Cyber Security Trends and Challenges

Cyber Security Trends and Challenges Prof. Heejo Lee Dept. of Computer Science and Engineering Korea University, Heejo@korea.ac.kr June 23, 2015

Contents 1 2 3 4 5 Introduction Cyber security attack trends Legal issues and investigation Research challenges Considerations for the future 2

INTRODUCTION 3

Cyber Security Markets The cyber security market is expected to grow at a compounded annual growth rate of 11.3% to reach $120 billion during 2011-2017 http://marketrealist.com/2014/12/cyber-securitypresents-opportunity-symantec/ http://www.bankinfosecurity.com/obama-proposes-14- billion-cybersecurity-budget-a-7867/op-1 4

Incidents and Financial Impact Continue to Soar The detected security incidents in 2014 have increased 12 times compared to the security incidents in 2009 PwC survey from 9,700 CEOs/CSOs in154 countries <Global state of information security survey, 2015> <Net Losses: Estimating the Global Cost of Cybercrime, June 2014> http://www.pwc.com/gx/en/consulting-services/informationsecurity-survey/key-findings.jhtml http://www.mcafee.com/us/resources/ reports/rp-economic-impact-cybercrime2.pdf 5

CYBERSECURITY ATTACK TRENDS 6

Cyber Security Trends Sep 23, 2013 iphone 5s fingerprint vulnerability Nov 12, 2013 ISS attacked by virus epidemics Apr, 2014 Heartbleed, OpenSSL vulnerability Nov 24, 2014 Sony Pictures Entertainment hack Mar, 2015 Newer aircraft Wi-Fi vulnerability 7

iphone Fingerprint Authentication Vulnerability German hacker group Chaos Computer Club(CCC) hacked iphone with TouchID, Sep 23, 2013 A fingerprint of the phone user, photographed from a glass surface, is enough It simply has a higher resolution than previous sensors, so all the CCC needed to do was increase the resolution of its fake http://www.cnet.com/news/iphone-5s-touch-idhacked-by-fake-fingerprints/ http://www.telegraph.co.uk/technology/apple/iphone/10327635/ip hone-5s-fingerprint-sensor-hacked-within-days-of-launch.html 8

Virus Epidemics in Space Nov 12, 2013 ISS attacked by virus epidemics Infected International Space Station(ISS) computers and laptops through the USB memory of the Russian cosmonaut brought a laptop Kaspersky guessed virus W32.Gammima.AG or a type of Trojan virus GameThief.Win32.Magania To enhance the security and reliability of the computer system, OS is changed from Windows XP to Linux http://www.theguardian.com/technology/2013/nov/12/international-space-station-virus-epidemics-malware 9

OpenSSL HeartBleed Vulnerability A security bug for OpenSSL library disclosed in April 2014 Half a million of the Internet secure web servers were to be vulnerable Many other systems such as network equipments and security solutions were also vulnerable, including 75 Cisco routers and switches https://en.wikipedia.org/wiki/heartbleed http://unseennow.com/blog/protect-heartbleed-bug/ 10

Sony Pictures Hack Nov 24, 2014. Hacked by Guardians of Peace (GOP) The Interview the film believed to have been the reason The film s plot involving the CIA planning to kill the secretive nation s supreme leader Kim Jong-un The hackers have obtained some100 terabytes of data stolen from Sony Estimated that the cost to fix the breach will be in the region of $100 million The director of the FBI has defended his bureau s claim that the hacking attack was the work of the North Korean government http://www.pocket-lint.com/news/131937-sony-pictures-hack-here-s-everything-we-know-about-the-massive-attack-so-far 11

Newer Aircraft Vulnerable to Hacking Mar, 2015. The planes include the Boeing 787 Dreamliner, the Airbus A350 and A380 aircraft were reported to have vulnerabilities The main plane computers and passenger internet area are physically networked Airplane Wi-Fi hacking could take full control of the plane Main computers including control, navigation and communication systems http://edition.cnn.com/2015/04/14/politics/gao-newer-aircraft-vulnerable-to-hacking/ 12

LEGAL ISSUES AND INVESTIGATION 13

Legal Issues in Cloud Computing By storing the data to cloud, criminals can avoid the legal issues Organizations don t know where the data is located http://www.cyberlawconsulting.com http://www.mondaq.com/turkey/x/400668/data+ Protection+Privacy/Critical+Legal+Issues+In+Cloud+Agreeme nts 14

International Collaboration for Global Incidents Computer Security Incident Response Team (CSIRT) A reliable and trusted single point of contact for reporting computer security incidents worldwide Forum of Incident Response and Security Team (FIRST) A premier organization and recognized global leader in incident response Asia Pacific Computer Emergency Response Team (APCERT) Work to help create a safe, clean and reliable cyber space in the Asia Pacific Region through global collaboration 15

RESEARCH CHALLENGES 16

DDoS Attacks (1/3) A Distributed denial-of-service (DDoS) attacks is an attempt to make a machine or network resource unavailable to its intended users One of the main threat to the cyber security <DDoS attack diagram> http://hackmageddon.com/2015/01/13/2014- cyber-attacks-statistics-aggregated/ 17

DDoS Attacks (2/3) Distributed reflection denial of service attack Using IP address spoofing, the source address is set to that of the targeted victim, which means all the replies will go to (and flood) the target 18

DDoS Attacks (3/3) DDoS attacks continue to represent an insidious threat, with an alarming increase in the Simple Service Discovery Protocol reflection attacks <Arbor networks quarterly report on global DDoS attack data Q3 2014> 19

Defense Strategies and Cyber Shelter for DDoS Attacks (1/4) Broader DDoS Solutions No single effective solution Network topology, server design, attack filtering Resilient topology & DNS load balancing Dependable server design URL splitting ISP on-demand filtering URL rate limiting 20

Defense Strategies and Cyber Shelter for DDoS Attacks (2/4) Dependable Servers Servers are more susceptible to DDoS than networks Even though DDoS traffic filtered, a server can be suffered from unfiltered attack traffic URL splitting Light weight first page in one server, redirect to next page in a different server Load sharing with multiple servers 21

Defense Strategies and Cyber Shelter for DDoS Attacks (3/4) Resilient Topology Resiliency of network topology Avoid single point of failures via link congestion Disperse replicated servers Once a server crashed, then the other can continue to provide the same services 22

Defense Strategies and Cyber Shelter for DDoS Attacks (4/4) DDoS Shelter Service Reroutes attack traffic Destined for the targeted website to the Shelter and cleans it All traffic to the website will be collected by the Shelter to cope with the attack for a certain period of time http://eng.krcert.or.kr/service/ddos.jsp 23

Malware in Documents Hangul Document Exploit Put the shell code to heap area in the document for exploiting the vulnerability of HWP word processor OS shut down after a while and print the message Who Am I? <Attack simulation in.hwp vulnerability> https://www.youtube.com/watch?v=z0cvca8ak9a 24

Discovering Android Malware using Behavior Signature Detecting Android malware variants by family signature New approach using CodeGraph system and android API Jonghoon Kwon, Jihwan Jeong, Jehyun Lee, Heejo Lee, DroidGraph: Discovering Android Malware by Analyzing Semantic Behavior", IEEE Conf. on Communications and Network Security (IEEE CNS), Oct. 29. 2014. Suyeon Lee, Jehyun Lee, Heejo Lee, "Screening Smartphone Applications using Behavioral Signatures", IFIP Int'l Information Security and Privacy Conference (IFIP SEC), Vol. 405, pp. 14-27, Jul. 8. 2013. 25

Detecting Repackaged Malapps using Software-based Attestation MysteryChecker Verifier randomly generates an attestation module Verifier transfers a new attestation module to target, and the target replies an attestation result Chanyoung Lee, Dongwon Seo, Jihwan Jeong, Jonghoon Kwon, Heejo Lee, MysteryChecker: Unpredictable Attestation to Detect Repackaged Malicious Applications in Android, IEEE Conf. on Malicious and Unwanted Software (IEEE Malware), Oct. 2014 26

CONSIDERATION FOR THE FUTURES 27

Security Awareness (1/2) Almost 40% of adults rarely protect themselves against cyber crooks National Crime Agency (NCA) has started a security awareness campaign <August 13, 2014> http://www.nationalcrimeagency.gov.uk/news/news-listings/423-almost- 40-of-adults-rarely-protect-themselves-against-cyber-crooks 28

Security Awareness (1/2) NCA is urging you to be careful when using the internet Device s software up-to-date Not opening files on a website or email from suspicious sources Being cautious when putting USB sticks and CDs into computer Cyber Streetwise campaign provides easy tips so that users stay safe online https://www.cyberstreetwise.com/ 29

Security Awareness Training V School Is held annually by AhnLab since 2006 Is corporate social activities as a talent donation Youth IT security camp Is held by MSIP since 2012 Plants the security awareness in young people 30

Human Resource Development (1/2) Best of Best (BOB) program Is started from 2012 A stepped mentoring program with top security experts A practice education and project of utility knowledge-based continuous support to white hackers for entering the workforce 31

Human Resource Development (2/2) CODE GATE (Hacking conference) Is the world-class global event on information protection to foster the global experts Capture the flag (CTF) sample problem INCOGNITO (Hacking conference) Is a name for the Korean university computer security club union created in 2012 The members are 12 universities including Korea Univ, POSTECH, KAIST, and SNU. 32

CSIRT Training Program APISC Security Training Course Since 2005 KISA has been implementing the Asia-Pacific Information Security Training Course (APISC) Program 1-day on Information Security in Korea 1-day for economy update by participants 3-days of TRANSITS course on CSIRT building and operation 33

HRD Programs in Information Security(1/2) Undergraduate and graduate course for information security Information security departments in undergraduate course are established in 2002 from KCC of IT resources development project Graduate course 21 courses in general graduate school 11 courses in special graduate school Universities Students Graduate (2014) Undergraduate degree program Graduate degree program 36 5,701 545 32 1,241 281 http://isis.kisa.or.kr/ebook/swfviewpage.jsp?type=2015 34

HRD Programs in Information Security(2/2) Selection of information security specialized university in Korea, June 2015 Curriculum operation: incident response, digital forensics, cyber security Collaborative projects with enterprises Korea university Seoul women s university Ajou university http://isis.kisa.or.kr/ebook/swfviewpage.jsp?type=2015 35

THANK YOU 36