Cybercrimes against the korean online banking systems 1227 eng_slideshare


Published on

ISOI11 in L.A U.S

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cybercrimes against the korean online banking systems 1227 eng_slideshare

  1. 1. CybercrimesagainsttheKoreanonlinebankingsystems2013. 01. 10YoungjunChang(,CISSPASEC(AhnLabSecurityEmergencyresponseCenter)HayoungYang(
  2. 2. WhatisAhnLab??
  3. 3. BusinessPortfolioofAhnLabENDPOINTSECURITYNETWORKSECURITYMOBILESECURITYTRANSACTIONSECURITYCONSULTINGSERVICEFORENSICS &INCIDENTRESPONSEMANAGEDSECURITY SERVICEWEBSECURITYENDPOINT SECURITYV3 Internet SecurityV3 365 ClinicV3 Net for Windows ServerV3 Net for Unix/Linux ServerAhnLab TrusLineNETWORK SECURITYAhnLab TrusGuardAhnLab TrusGuard DPXAhnLab TrusManagerAhnLab TrusAnalyzerAhnLab TrusZoneAhnLab TrusWatcherMOBILE SECURITYAhnLab V3 MobileAhnLab V3 Mobile EnterpriseAhnLab Mobile CenterAhnLab V3 Mobile + for TransactionTRANSACTION SECURITYAhnLab Online SecurityAhnLab HackShield for Online GameMANAGED SECURITY SERVICEAhnLab Policy CenterAhnLab Policy Center ApplianceAhnLab Policy Center Patch Management
  4. 4. Contents01 Financial Cybercrime1) FinancialCybercrime Malware2) FinancialCybercrime Malware isuselessinKorea02 Korean Online Banking Systems1) OnlineBankingandMobileBankinginKorea2) PolicytoinstallSecuritySoftwareinBankwebsiteinKorea3) OnlineBankingprocessinKorea
  5. 5. Contents03 Financial Cybercrime in Korea1) FinancialCybercrimeStatus2) BankingMalwarein20073) SpreadwaysofBankingMalwarein20124) BankingMalwareinJune20125) BankingMalwareinSeptember201204 Summary1) FinancialCybercrimeTimelineinKorea2) BankingMalwareFeatures
  6. 6. 01 FinancialCybercrime
  7. 7. 1)FinancialCybercrime Malware Financial Cybercrime increasing due to the increase in online financial service Zeus, Spyeye and Citadel infections high in Europe and U.S.A Financial Cybercrime Malware widely spread from PC to smartphone
  8. 8. 2)FinancialCybercrime Malware isuselessinKorea Most Financial Cybercrime Malware is useless in Korea Most Financial Cybercrime Malware’s target is bank in Europe and U.S.A Europe, U.S.A and Korea have different online banking systems and processWebsitesofSpyeye’stargetandbelongtocountries(2012-04)
  9. 9. 02 Korean Online BankingSystems
  10. 10. 1)OnlineBankingandMobileBankinginKorea Online Banking and Mobile Banking is the usual banking of Korean people Bank can support Mobile Banking in iPhone, Android and Windows Phone Banking user must have bank user ID, PKI and Security Card or OTP in 2 waysMobileBankingApp,PKIManagerandSecurityCardPKIPKIPassword
  11. 11. 2)PolicytoinstallSecuritySoftwarefromBankwebsiteinKoreaAutomatesecuritysoftwareinstallationfromBankwebsite When banking user connect bank website, automate security softwareinstallation Korean Government have a policy to automate security software installation inbank website Security software is Anti-Virus, Personal Firewall and Secure Keystroke Some bank can support another security service for their customersAnti-Virus and Personal Firewallsecurity softwareSecure Keystroke software
  12. 12. 3)OnlineBankingprocessinKoreaInstallingSecuritySoftwareCheckinguser ID andpasswordCheckingpasswordfor bankaccountCheckingpassword formoney transferCheckingsecuritycardnumbersCheckingPKI andPKIpasswordNotifyingaccountowner bySMS Korean online banking process have 8 steps If banking user don’t have any keyboard and mouse input in 10 mints, automatelogout in bank website If banking user have 3 times password error, bank account automate lock
  13. 13. 03 FinancialCybercrimeinKorea
  14. 14. 1)FinancialCybercrimeStatus Before 2012, Voice Phishing and Messenger Phishing are serious problem In 2011, the amount of damage of Voice Phishing had USD 1.12 million In 2012, PC, Mobile Phishing and Banking Malware are slowly increasing In Oct 2012, the first Android Malware related with Financial CybercrimeSMSMobilePhishing,MobilePhishingwebsiteandAndroidMalwareHello it’s KB Bank. For thesecurity reasons please accessto the website below
  15. 15. 2)BankingMalwarein2007 In 2007, the first Banking Malware found in Korea It didn’t leak PKI password and Security Card NumbersIn2007,BankingMalwareleakbankinginformation
  16. 16. 3)SpreadwaysofBankingMalwarein2012 In 2012, the first and Second variant of Banking Malware found in Korea It use various ways to infect PC more than in 20071) Application VulnerabilityJAVA - CVE-2011-3544, CVE-2012-0507, CVE-2012-5076Adobe Flash Player - CVE-2011-2140, CVE-2012-0754Windows Media Player - MS12-004Internet Explorer - MS10-0182) Fake video-sharing websiteDisguising video player setup file in fake video-sharing website3) Change P2P program setup file to Banking MalwareChange uTorrent setup file to Banking MalwareChange Korean P2P program setup file to Banking Malware4) Google Code webpageBanking Malware upload in Google code webpage, redirecting from otherwebsite
  17. 17. 4)BankingMalwareInJune2012(1) Banking Malware leak banking information for transfer moneyInJune2012,BankingMalwareleakbankinginformation
  18. 18. 4)BankingMalwareInJune2012(2) Banking Malware make Fake PKI manager to leak PKI files and PKI password Banking Malware check PKI folder in every driver, including USB
  19. 19. 4)BankingMalwareInJune2012(3) When banking user connect bank website, redirect phishing website Phishing website lead banking user input whole banking informationLeakallbankinginformationinPhishingBankwebsite
  20. 20. 5)BankingMalwareInSeptember2012(1) Banking Malware leak personal information to reissue PKI filesInSeptember2012,BankingMalwareleakbankinginformation
  21. 21. 5)BankingMalwareInSeptember2012(2) First, Phishing Bank website leak name and social numberLeaknameandsocialnumberinphishingbankwebsite
  22. 22. 5)BankingMalwareInSeptember2012(3) Second, Phishing Bank website leak all banking information and phone numberLeakallbankinginformationandphonenumberinPhishingBankwebsite
  23. 23. 5)BankingMalwareInSeptember2012(4) It leaked personal information and banking information, to reissue PKI filesAttackerreissuePKIfiles,moneytransfer
  24. 24. 04 Summary
  25. 25. 1)FinancialCybercrimeTimelineInKorea In 2007, Banking Malware was a kind of proof of concept in Korea Before 2012, Voice Phishing was serious problem in Korea In 2012, PC, Mobile Phishing and Banking Malware are slowly increasingIn 2007,BankingMalwareBefore 2012,VoicePhishing isseriousIn April 2012,Phishingwebsite increaseIn June 2012,Banking MalwareincreaseIn October 2012,Financial AndroidMalware
  26. 26. 2)BankingMalwarefeatures After the first banking malware found in 2007, it understand Korean bankingsystems well In June 2012, Banking Malware leak banking information for transfer money In Sept 2012, Banking Malware leak banking and personal information, it couldmake another kind of Cybercrimes, in the near future Korean Banking Malware relate with Phishing website to leak bankinginformationDateBanking MalwaretypeChange hostsfileLeak Security CardnumbersLeak PKI filesLeak PKIpasswordCheck PKI folder2007 EXE(1), DLL(1) O XWhole PKI folderand filesX Static location2012.06 EXE(2), INI(1) O O Some PKI files OEvery drivers andUSB2012.09 EXE(1) X O X O XKoreanBankingMalwarefeatures
  27. 27. thank you.