utilized by cybercriminals. The presentation will include a market overview of the latest offerings from the criminal underground, with a deep dive into some of the techniques discussed by cybercriminals, and review how they manifest as real attacks with real examples and case studies. A share of the presentation will also be dedicated to possible mitigation strategies and techniques.
During this webinar you will learn about:
- New malware attack and evasion techniques
- The latest underground offerings on the “fraud as a service” market
- The latest rumors and discussions around malware and malware authors from the underground
- Real-time intelligence and adaptable counter measures
Prepared for the Ethical and Socıal Issues ın Informatıon Systems.
Titles:
What is Cybercrime ?
Types of Cybercrimes.
Cyberbullying.
Online child sexual abuse material.
Facts and statistics.
Protecting your child.
Protecting your computers.
With the advent of Social Media and Internet Technology, children have become vulnerable to cybercrimes such as cyberbullying, cyber stalking and childabuse. This presentation is an eyeopener and spreads awareness about the cyber threats prevalent on internet and gives tips on best practices for ensuring cyber safety and educates the children and the parent on how to deal with such problems .This presentation was delivered recently by Cyber law expert, Karnika Seth in Thiruvanthpuram at a National Consultation on Legislative and Executive measures required to safeguard children online.
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
From corporate crimes to murder, computer place a role in nefarious activities either as a target, medium or containing evidence and thus, requiring specialist with a skill in the various technologies and legal knowledge to gather evidence stored digitally.
Cybercrime Threat Landscape: Cyber Criminals Never SleepIBM Security
A Glimpse into the Cybercrime Underground
In this session, Trusteer’s senior fraud prevention strategist, Etay Maor, will dive into the latest tools, techniques and threats developed and utilized by cybercriminals. The presentation will include a market overview of the latest offerings from the criminal underground, with a deep dive into some of the techniques discussed by cybercriminals, and review how they manifest as real attacks with real examples and case studies. A share of the presentation will also be dedicated to possible mitigation strategies and techniques.
During this webinar you will learn about:
- New malware attack and evasion techniques
- The latest underground offerings on the “fraud as a service” market
- The latest rumors and discussions around malware and malware authors from the underground
- Real-time intelligence and adaptable counter measures
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...Maurice Dawson
Mobile devices are becoming a method to provide an efficient and convenient way to access, find and share information; however, the availability of this information has caused an increase in cyber attacks. Currently, cyber threats range from Trojans and viruses to botnets and toolkits. Presently, 96% of mobile devices do not have preinstalled security software while approximately 65% of the vulnerabilities are found within the application layer. This lack in security and policy driven systems is an opportunityfor malicious cyber attackers to hack into the various popular devices. Traditional security software found in desktop computing platforms, such as firewalls, antivirus, and encryption, is widely used by the general public in mobile devices. Moreover, mobile devices are even more vulnerable than personal desktop computers because more people are using mobile devices to do personal tasks. This review attempts to display the importance of developing a national security policy created for mobile devices in order to protect sensitive and confidential data. Results of this review provide methods to address security related issues in mobile devices.
In the new world of connected healthcare, medical device manufacturers are challenged with cybersecurity issues to comply with the new FDA regulations. We examine the 5 domain areas of cybersecurity which apply to IoT HealthCare Vendors/ Providers.
The Foundations of Social Media Risk Management3Sixty Insights
While most organizations recognize that the use of social media is a popular and often necessary part of modern business, it can be a compliance nightmare. To minimize corporate risk and maximize the benefits of social media, organizations should pursue a risk-sensitive strategy that engages employees and balances exposures, investment costs, and legal obligations.
Mobile apps are the entry point to your web applications, APIs and web services. But sometimes the developer implements security in the mobile app that can easily be bypassed by a malicious attacker, allowing the attacker to exploit your web applications and steal confidential information. In this presentation I will show you how easy it is to attack a mobile application, intercept the communication and exploit the trust model of mobile apps. I will also give an overview of the OWASP Top 10 Mobile Risks.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
Wearing safe: Physical and informational security in the age of the wearable ...Simon Fraser University
Wearable computing devices promise to deliver countless benefits to users. Moreover, they are among the most personal and unique computing devices of all, more so than laptops and tablets and even more so than smartphones. However, this uniqueness also brings with it a risk of security issues not encountered previously in information systems: the potential to not only compromise data, but also to physically harm the wearer. This article considers wearable device security from three perspectives: whether the threat is to the device and/or the individual, the role that the wearable device plays, and how holistic wearable device security strategies can be developed and monitored.
The presentation was used by the Dr. Pratik Desai at his talk at the "Silicon Valley Automotive Open Source" meetup held at HackerDojo on April 7th, 2016.
CNIT 128 Ch 2: Hacking the cellular networkSam Bowne
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
This paper was published in college journal titled as - "Ethical Hacking: Issues and Types of Hackers"
this paper is all about what is ethical hacking? how it becomes compulsory of IT company? what are the types of hackers?
This paper was presented in National Conference on Emerging Issues on Information Technology in Management
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
Cyber terrorists are sophisticated, organized and disruptive to your business. How prepared are you? Explore the landscape of malicious actors most likely to strike your business and what you can do about it.
Perform a search on the Web for articles and stories about social en.pdffasttrackcomputersol
Perform a search on the Web for articles and stories about social engineering attacks or reverse
social engineering attacks. Find an attack that was successful and describe how it could have
been prevented.
Solution
Answer:
As per Computer Weekly, social engineering attacks were the most well-known hacking strategy
utilized as a part of 2015. What\'s more, there\'s no indication of it backing off; in 2016 60
percent of undertakings were casualties of a social engineering attack or something to that affect.
Furthermore, as per EMC, phishing attacks—the least demanding and most normal sort of social
engineering attacks—brought about almost $6 billion in misfortunes in 2013 alone, spread out
finished around 450,000 separate bargains.
Some hurt more regrettable than others, however all brought about a sufficiently genuine shake
up for security directors to recalibrate their regard for the vector, investigate their conventions,
and make teaching staff a best need.
Here\'s our pick for five of the greatest social engineering attacks ever.
5. 2011 RSA SecurID Phishing Attack
Security firms ought to be the most secure targets with regards to a data framework attack, yet
they are likewise delicious focuses on that draw more than what\'s coming to them of endeavors.
In 2011, one of these attacks bit encryption mammoth RSA and prevailing with regards to mesh
hackers profitable data about the organization\'s SecurID two-factor validation coxcombs.
In spite of the fact that RSA at first denied that the data could enable hackers to trade off
anybody utilizing SecurID, protection temporary worker Lockheed Martin soon recognized
hackers endeavoring to rupture their system utilizing stolen SecurID information. RSA retreated
rapidly and consented to supplant a large portion of the disseminated security tokens.
This inconvenience came down to four workers at RSA parent organization EMC. Attackers sent
them email with a satirize deliver implying to be at a vocation enrollment site, with an Excel
connection titled 2011 Recruitment Plan. It wasn\'t clear why the representatives would think
about a spreadsheet from an outsider site, however they opened it—and a zero-day Flash
adventure covered in the spreadsheet introduced indirect access to their work machines that soon
exposed the keys to the kingdom.
4. 2015 Ubiquiti Networks Scam
Not all hackers are searching for touchy data; here and there they simply need chilly, hard
money.
In 2015, Ubiquiti, a particular producer of wifi hardware and software situated in San Jose,
discovered this out the most difficult way possible when their fund division was focused in an
extortion conspire rotating around worker pantomime.
The organization never uncovered precisely how the attack was organized, yet said that the
bookkeeping office got email indicating to be from the organization\'s Hong Kong auxiliary.
Regularly, such emails contain guidelines with respect to changes in installment account points
of interest or new selle.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
Cyberwar is a form of conflict conducted in the digital realm, where nations, organizations, or individuals use cyberattacks and cyber espionage to achieve strategic goals or gain an advantage over their adversaries. Here's a detailed description of the topic:
1. **Definition**: Cyberwar refers to the use of computer-based techniques and tactics to disrupt, damage, or gain unauthorized access to computer systems, networks, and critical infrastructure, often with the intent to exert influence, espionage, or conduct acts of aggression against an adversary.
2. **Goals and Objectives**:
- **Espionage**: One primary objective of cyberwarfare is to gather intelligence by infiltrating the computer networks of other nations, organizations, or individuals.
- **Disruption**: Cyberwarfare can be used to disrupt critical infrastructure, such as power grids, transportation systems, or financial institutions, causing chaos and economic damage.
- **Destruction**: In some cases, cyberattacks may aim to destroy data, systems, or capabilities, causing long-term damage.
- **Psychological Operations**: Cyberwarfare can be used for psychological operations (PsyOps) to manipulate public opinion or create fear and uncertainty.
3. **Methods**:
- **Malware**: The use of malicious software like viruses, worms, Trojans, and ransomware to compromise systems.
- **Phishing**: Deceptive emails or websites that trick individuals into revealing sensitive information like passwords.
- **Denial of Service (DoS) and Distributed Denial of Service (DDoS)** attacks: Overwhelming a target's network or website to render it inaccessible.
- **Advanced Persistent Threats (APTs)**: Long-term, targeted attacks aimed at stealing information or controlling systems.
- **Zero-Day Exploits**: Exploiting vulnerabilities in software or hardware that are not yet known to the vendor.
4. **Attribution Challenges**: Determining the source of cyberattacks can be difficult due to the use of proxy servers, false flags, or the involvement of non-state actors.
5. **International Laws and Norms**: The legal framework for cyberwar is still evolving. Nations are working to establish rules and norms governing state behavior in cyberspace.
6. **Escalation and Deterrence**: The use of cyberweapons raises concerns about escalation and deterrence. The lack of clear boundaries in cyberspace can lead to unintended consequences.
7. **Notable Examples**:
- Stuxnet: A computer worm allegedly developed by the United States and Israel to sabotage Iran's nuclear program.
- NotPetya: A ransomware attack in 2017 that caused widespread damage, initially believed to be a cyberattack by Russia against Ukraine.
- SolarWinds: A supply chain attack discovered in 2020, attributed to Russian hackers, which compromised numerous U.S. government and private sector.
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
Understand the cyber threat facing APAC organisations, current legislation and how to utilise international standards to get your business cyber secure in this informative webinar, hosted by Alan Calder.
Contact
CSCSS / Centre for Strategic Cyberspace + Security Science
Washington D.C + 571.451.0312
London, United Kingdom +44 2035141784
Australia +61 2 8003 7553
North America +877.436.6746
Middle East + 855.237.8767
The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda.
In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.
IT Security and Wire Fraud Awareness Slide DeckDon Gulling
A presentation on IT security, wire fraud and trends in information technology. The information is focused on making the audience aware of the new threats, how to protect against them, and what measures you can take to keep your critical information secure.
Chinese Cyber attack on mumbai power plantRohanMistry15
Chinese Cyber Exploitation in India’s Power Grid. On Feb. 28, 2021 The New York Times (NYT), based on analysis by a U.S. based private intelligence firm Recorded Future, reported that a Chinese entity penetrated India’s power grid at multiple load dispatch points. Chinese malware intruded into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant.
This session provides a comprehensive overview of the latest updates to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (commonly known as the Uniform Guidance) outlined in the 2 CFR 200.
With a focus on the 2024 revisions issued by the Office of Management and Budget (OMB), participants will gain insight into the key changes affecting federal grant recipients. The session will delve into critical regulatory updates, providing attendees with the knowledge and tools necessary to navigate and comply with the evolving landscape of federal grant management.
Learning Objectives:
- Understand the rationale behind the 2024 updates to the Uniform Guidance outlined in 2 CFR 200, and their implications for federal grant recipients.
- Identify the key changes and revisions introduced by the Office of Management and Budget (OMB) in the 2024 edition of 2 CFR 200.
- Gain proficiency in applying the updated regulations to ensure compliance with federal grant requirements and avoid potential audit findings.
- Develop strategies for effectively implementing the new guidelines within the grant management processes of their respective organizations, fostering efficiency and accountability in federal grant administration.
What is the point of small housing associations.pptxPaul Smith
Given the small scale of housing associations and their relative high cost per home what is the point of them and how do we justify their continued existance
ZGB - The Role of Generative AI in Government transformation.pdfSaeed Al Dhaheri
This keynote was presented during the the 7th edition of the UAE Hackathon 2024. It highlights the role of AI and Generative AI in addressing government transformation to achieve zero government bureaucracy
Russian anarchist and anti-war movement in the third year of full-scale warAntti Rautiainen
Anarchist group ANA Regensburg hosted my online-presentation on 16th of May 2024, in which I discussed tactics of anti-war activism in Russia, and reasons why the anti-war movement has not been able to make an impact to change the course of events yet. Cases of anarchists repressed for anti-war activities are presented, as well as strategies of support for political prisoners, and modest successes in supporting their struggles.
Thumbnail picture is by MediaZona, you may read their report on anti-war arson attacks in Russia here: https://en.zona.media/article/2022/10/13/burn-map
Links:
Autonomous Action
http://Avtonom.org
Anarchist Black Cross Moscow
http://Avtonom.org/abc
Solidarity Zone
https://t.me/solidarity_zone
Memorial
https://memopzk.org/, https://t.me/pzk_memorial
OVD-Info
https://en.ovdinfo.org/antiwar-ovd-info-guide
RosUznik
https://rosuznik.org/
Uznik Online
http://uznikonline.tilda.ws/
Russian Reader
https://therussianreader.com/
ABC Irkutsk
https://abc38.noblogs.org/
Send mail to prisoners from abroad:
http://Prisonmail.online
YouTube: https://youtu.be/c5nSOdU48O8
Spotify: https://podcasters.spotify.com/pod/show/libertarianlifecoach/episodes/Russian-anarchist-and-anti-war-movement-in-the-third-year-of-full-scale-war-e2k8ai4
Many ways to support street children.pptxSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
2024: The FAR - Federal Acquisition Regulations, Part 37
Focus on cyber threats in hacking cycle
1. Security FIRST
- International Cooperation in Cyber Security -
School of Information Security, Korea University
former Special Adviser to the President for National Security
Lim, Jong In
2015.06.13. FIRST
2. / 25
$81 million dollar deposit was stolen via a forged message instructing that
some of the Bangladesh Central Bank’s deposit in the Federal Reserve Bank
of New York should be transferred
Recent Issues – SWIFT Hacking
Bangladesh Cyber Theft
Feb. 2016. Hackers stole $81 million
from the Bangladesh Central Bank’s
official account at the Federal
Reserve Bank of New York
New York Fed announced that the
transfer of the money had been
“fully authenticated” by
SWIFT(international financial
messaging system)
Bangladesh's central bank was
vulnerable to hackers because it did
not have a firewall and used second-
hand, $10 switches for network
computers connected to SWIFT
Source : NYT, Reuter
2
3. / 25
Continuous hacking attempts against
SWIFT and assumed mastermind
According to the malicious code analysis
by IssueMakersLab in Korea, the file
deletion function codes of the following
malicious codes are similar, making us
assume that the attacks were launched by
the same group:
- February 2016 :Bangladesh Central Bank
- December 2015 : Vietnam’s Commercial Bank
- November 2014 : Sony Pictures
- June 2013: Press in Korea
Since the analysis results of Symantec
also show high similarity to the Sony
Pictures malicious code, North Korea is
assumed to be the mastermind
There were SWIFT hacking attempts against 8 banks besides Bangladesh Central Bank.
The incident is believed to be the work of North Korean hackers, judging from the
similarity of the malicious code to that in the Sony Pictures hacking incident.
3
Recent Issues – SWIFT Hacking
4. / 25
Korea is experiencing a social problem due to the spread of ransomware
that exploits the vulnerability of major online community advertising banners
Spread of ransomware targeting
online communities in Korea
Distributing ransomware among major online
communities in Korea
- Crypt0L0cker randomware was distributed on
Clien.net in April 2015
- UltraCrypter randomware was distributed on
PPOMPPU.co.kr in June 2016
Both sites are representative online communities
in Korea (ranked 12th and 13th in web traffic
volume), and several hundred million worth of
damages were reported
Both malicious codes require BitCoin deposit,
and it is difficult to respond due to difficulty in
tracing back
Since BitCoin deposit is not confirmed for
UltraCrypter, recovery is expected to be
impossible
Recent Issues - Ransomware
4
5. / 25
Korea is the third affected countries of the LOCKY ransomware
Recent Issues - Ransomware
5
Source : FireEye
6. / 25
Sony Pictures Entertainment was hacked before its release of
‘The Interview’, a movie that plans to assassinate North Korea’s leader
Overview of the Sony Pictures Hacking
• Sony Pictures Entertainment’s internal
system was breached and some of its
data was leaked in November, 2014.
• Leaked data includes, among others:
- personal information of employees
- e-mails among employees
- information on executive salaries
- copies of unreleased Sony films
• The hackers called themselves the
"Guardians of Peace" and demanded the
planned release of the film ‘The
Interview’, a comedy on a plot to
assassinate North Korean leader Kim
Jong-un, be cancelled
6
Recent Issues – Sony Pictures
7. / 25
The U.S. attributed the Sony Picture hack to North Korea, calling
it ‘Cyber Vandalism,’ and took a series of actions in response
U.S. Government’s Reaction
• On December 19th, 2014, F.B.I. published
an investigative report on the hack, in
which it identified North Korea as the
perpetrator
• President Obama called the hack ‘Cyber
Vandalism’ and claimed that the U.S.
weighed proportionate response to the
attack
• North Korean websites were shut down,
allegedly by cyber attacks orchestrated
by the U.S.
• President Obama sanctioned North
Korea’s Directorate of Reconnaissance
7
Recent Issues – Sony Pictures
8. / 25
Korea Hydro & Nuclear Power(KHNP) was threatened to be destroyed
by a hacker who claimed to have hacked its control system
KHNP Hacking Overview
In December 2014, a hacker who
claimed to be against nuclear power
development posted some of KHNP’s
confidential data on his internet blog
The hacker claimed that he had
breached into KHNP’s internal control
system and threatened that he would
destroy KHNP’s nuclear power plants
unless it shut them down itself
Investigation by South Korean
government and KHNP found no
evidence of intrusion into KHNP’s
control system. There has not been
any cyber attack on the Nuclear
Power plant thereafter
Recent Issues – KHNP
8
9. / 25
South Korean government’s investigation unit alleged North Korea
of having perpetrated the hack with a Chinese IP address
South Korean Government’s Reaction
On December 20th, 2014, a government
team was assembled to probe into the
hack
The team found that the hacker had
accessed VPN in South Korea via proxy
IP address in Shenyang, China. Having
failed to hack KHNP directly, the hacker
sent phishing emails to partners of
KHNP and retired employees
On December 24th, 2014, the
investigation team requested cooperation
from the Chinese Police
On March 17th, 2015, the government
team presented an interim probe result,
which suggested that North Korea had
orchestrated the hack
Hacker in
North Korea
VPN in
South Korea
Access via
Proxy IP Address
in Sunyang, China
Hacking Failed
(Sent 6,000
Phishing Emails)
Hacked partners of
KHNP and retired
employee’s of KHNP
Used vulnerabilities of
Hangul (Wordprocessor)
9
Recent Issues – KHNP
10. / 25
Case of South Korea - Cyber Threats that S.Korea faces
South Korea has had numerous cyber attacks since 2009, but
failed to identify and prosecute suspects for any of the attacks
Year Cyber attacks on S.Korea
2003
1.25 Internet Intrusion : Korea's major internet networks went down due to the Slammer Worm taking
advantage of vulnerabilities of Microsoft's SQL servers
2009
7.7 DDoS Attack : Three DDoS attacks from July 7th to 10th paralyzed the major government sites
including website of the Presidential Office
2010
2012
GPS Disturbance : From 2010 to 2012, GPS disturbance occurred annually, causing signal interference
and damage to GPS receivers in private and military sectors, including those in Korea
Telecom's base stations
2011
3.4 DDoS Attack : DDoS attacks on 40 local websites, including those of major portals, government
offices, the Ministry of National Defense and financial institutions
2011
NH Bank's Cyber Terror : NH Bank's internal data and server system were damaged. Service
access paralyzed entirely or partially
2013 3.20 Cyber Terror : Major local broadcasters' and six financial institutions' computer networks went down
2013
6.25 Cyber Terror : The Presidential Office website, major government websites, media and
political parties’ websites were under cyber attacks
2014
Hacking on KHNP : KHNP's blueprints and operating methods for nuclear power stations were leaked
on the internet
~
10
11. / 25
South Korea established a comprehensive national system to counter
cyber threats, controlled and coordinated by the Presidential Office
Case of South Korea – Countering Cyber Threats
Presidential Office
National Security Council
National Cyber
Defense
Secretary to the President
for National Cyber Security
National
Cyber Security
Center
Ministry of
Defense
Cyber Crime
National Police
Agency
Cyber Security
for Civil Sector
Ministry of
Science, ICT and
Future Planning
Privacy,
Cyber Security
For Public Sector
Ministry of
Gov Administration
and Home Affairs
Cyber Terror,
CIP
National
Intelligent Service
11
12. / 25
While receiving cyber attacks continuously, the Korean government is
endeavoring to strengthen national cyber security continuously by setting up
strategies and plans to respond to such cyber attacks
• Recognized the necessity of responding to information security issues including
personal information protection due to the Auction hacking incident in 2008
• Aimed to establish a social safety network by improving policies and building infrastructure by 2010
• It was recognized that a cyber attack can threaten national security due to the 7.7 DDoS attack in 2009
• Obtained good results, such as establishment of the cyber security government system and
definition of roles and responsibilities by department
• Recognized the necessity of an effective response method due to the 3.4 DDoS Incident and
Nonghyup Computer Problems in 2011
• Obtained good results, such as awareness improvement, outsourcing company management,
and implementation of the S/W security vulnerability diagnosis system
• Recognized the necessity of integrating cyber capabilities distributed among government
departments due to the 3.20 and 6.25 Cyber Terror
• Established the organizational structure (the Blue House plays the role of control tower, and the
National Intelligence Service supervises hands-on work) and prepared personnel fostering plans
• Recognized the necessity of protecting cyberspace safely following the Korea Hydro & Nuclear
Power hacking incident
• Strengthened the cyber security control tower function of the National Security Office, newly
established a dedicated pan-government cyber security organization
Mid-term
comprehensive
information security
plan (2008)
Comprehensive
measures
against the national
cyber crisis (2009)
National cyber security
master plan (2011)
Comprehensive
national cyber security
measures (2013)
National cyber security
posture and capability
strengthening plan
(2015)
Case of South Korea – Countering Cyber Threats
12
13. / 25
High volume, high velocity, high variety
information assets that require new forms of
processing to make more meaningful information
Data Volume : 2.7 ZB (2012) → 7.9 ZB (2015)
Model for enabling ubiquitous, convenient,
on-demand network access to a shared pool of
configurable computing resources
IaaS(Infra), PaaS(Platform), SaaS(Service)
Network of physical objects or "things" embedded
in electronics, software, sensors and connectivity
26 billion devices on the IoT by 2020 (Gartner)
Wearable Devices, Smart Car, etc.
ICT Development and Evolving Cyber Threats
As ICT development begets new technologies such as
IoT, Big Data, and Cloud Computing
ICT
Development
Connection
Personalized
Data
Digitalized
Convergence
IoT
Cloud
Computing
Big
Data
13
14. / 25
ICT Development and Evolving Cyber Threats
European Commission’s Next Generation Computing predicts that ICT
will evolve to IoT Environment through Embedded system and CPS
Vision : Internet of Things, Data & Services
(e.g. Smart Cities)
Cyber-Physical Systems
(e.g. Intelligent Networked Road Junction)
Network Embedded System
(e.g. Autonomous Aviation)
Embedded Systems
(e.g. AirBag)
Source : NGC Study, 2013, EUTEMA
14
15. / 25
ICT Development and Evolving Cyber Threats
In a hyperconnected society where various new ICT applications are
adopted, threats to the new applications are anticipated
Smart Home Appliance
ICT added home appliances for remote
control and efficiency, and convenience
Hacked or Demonstrated Cases
- Refrigerator hacked to send spam emails (2014)
- Philips LED Lighting hacking demonstration
(Dhanjani, 2013)
- Web Camera Exposed (BBC, 2014)
Smart Healthcare
Using body-measured information by using
wearable devices and medical equipment
Hacked or Demonstrated Cases
- Breakpoint Security Conference, Pacemaker
Hacking Demonstration (2012)
- BlackHat USA, Insulin Pump Hacking
Demonstration (2013)
Smart Car
IT component and services are integrated
into automobiles for information gathering
and remote control
Hacked or Demonstrated Cases
- U.S. EmbeddedSecurityCenterDemonstration(2010)
- Korea University Demonstration (2012)
- BlackHat USA Demonstration (2014)
Smart Energy
Increasing energy efficiency by managing
information such as SmartGrid, Smart
Buildings
Hacked or Demonstrated Cases
- Puerto Rico SmartMeter Tempering (2009)
- ‘Dragonfly’ Backdoors in U.S. and Europe Power
Grid Control Systems (2014)
Threats
in a
Hyperconnected
Society
15
16. / 25
Cyber Threat Trends
Cyber threat is becoming more intentional, destructive, targeted,
and external in origin
Accidental Intentional
Failure Attack
Random Targeted
Internal Origin External Origin
Technical Human
Source : Korea Internet & Security Agency
16
17. / 25
Cyber-related threats are selected as a high-priority risk factor in the “Global Risks
Report 2016” published by the World Economic Forum (World Risk) in Jan., 2016
Source : World Economic Forum
Global Risk Report 2016
- About 750 experts in each area selected global
risks that can affect the world economy based on
likelihood and impact
- Among the 29 global risks presented, technological
threats include adverse consequences of
technological advancement, breakdown of critical
information infrastructure, cyber attacks, and data
fraud and theft
- As dependency on cyber increases, the likelihood
and impact of risk related to cyber were rated
significantly high; risk connectivity and mutual
impact with other major threats were rated highly
as well
- The evaluation suggests that cyber attacks can
affect the economy considerably, and that the
financial industry is required to have the response
capability and level matching the risk level
Cyber Threat Trends
17
18. / 25
International Cooperation
International cooperation ha are being developed, yet the outcome of
cooperation is insufficient to countering cyber threats
Cooperation between two States that have common interests
e.g.) US – China Cyber Working Group
Bilateral
Cooperation
Cooperation among States in the region
e.g.) ASEAN Regional Forum
Regional
Cooperation
Cooperation through International Organizations e.g.) UN GGE
Conventions, Treaties or Laws e.g.) Convention on Cybercrime
International
Cooperation
Cooperation in Military or National Defense Aspects
e.g.) NATO Cooperative Cyber Defense Centre of Excellence
EU Cyber Defence Policy Framework
ANZUS Treaty applies to Cyber attacks
China - Russia Non Aggression Pact for Cyberspace
Military
Aspect
Cooperation
18
19. / 25
International Cooperation
Budapest Convention on Cybercrime came into force in 2001, which includes
substantial/procedural articles of cybercrime regulation and international
cooperation procedure
< Status as of May, 2016 >< Major Implications>
• The First legally-binding international
instrument to comprehensively
address the cybercrime issues
• Scope of the Convention
- Criminalising Conduct
: Illegal Activities / Fraud / Interference /
Child Pornography / etc.
- Procedural tools
: Preservation / Search and Seizure /
Interception of Data
- International Cooperation
: Mutual Legal Assistance Treaties, Point of
Contact
49 13
68
6
19
20. / 25
International Cooperation
Seoul Framework on ‘Seoul Conference on Cyberspace 2013’ , UN GGE
Recommendations & Reports can be the base of international cooperation
< Seoul Framework > < UN GGE Report A/70/174 >
• Cyberspace
- Economic Growth, Social and Cultural Benefits
• International Security
- Promote voluntary confidence-building and
transparency measures
• Cybercrime
- Law enforcement cooperation in the investigation
and prosecution of international cases
• Capacity Building
- Enhance efforts to close the digital divide
• Responsible behaviour of States
- Voluntary, non-binding norms of responsible
State behaviour
• Confidence-building measures
- Adopt existing Guidelines for CBM
• ICT Security Capacity-Building
- International community to work together for assistance
• International Law applies to Cyberspace
- The adherence by States to international law is
an essential framework
20
21. / 25
Capacity Building
Effort to build capacity to defend one’s own cyberspace
Governance,
Role & Responsibility
Setting a national cyber security
governance framework
Identify the role and jurisdiction
of each agency within the cyber
security governance structure
Research & Development
Acquisition of various cyber security
technologies
- Digital forensic and cyber
investigation tools
- Cyber genome or cyber map
- Count cyber threat technologies
Education
Cultivating and securing cyber
security experts is key to promoting
national cyber security
- Cyber education for teens
- Cyber security department in
university
- Training course for employees
Cooperation
State-level cooperation
- Inter-agency cooperation
- Public-private partnership
International-level cooperation
- International organizations, Conventions
or cooperation between States
Cyber
Security
Capacity
Building
21
22. / 25
Conclusion
To deter the rapid growth of cyber threats, it is important for each State
to build its own capacities and yet cooperate internationally
Each State’s Effort to Deter Cyber Threats
Evolving Cyber Threats Increasing Dependence on ICT
· Cyber threats are getting more
sophisticated and targeted
· Cyber threats are one of the most
serious threats that most States face
· New technologies such as IoT, Big
Data and Cloud computing are
being used
· States’ increasing dependence on ICT
International
Cooperation
Capacity
Building
22
23. / 2523
FIRST is a multi-stakeholder network participated in by more than 350 CERT teams
in 75 countries, and it can play a key role in global cyber security cooperation.
Conclusion - Possibility of FIRST
24. / 25
The achievement and role of FIRST in cyber security and the developmental
direction as a major subject of global cyber security need to be sought
Counter-
Threat
Cooperation
Information
Sharing
Capacity
Building
Private
Public
Partnership
Security
FIRST
Cooperation in responding
to cyber threats
Information sharing such as
infringement status and
exemplary cases related to cyber
infringement and threat
Infringement/Threat
information sharing
Laying the basis for the
private/public cooperation system
as a cooperation organization of
the multi-stakeholder CERT
Basis of private/public
cooperation system
Strengthening the overall cyber
security level by training and
providing technical support to
the less capable CERTs
Support capacity building
Possibility of joint response
based on voluntary cooperation,
if cyber threats occur
Conclusion - Possibility of FIRST
24