Internet threats and issues in korea 120325 eng_slideshare


Published on

ISOI10 in Montreal Canada

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Internet threats and issues in korea 120325 eng_slideshare

  1. 1. InternetThreatsandIssuesinKorea2012. 04. 13YoungjunChang(,CISSPASEC(AhnLabSecurityEmergencyresponseCenter)AhnLab
  2. 2. WhatisAhnLab??
  3. 3. BusinessPortfolioofAhnLabENDPOINTSECURITYNETWORKSECURITYMOBILESECURITYTRANSACTIONSECURITYCONSULTINGSERVICEFORENSICS &INCIDENTRESPONSEMANAGEDSECURITY SERVICEWEBSECURITYENDPOINT SECURITYV3 Internet SecurityV3 365 ClinicV3 Net for Windows ServerV3 Net for Unix/Linux ServerAhnLab TrusLineNETWORK SECURITYAhnLab TrusGuardAhnLab TrusGuard DPXAhnLab TrusManagerAhnLab TrusAnalyzerAhnLab TrusZoneAhnLab TrusWatcherMOBILE SECURITYAhnLab V3 MobileAhnLab V3 Mobile EnterpriseAhnLab Mobile CenterAhnLab V3 Mobile + for TransactionTRANSACTION SECURITYAhnLab Online SecurityAhnLab HackShield for Online GameMANAGED SECURITY SERVICEAhnLab Policy CenterAhnLab Policy Center ApplianceAhnLab Policy Center Patch Management
  4. 4. Contents01 Malware Trends in Korea1) 2011MalwareInfectionStatus2) 2011MalwareInfectionType02 Internet Threats and Issues in Korea1) APT(AdvancedPersistentThreat)2) MobileThreats3) DDoSAccidents4) ApplicationVulnerability5) SocialNetworkThreats
  5. 5. 01 Malware Trends in Korea
  6. 6. 1)2011MalwareInfectionStatus Almost 2 billion(177,473,697) infections were reported in 2011 Infection increased over 18% than 2010(146,097,262) Since October, malware using web application vulnerabilities are increasing2011 MonthlyMalwareInfectionStatus
  7. 7. 2)MalwareTypeinKorea2011(1) 2011 Infection Report : Trojan 42.1%, Script 17.4%, Worm 11.6% 2011 New Malware Type : Trojan 62%, Adware 16%, Dropper 7% Script malwares are using vulnerabilities of Web Brower and Web Application Increase of malware using vulnerabilities of Adobe Flash, Java and MS12-004 infirst quarter 2012Reported MalwareTypesin2011 NewMalwareTypesin2011
  8. 8. 2)MalwareTypeinKorea2011(2) Almost every malwares are script related files in TOP10 list in 2011Most of them are “Autorun.inf” files which were spread by USBAlso, Induc and Palevo worms are in high rank Trojan was the most reported new malware in 2011Windows related files were infected or replaced by the malware OnlineGameHack related families were the most reported malware in 2011Also, Conficker and Virut family as well1 Textimage/Autorun 9,458,847 24.20%2 JS/Agent 6,217,163 15.90%3 Win32/Induc 2,149,558 5.50%4 Html/Agent 1,859,891 4.80%5 JS/Downloader 1,789,695 4.60%6 JS/Redirect 1,580,959 4.10%7 JS/Exploit 1,545,389 4.00%8 JS/Iframe 1,446,928 3.70%9 Swf/Agent 1,432,679 3.70%10 Win32/Palevo1.worm.Gen 1,389,561 3.60%TOP10ReportedMalwarein20111 Win-Trojan/Patched.CR 757,876 25.80%2 Win-Trojan/Overtls11.Gen 700,456 23.90%3 Win-Trojan/Downloader.59904.AK 278,527 9.50%4 Win-Trojan/Winsoft17.Gen 222,208 7.60%5 Win-Trojan/Adload.77312.LPU 181,176 6.20%6 Win-Trojan/Winsoft18.Gen 104,026 3.50%7 Win-Trojan/Winsoft.263168.KX 75,337 2.60%8 Win-Trojan/Winsoft.263168.LO 73,994 2.50%9 Win-Trojan/Agent.339968.EI 69,762 2.40%10 Win-Trojan/Agent.323584.FK 68,946 2.30%TOP10ReportedNewMalwarein2011
  9. 9. 02 InternetThreatsandIssuesin Korea
  10. 10. 1)APT(AdvancedPersistentThreat)(1) Incident occurred in Korean companies using APT and Targeted Attacks S company, N Bank and N company in 2011 was the big issue 35 million client information has been leaked by the S company incidentIncidentinScompanyAttackerFree software update serverDB ServerSpreading themalware1Other VictimServerMalware infection2Connect to DB server4Remote control3Data transfer toexternal server5Data transmit6
  11. 11. 1)APT(AdvancedPersistentThreat)(2)Incident in N Bank Over 13 million game user’s information has been leaked by the N companyincident (It is on investigation) N Bank system has been corrupted after the attack from the outside Attacker has spread the malware with P2P program and waited 7 month for theattackP2PProgramLaptop fromthe outsourced staffAttackerInternalSystemSpreading themalware1Malware infection2Remote control3Delete all to DB server4
  12. 12. 2)MobileThreats(1) No report of any kind, about Android malwares that has been made or spreadin Korea Android samples which AhnLab has collected is from foreign countries Mobile Threats in Korea are not related by Android malwaresAndroid Malware founded in 2011
  13. 13. 2)MobileThreats(2) Disguised as public institution or bank to redirect to phishing website Using URL shortening of spam SMS to adult website Mobile messenger phishing by using KakaoTalk and MyPeople MobileMobilePhishing,MobileSpamSMSandMobileMessengerPhishingHello it’s KB Bank. For thesecurity reasons please accessto the website belowCome to the Hot Adult websiteDisguise as your friend to borrowsome money
  14. 14. 3)DDoSAccidents(1)4th March2011DDoSaccidentTimeLine In Korea, DDoS attack was to obtain money, but the objective is getting wider 3.4 DDoS (4th March) attack and the attack of National Election Commission in2011 was the big issue Almost of the DDoS attack in Korea uses malwares that are capable for DDoS
  15. 15. 3)DDoSAccidents(2)MalwareBuilderforDDoSattack A lot of computers that attacked National Election Commission was infected bythe malware Most of the malware builder was made by Chinese underground Change the malware builder into Korean language and spread from online cafe Malware disguised as game or media files and spread by P2P or online cafePacket type for DDoS attack
  16. 16. 4)ApplicationVulnerability Online game related malwares are spread by using web browser and applicationvulnerabilities Malware using vulnerabilities of I.E(MS10-018), Adobe Flash Player(CVE-2011-2110, CVE-2011-2140, CVE-2011-0609) and Adobe Reader(CVE-2011-0611) in 2011 Malware using vulnerabilities of Hangul word-process(.hwp) is increasing Increase of malware using vulnerabilities of Windows Media(MS12-004), Adobe FlashPlayer(CVE-2011-0611, CVE-2011-2140, CVE-2012-0754) and JAVA(CVE-2011-3544) in firstquarter 2012HackedWebsitesusingvariousvulnerabilitiestospreadmalwares Web sites which were found in 2th February2012 VulnerabilitiesMS10-018 Internet ExplorerMS12-004 Windows MediaCVE-2011-2140 Adobe Flash PlayerCVE-2011-3544 JAVA Weekdays, they make the systems to spread themalware Weekends, they hack a system and insert ascript to redirect to their system Last goal is to spread online game relatedmalwares
  17. 17. 5)SocialNetworkThreats Social Network Websites Developed in Korea, me2DAY, yozm and Cyworld Increase of Twitter and Facebook users in Korea, cause of increasing smartphone Social Network Websites are also used for spreading malwares and phishingwebsiteMalwarespreadingbyTwitter TwitBotcommandwhichwerefoundinme2DAYDisguised as media fileof a famous actress
  18. 18. Thank you.