cyber fraud - association of certified fraud examiners · cyber fraud the new frontiers albert hui...
TRANSCRIPT
CYBER FRAUDTHE NEW FRONTIERS
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC
Principal Consultant
2014 Asia-Pacific Fraud ConferenceNovember 17th 2014 @ Hong Kong
WHO AM I?
• Spoken at Black Hat, High Tech Crime Investigation Association (Asia Pacific Conference), and Economist Corporate Network.
• Risk Consultant for Banks, Government and Critical Infrastructures.
• SANS GIAC Advisory Board Member.
• Co-designed the first Computer Forensics curriculum forHong Kong Police Force.
• Former HKUST Computer Science lecturer.
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC
Principal Consultant
AGENDA
Overview of 2 Prominent Fraud Scenarios
• Phishing / Whaling
• Man-in-the-Browser
Monetization
• Hacker Supply Chain
• Underground Economy
• Money Laundering
Cyber Security Countermeasures
CLASSIC PHISHING AND WHALING COMPARED
Classic Phishing
• Ridiculous contents
• Opportunistic
• Straight-forward financial scam
Whaling
• Make-Believe contents
• Targeted
• Lateral compromises possible,often leads to corporate espionage
SOME MONETIZATION POSSIBILITIES
bank accounts
computer
file server
customer data stored values(e.g. Q-coins, Taobao credit)
credit cards
HACKER SUPPLY CHAIN
Anon Payment
Hacker Tools /
Bulletproof Hosting
MonetizationImplications
• Sophisticated attacks now available to non-experts
• Lower breakeven point for attacks
• More “worthwhile” targets
PHILOSOPHY
Defender’s Dilemma
• Must secure all possible vulnerabilities
Intruder’s Dilemma
• Must evade all detections
Reason’s Swiss Cheese ModelPicture from NICPLD
ESSENTIALS FOR DETECTING CYBER ATTACKS
• Layered defense-in-depth
• Redundant security (e.g. two different brands of FWs)
• Security event correlation (e.g. SIEM)
• Trustworthy logging
• Up-to-date threat intelligence
• Security awareness and reporting channel
• Incident response capability (e.g. CSIRT)