SlideShare a Scribd company logo

Cyber Threat Trends in Taiwan

Download as PPTX, PDF
APNIC
APNIC

A presentation given at APRICOT 2015 during the APCERT (1) session.

Internet
1 of 24
2015 Taiwan National Computer Emergency Response Team0 Cyber Threat Trends in Taiwan Henry Yu TWNCERT
2015 Taiwan National Computer Emergency Response Team1 Outline ● Introduction of NICST ● Even More Aggressive E-Mail Info Collections ● Even More Wilder Contractor Invasions ● Mobile Scam ● Conclusion
2015 Taiwan National Computer Emergency Response Team2 Introduction of NICST ● National Information & Communication Security Taskforce (NICST), established since January 2001, is a Cabinet-Level taskforce –Convened by Vice Premier, Executive Yuan –Steering Committee comprised of central government CISOs/Municipality CISOs/Deputy Director of NSB/Experts –Secretariat by Office of Information and Communication Security (OICS), Executive Yuan –8 major working groups for cyber security related tasks execution and coordination among agencies –One service center (Information and Communication Security Technology Center, ICST) plays the role of National CSIRT (TWNCERT)
2015 Taiwan National Computer Emergency Response Team3 Even More Aggressive E-Mail Info Collections
2015 Taiwan National Computer Emergency Response Team4 Even More Aggressive E-Mail Info Collection ● Hackers use various methods to collect e-mail addresses, steal accounts and passwords, and then use stolen e-mail accounts to collect even more e-mail addresses, steal more accounts and passwords, and …… –Hackers collect e-mails from government agencies, academic units, government contractors, private sectors and many individuals… –As time passed, hackers have collected enormous amount of e-mail accounts.
2015 Taiwan National Computer Emergency Response Team5 Case – Social Engineering Victim #1 Hacker Brute Force Password Attack Victims Social Engineering • Phishing E-mail • Malicious Attachment Victim #2 • Phishing Website (GOOGLE LOGIN PAGE) Login GOOGLE Accounts Steal GOOGLE accounts & passwords • Over 20 victims • Roughly 118 phishing e-mails 3 2 1 4 Over port 1024/6666 RDP
2015 Taiwan National Computer Emergency Response Team6 ● The hacker sent 118 phishing e-mails via the stepping stone, mainly impersonated famous politicians to lure people to hit the malicious link, and stole their Gmail accounts and passwords Stepping stone investigation 信件主旨 數量 馬瑋國邀請您加入到他的討論圈"事務性研討會",並希 望成為你的 Google+ 朋友,接受他的申請? 19 馬瑋國在Google+ 上提到了你。 11 馬瑋國邀請您加入到他的討論圈"內參資料更新事",並 希望成為你的 Google+ 朋友,接受他的申請? 6 金溥聰 在Google+ 上提到了你。 4 Hits the link of phishing website, the hacker can get victims’ Gmail accounts and passwords
2015 Taiwan National Computer Emergency Response Team7 ● Total 60 recipients, mostly are government officials’ business and private e-mail accounts Victims mostly are government officials Domain Amount Agencies gov.tw 24 … org.tw 2 … gmail.com 27 Including government officials’ private e-mail accounts… yahoo.com.tw 7 Including government officials’ private e-mail accounts…
2015 Taiwan National Computer Emergency Response Team8 ● The hacker used phishing website to steal victims’ e-mail account and passwords, read through contents in the account, then used the account to send the malicious mails to victims’ contact lists Use stolen account to send malicious mails again Original Fake
2015 Taiwan National Computer Emergency Response Team9 Phishing e-mails ● A government agency’s secretary received the social engineering e-mail and reported to us, we analyzed the header of the mail and try to find the source ● The header showed that the mail sender IP is 122.x.x.x, registered in Hong Kong, the hacker used PHPMailer to send fake Google website link, try to lure the victims to hit the link
2015 Taiwan National Computer Emergency Response Team10 Fake… ● The link took victims to the fake Google Cloud screen…
2015 Taiwan National Computer Emergency Response Team11 More Fake… ● Fake Google Cloud login screen…
2015 Taiwan National Computer Emergency Response Team12 Real Fake… ● Input any combination of accounts and passwords, the page will take victims to the download page to download real file ● Test in different time will result in different file downloaded, which means this page is still active, the hacker continues to update the page to trick different victims
2015 Taiwan National Computer Emergency Response Team13 Even More Wilder Contractor Invasions
2015 Taiwan National Computer Emergency Response Team14 ● As more and more government agencies have done great jobs on cyber security defenses, the hackers are starting to focus their efforts on government contractors ● Compare to government agencies, government contractors usually have weaker defenses, lower restrictions, and lesser security awareness ● The contractors’ security is becoming a critical issue in Taiwan as well as the whole world Even More Wilder Contractor Invasions
2015 Taiwan National Computer Emergency Response Team15 ● The Hacker invaded a information system development company, and stole many files and documentation from the storage servers ● There were 43 government agencies, 12 academic organizations and 16 private sector companies’ information were being stolen –Including clients’ Notice of Invitation to Bid related information, case documentation and all the source codes being developed in these cases Case #1 – Contractor invasion
2015 Taiwan National Computer Emergency Response Team16 ● A government agency was hacked, and many sensitive documentation were leaked out –20 government project plans, and 27 budget plans documentation were being stolen ● After investigation, we found out the invasion was from its information contractor –the agency gave its information service contractor remote access privileges in order for them to do the maintenance services remotely Case #2 – Invasion via contractors (1/2)
2015 Taiwan National Computer Emergency Response Team17 ● The hacker hacked the contractor first, then used remote access to get into the agency’s servers (Web Server, AD Server, Official Document Exchange System, and Mail Server), then got into all personal computers to steal information Case #2 – Invasion via contractors (2/2) The Hacker The Contractor ODES PC Agency Intranet
2015 Taiwan National Computer Emergency Response Team18 Mobile Scam
2015 Taiwan National Computer Emergency Response Team19 Mobile Scam Background ● Taiwan National Police Agency set up an Anti-Fraud Hotline (165) and Web Portal for awareness raising, suspicious activity impeach and case report of all kinds of fraud since 2004 –165 observed fraud cases through SMS of mobile device increase rapidly since Oct. 2013 –And fraud cases through Messaging Apps surged since Feb. 2014
2015 Taiwan National Computer Emergency Response Team20 ● From February to May 2014, mobile scam through messaging APPs had quickly reached a peak in Taiwan ● The most common messaging APP used in Taiwan is LINE, scammers are using various methods to social engineering victims, and gaining profits Mobile Scam through Messaging APP
2015 Taiwan National Computer Emergency Response Team21 Various LINE Scam Methods E-mail Others Invade Account & Pass Line Friends Send out scam messages Mal. APP Links Device hacked * Steal personal info * Use info to do Micro Payment scam * Ask for personal info * Ask to receive auth. code Micro Payment Scam Ask to buy game points victims provide game point info Exchange game points to cash Ask to dial 0809031088 Establish and activate Ruten seller account Facebook, Google+, etc. 資料來源:內政部警政署刑事警察局
2015 Taiwan National Computer Emergency Response Team22 Countermeasures ● TWNCERT has cooperated with National Communication Commission and National Police Agency through G-ISAC: – We announced all known scam methods to all members; asked anti-virus companies to analyze all malicious APP; blocked, reported and handled all malicious IPs traffics through appropriate authorities – We asked mobile users don’t install any APP which is not from official Apple or Google stores, and set the security option to not allow unknown source installation – We also ask mobile users to harden LINE’s security options: blocking messages which are not from known friends; don’t allow people to add you as friends automatically; don’t make LINE ID public; if only use LINE on one device, don’t allow logins from PC or other devices – We ask people to cancel ISP micro payment option, and make ISPs to change the micro payment enabled by default policy to disable by default and requires citizen have to go to ISP counter and apply micro payment option in person
2015 Taiwan National Computer Emergency Response Team23 Conclusions ● The social engineering has been a long time problem… as more and more people get on to the Internet, the situation has gone even worse – TWNCERT continues to promote the social engineering awareness to the government agencies  Government cyber security seminars twice a year  Provide social engineering drill platform for agencies to perform self drills ● The security threat from contractors are keep on raising – Currently Taiwan government is developing Government Contractor Cyber Security Requirement Standard, and now also require contractors to monitor own cyber events and report when incident occurs ● Mobile scams are getting popular – TWNCERT has cooperated with National Communication Commission and law enforcement agencies through G-ISAC, exchange all scam information quickly – We successfully quieted down all mobile scams in Taiwan within four months

Recommended

Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update
Symantec Website Security
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security Nowadays
Goutama Bachtiar
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Rafel Ivgi
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Pawan Kurmi
 
Cyber security
Cyber security Cyber security
Cyber security
REVA UNIVERSITY
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
ambadesuhas
 

Recommended

Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update Website Security Threats - January 2014 Update
Website Security Threats - January 2014 Update
Symantec Website Security
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security Nowadays
Goutama Bachtiar
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Rafel Ivgi
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Pawan Kurmi
 
Cyber security
Cyber security Cyber security
Cyber security
REVA UNIVERSITY
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
ambadesuhas
 
Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisation
Jacqueline Fick
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crime
Darshan Aswani
 
IRJET- An Overview of Ethical Hacking
IRJET- An Overview of Ethical HackingIRJET- An Overview of Ethical Hacking
IRJET- An Overview of Ethical Hacking
IRJET Journal
 
Cyber Security Awareness Challenge: In India
Cyber Security Awareness Challenge: In IndiaCyber Security Awareness Challenge: In India
Cyber Security Awareness Challenge: In India
IRJET Journal
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
David J Rosenthal
 
Threats
ThreatsThreats
Threats
Larry Nelson
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
Goutama Bachtiar
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
Bangladesh Network Operators Group
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
Community Protection Forum
 
Cyber crime and fraud
Cyber crime and fraudCyber crime and fraud
Cyber crime and fraud
FCA - Future Chartered Accountants
 
Cybercrimeppt 160421074211
Cybercrimeppt 160421074211Cybercrimeppt 160421074211
Cybercrimeppt 160421074211
Andreaa Viv
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
Stephen Cobb
 
SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)
James Neo
 
Improve Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness TrainingImprove Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness Training
Triskele Labs
 
Focus on cyber threats in hacking cycle
Focus on cyber threats in hacking cycle Focus on cyber threats in hacking cycle
Focus on cyber threats in hacking cycle
David Sweigert
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web Developers
Krishna Srikanth Manda
 
Cyber crime and issues
Cyber crime and issuesCyber crime and issues
Cyber crime and issues
Roshan Mastana
 
Cyber security
Cyber securityCyber security
Cyber security
PawanKalyanAmbati
 
Cyber security
Cyber security Cyber security
Cyber security
Tanu Basoiya
 
cyber crime
cyber crime cyber crime
cyber crime
sonalpandey11
 
HDF-EOS Development Status and Maintenance Support
HDF-EOS Development Status and Maintenance SupportHDF-EOS Development Status and Maintenance Support
HDF-EOS Development Status and Maintenance Support
The HDF-EOS Tools and Information Center
 
African Community Resource Guide
African Community Resource GuideAfrican Community Resource Guide
African Community Resource Guide
intervmedia
 

More Related Content

What's hot

Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisation
Jacqueline Fick
 

What's hot (20)

Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisation
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crime
 
IRJET- An Overview of Ethical Hacking
IRJET- An Overview of Ethical HackingIRJET- An Overview of Ethical Hacking
IRJET- An Overview of Ethical Hacking
 
Cyber Security Awareness Challenge: In India
Cyber Security Awareness Challenge: In IndiaCyber Security Awareness Challenge: In India
Cyber Security Awareness Challenge: In India
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
 
Threats
ThreatsThreats
Threats
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
Cyber crime and fraud
Cyber crime and fraudCyber crime and fraud
Cyber crime and fraud
 
Cybercrimeppt 160421074211
Cybercrimeppt 160421074211Cybercrimeppt 160421074211
Cybercrimeppt 160421074211
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)
 
Improve Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness TrainingImprove Cybersecurity Education Or Awareness Training
Improve Cybersecurity Education Or Awareness Training
 
Focus on cyber threats in hacking cycle
Focus on cyber threats in hacking cycle Focus on cyber threats in hacking cycle
Focus on cyber threats in hacking cycle
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web Developers
 
Cyber crime and issues
Cyber crime and issuesCyber crime and issues
Cyber crime and issues
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber security Cyber security
Cyber security
 
cyber crime
cyber crime cyber crime
cyber crime
 

Viewers also liked

African Community Resource Guide
African Community Resource GuideAfrican Community Resource Guide
African Community Resource Guide
intervmedia
 
파푸아뉴기니개황%282011.5%291
파푸아뉴기니개황%282011.5%291파푸아뉴기니개황%282011.5%291
파푸아뉴기니개황%282011.5%291
drtravel
 
Kmcm2012 Invitation
Kmcm2012 InvitationKmcm2012 Invitation
Kmcm2012 Invitation
rand3h
 
Konzulárne dni v Manchestri 11.-12. októbra_2013
Konzulárne dni v Manchestri 11.-12. októbra_2013Konzulárne dni v Manchestri 11.-12. októbra_2013
Konzulárne dni v Manchestri 11.-12. októbra_2013
konzulatNYC
 
Bhanu-WA Mining 2014
Bhanu-WA Mining 2014Bhanu-WA Mining 2014
Bhanu-WA Mining 2014
Bhanu Rahoni
 
Liste des pays du monde
Liste des pays du mondeListe des pays du monde
Liste des pays du monde
matrice107
 
Informe preferia corea el sur 2013
Informe preferia corea el sur 2013Informe preferia corea el sur 2013
Informe preferia corea el sur 2013
ceciliabenac
 
Codigo para insertar al blog
Codigo para insertar al blogCodigo para insertar al blog
Codigo para insertar al blog
yaniris226
 

Viewers also liked (20)

HDF-EOS Development Status and Maintenance Support
HDF-EOS Development Status and Maintenance SupportHDF-EOS Development Status and Maintenance Support
HDF-EOS Development Status and Maintenance Support
 
African Community Resource Guide
African Community Resource GuideAfrican Community Resource Guide
African Community Resource Guide
 
파푸아뉴기니개황%282011.5%291
파푸아뉴기니개황%282011.5%291파푸아뉴기니개황%282011.5%291
파푸아뉴기니개황%282011.5%291
 
Kmcm2012 Invitation
Kmcm2012 InvitationKmcm2012 Invitation
Kmcm2012 Invitation
 
Konzulárne dni v Manchestri 11.-12. októbra_2013
Konzulárne dni v Manchestri 11.-12. októbra_2013Konzulárne dni v Manchestri 11.-12. októbra_2013
Konzulárne dni v Manchestri 11.-12. októbra_2013
 
Military families resource handout mn
Military families resource handout mnMilitary families resource handout mn
Military families resource handout mn
 
Earth Observation: Policies, Strategies, Opportunities and Institutional Land...
Earth Observation: Policies, Strategies, Opportunities and Institutional Land...Earth Observation: Policies, Strategies, Opportunities and Institutional Land...
Earth Observation: Policies, Strategies, Opportunities and Institutional Land...
 
Newsletter from Gardez
Newsletter from GardezNewsletter from Gardez
Newsletter from Gardez
 
4th batch wsk kick off
4th batch wsk kick off4th batch wsk kick off
4th batch wsk kick off
 
2011 01-13
2011 01-132011 01-13
2011 01-13
 
Bhanu-WA Mining 2014
Bhanu-WA Mining 2014Bhanu-WA Mining 2014
Bhanu-WA Mining 2014
 
CESTOVNE DOKLADY SR
CESTOVNE DOKLADY SRCESTOVNE DOKLADY SR
CESTOVNE DOKLADY SR
 
Bit e Byte
Bit e ByteBit e Byte
Bit e Byte
 
Liste des pays du monde
Liste des pays du mondeListe des pays du monde
Liste des pays du monde
 
ISC West 2014 Korea Pavilion Directory
ISC West 2014 Korea Pavilion DirectoryISC West 2014 Korea Pavilion Directory
ISC West 2014 Korea Pavilion Directory
 
Intrumentos de eval 3
Intrumentos de eval 3Intrumentos de eval 3
Intrumentos de eval 3
 
102 國內外創意、創新、創業或發明競賽等獎項例示表-詹翔霖教授
102 國內外創意、創新、創業或發明競賽等獎項例示表-詹翔霖教授102 國內外創意、創新、創業或發明競賽等獎項例示表-詹翔霖教授
102 國內外創意、創新、創業或發明競賽等獎項例示表-詹翔霖教授
 
Informe preferia corea el sur 2013
Informe preferia corea el sur 2013Informe preferia corea el sur 2013
Informe preferia corea el sur 2013
 
Spice
SpiceSpice
Spice
 
Codigo para insertar al blog
Codigo para insertar al blogCodigo para insertar al blog
Codigo para insertar al blog
 

Similar to Cyber Threat Trends in Taiwan

The Executive's Guide to the 2016 Global Threat Intelligence Report
The Executive's Guide to the 2016 Global Threat Intelligence ReportThe Executive's Guide to the 2016 Global Threat Intelligence Report
The Executive's Guide to the 2016 Global Threat Intelligence Report
Simona Franciosi
 

Similar to Cyber Threat Trends in Taiwan (20)

Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Irjet v5 i1268
Irjet v5 i1268Irjet v5 i1268
Irjet v5 i1268
 
IT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckIT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide Deck
 
Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Cyber security for ia and risk 150601
Cyber security for ia and risk 150601
 
The Executive's Guide to the 2016 Global Threat Intelligence Report
The Executive's Guide to the 2016 Global Threat Intelligence ReportThe Executive's Guide to the 2016 Global Threat Intelligence Report
The Executive's Guide to the 2016 Global Threat Intelligence Report
 
Cybercrime & Cybersecurity
Cybercrime & CybersecurityCybercrime & Cybersecurity
Cybercrime & Cybersecurity
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
 
Addressing cyber risk managment from SME perspective
Addressing cyber risk managment from SME perspectiveAddressing cyber risk managment from SME perspective
Addressing cyber risk managment from SME perspective
 
Informationsecurity
InformationsecurityInformationsecurity
Informationsecurity
 
Skylarch Company Preso EEFUNG
Skylarch Company Preso EEFUNGSkylarch Company Preso EEFUNG
Skylarch Company Preso EEFUNG
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security report
 
Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber security
 
Cybersecurity - Webinar Session
Cybersecurity - Webinar SessionCybersecurity - Webinar Session
Cybersecurity - Webinar Session
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Current Conditions and Challenges of Cybersecurity in Taiwan
Current Conditions and Challenges of Cybersecurity in TaiwanCurrent Conditions and Challenges of Cybersecurity in Taiwan
Current Conditions and Challenges of Cybersecurity in Taiwan
 

More from APNIC

More from APNIC (20)

APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 

Recently uploaded

Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
kumarajju5765
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
soniya singh
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
ruhi
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
shivangimorya083
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
kojalkojal131
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
ellan12
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
sexy call girls service in goa
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
SofiyaSharma5
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
anilsa9823
 

Recently uploaded (20)

Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 

Cyber Threat Trends in Taiwan

  • 1. 2015 Taiwan National Computer Emergency Response Team0 Cyber Threat Trends in Taiwan Henry Yu TWNCERT
  • 2. 2015 Taiwan National Computer Emergency Response Team1 Outline ● Introduction of NICST ● Even More Aggressive E-Mail Info Collections ● Even More Wilder Contractor Invasions ● Mobile Scam ● Conclusion
  • 3. 2015 Taiwan National Computer Emergency Response Team2 Introduction of NICST ● National Information & Communication Security Taskforce (NICST), established since January 2001, is a Cabinet-Level taskforce –Convened by Vice Premier, Executive Yuan –Steering Committee comprised of central government CISOs/Municipality CISOs/Deputy Director of NSB/Experts –Secretariat by Office of Information and Communication Security (OICS), Executive Yuan –8 major working groups for cyber security related tasks execution and coordination among agencies –One service center (Information and Communication Security Technology Center, ICST) plays the role of National CSIRT (TWNCERT)
  • 4. 2015 Taiwan National Computer Emergency Response Team3 Even More Aggressive E-Mail Info Collections
  • 5. 2015 Taiwan National Computer Emergency Response Team4 Even More Aggressive E-Mail Info Collection ● Hackers use various methods to collect e-mail addresses, steal accounts and passwords, and then use stolen e-mail accounts to collect even more e-mail addresses, steal more accounts and passwords, and …… –Hackers collect e-mails from government agencies, academic units, government contractors, private sectors and many individuals… –As time passed, hackers have collected enormous amount of e-mail accounts.
  • 6. 2015 Taiwan National Computer Emergency Response Team5 Case – Social Engineering Victim #1 Hacker Brute Force Password Attack Victims Social Engineering • Phishing E-mail • Malicious Attachment Victim #2 • Phishing Website (GOOGLE LOGIN PAGE) Login GOOGLE Accounts Steal GOOGLE accounts & passwords • Over 20 victims • Roughly 118 phishing e-mails 3 2 1 4 Over port 1024/6666 RDP
  • 7. 2015 Taiwan National Computer Emergency Response Team6 ● The hacker sent 118 phishing e-mails via the stepping stone, mainly impersonated famous politicians to lure people to hit the malicious link, and stole their Gmail accounts and passwords Stepping stone investigation 信件主旨 數量 馬瑋國邀請您加入到他的討論圈"事務性研討會",並希 望成為你的 Google+ 朋友,接受他的申請? 19 馬瑋國在Google+ 上提到了你。 11 馬瑋國邀請您加入到他的討論圈"內參資料更新事",並 希望成為你的 Google+ 朋友,接受他的申請? 6 金溥聰 在Google+ 上提到了你。 4 Hits the link of phishing website, the hacker can get victims’ Gmail accounts and passwords
  • 8. 2015 Taiwan National Computer Emergency Response Team7 ● Total 60 recipients, mostly are government officials’ business and private e-mail accounts Victims mostly are government officials Domain Amount Agencies gov.tw 24 … org.tw 2 … gmail.com 27 Including government officials’ private e-mail accounts… yahoo.com.tw 7 Including government officials’ private e-mail accounts…
  • 9. 2015 Taiwan National Computer Emergency Response Team8 ● The hacker used phishing website to steal victims’ e-mail account and passwords, read through contents in the account, then used the account to send the malicious mails to victims’ contact lists Use stolen account to send malicious mails again Original Fake
  • 10. 2015 Taiwan National Computer Emergency Response Team9 Phishing e-mails ● A government agency’s secretary received the social engineering e-mail and reported to us, we analyzed the header of the mail and try to find the source ● The header showed that the mail sender IP is 122.x.x.x, registered in Hong Kong, the hacker used PHPMailer to send fake Google website link, try to lure the victims to hit the link
  • 11. 2015 Taiwan National Computer Emergency Response Team10 Fake… ● The link took victims to the fake Google Cloud screen…
  • 12. 2015 Taiwan National Computer Emergency Response Team11 More Fake… ● Fake Google Cloud login screen…
  • 13. 2015 Taiwan National Computer Emergency Response Team12 Real Fake… ● Input any combination of accounts and passwords, the page will take victims to the download page to download real file ● Test in different time will result in different file downloaded, which means this page is still active, the hacker continues to update the page to trick different victims
  • 14. 2015 Taiwan National Computer Emergency Response Team13 Even More Wilder Contractor Invasions
  • 15. 2015 Taiwan National Computer Emergency Response Team14 ● As more and more government agencies have done great jobs on cyber security defenses, the hackers are starting to focus their efforts on government contractors ● Compare to government agencies, government contractors usually have weaker defenses, lower restrictions, and lesser security awareness ● The contractors’ security is becoming a critical issue in Taiwan as well as the whole world Even More Wilder Contractor Invasions
  • 16. 2015 Taiwan National Computer Emergency Response Team15 ● The Hacker invaded a information system development company, and stole many files and documentation from the storage servers ● There were 43 government agencies, 12 academic organizations and 16 private sector companies’ information were being stolen –Including clients’ Notice of Invitation to Bid related information, case documentation and all the source codes being developed in these cases Case #1 – Contractor invasion
  • 17. 2015 Taiwan National Computer Emergency Response Team16 ● A government agency was hacked, and many sensitive documentation were leaked out –20 government project plans, and 27 budget plans documentation were being stolen ● After investigation, we found out the invasion was from its information contractor –the agency gave its information service contractor remote access privileges in order for them to do the maintenance services remotely Case #2 – Invasion via contractors (1/2)
  • 18. 2015 Taiwan National Computer Emergency Response Team17 ● The hacker hacked the contractor first, then used remote access to get into the agency’s servers (Web Server, AD Server, Official Document Exchange System, and Mail Server), then got into all personal computers to steal information Case #2 – Invasion via contractors (2/2) The Hacker The Contractor ODES PC Agency Intranet
  • 19. 2015 Taiwan National Computer Emergency Response Team18 Mobile Scam
  • 20. 2015 Taiwan National Computer Emergency Response Team19 Mobile Scam Background ● Taiwan National Police Agency set up an Anti-Fraud Hotline (165) and Web Portal for awareness raising, suspicious activity impeach and case report of all kinds of fraud since 2004 –165 observed fraud cases through SMS of mobile device increase rapidly since Oct. 2013 –And fraud cases through Messaging Apps surged since Feb. 2014
  • 21. 2015 Taiwan National Computer Emergency Response Team20 ● From February to May 2014, mobile scam through messaging APPs had quickly reached a peak in Taiwan ● The most common messaging APP used in Taiwan is LINE, scammers are using various methods to social engineering victims, and gaining profits Mobile Scam through Messaging APP
  • 22. 2015 Taiwan National Computer Emergency Response Team21 Various LINE Scam Methods E-mail Others Invade Account & Pass Line Friends Send out scam messages Mal. APP Links Device hacked * Steal personal info * Use info to do Micro Payment scam * Ask for personal info * Ask to receive auth. code Micro Payment Scam Ask to buy game points victims provide game point info Exchange game points to cash Ask to dial 0809031088 Establish and activate Ruten seller account Facebook, Google+, etc. 資料來源:內政部警政署刑事警察局
  • 23. 2015 Taiwan National Computer Emergency Response Team22 Countermeasures ● TWNCERT has cooperated with National Communication Commission and National Police Agency through G-ISAC: – We announced all known scam methods to all members; asked anti-virus companies to analyze all malicious APP; blocked, reported and handled all malicious IPs traffics through appropriate authorities – We asked mobile users don’t install any APP which is not from official Apple or Google stores, and set the security option to not allow unknown source installation – We also ask mobile users to harden LINE’s security options: blocking messages which are not from known friends; don’t allow people to add you as friends automatically; don’t make LINE ID public; if only use LINE on one device, don’t allow logins from PC or other devices – We ask people to cancel ISP micro payment option, and make ISPs to change the micro payment enabled by default policy to disable by default and requires citizen have to go to ISP counter and apply micro payment option in person
  • 24. 2015 Taiwan National Computer Emergency Response Team23 Conclusions ● The social engineering has been a long time problem… as more and more people get on to the Internet, the situation has gone even worse – TWNCERT continues to promote the social engineering awareness to the government agencies  Government cyber security seminars twice a year  Provide social engineering drill platform for agencies to perform self drills ● The security threat from contractors are keep on raising – Currently Taiwan government is developing Government Contractor Cyber Security Requirement Standard, and now also require contractors to monitor own cyber events and report when incident occurs ● Mobile scams are getting popular – TWNCERT has cooperated with National Communication Commission and law enforcement agencies through G-ISAC, exchange all scam information quickly – We successfully quieted down all mobile scams in Taiwan within four months