Cyber Security Trends and Challenges

Prof. Heejo Lee

Dept. of Computer Science and Engineering

Korea University, Heejo@korea.ac.kr

June 23, 2015

Contents

2

Considerations for the future

Research challenges

Legal issues and investigation

Cyber security attack trends

Introduction

2

1

3

4

5

INTRODUCTION

3

• The cyber security market is expected to grow at a compounded annual

growth rate of 11.3% to reach $120 billion during 2011-2017

Cyber Security Markets

4

http://marketrealist.com/2014/12/cyber-security-

presents-opportunity-symantec/http://www.bankinfosecurity.com/Obama-proposes-14-

billion-cybersecurity-budget-a-7867/op-1

• The detected security incidents in 2014 have increased 12 times

compared to the security incidents in 2009

– PwC survey from 9,700 CEOs/CSOs in154 countries

Incidents and Financial Impact

Continue to Soar

5

http://www.pwc.com/gx/en/consulting-services/information-

security-survey/key-findings.jhtmlhttp://www.mcafee.com/us/resources/

reports/rp-economic-impact-cybercrime2.pdf

<Net Losses: Estimating the Global

Cost of Cybercrime, June 2014><Global state of information

security survey, 2015>

CYBERSECURITY ATTACK

TRENDS

6

Cyber Security Trends

• Sep 23, 2013 iPhone 5s fingerprint vulnerability

• Nov 12, 2013 ISS attacked by ‘virus epidemics’

• Apr, 2014 Heartbleed, OpenSSL vulnerability

• Nov 24, 2014 Sony Pictures Entertainment hack

• Mar, 2015 Newer aircraft Wi-Fi vulnerability

7

8

iPhone Fingerprint Authentication

Vulnerability

• German hacker group Chaos Computer Club(CCC) hacked iPhone with

TouchID, Sep 23, 2013

– A fingerprint of the phone user, photographed from a glass surface, is enough

– It simply has a higher resolution than previous sensors, so all the CCC

needed to do was increase the resolution of its fake

http://www.telegraph.co.uk/technology/apple/iphone/10327635/iP

hone-5s-fingerprint-sensor-hacked-within-days-of-launch.htmlhttp://www.cnet.com/news/iphone-5s-touch-id-

hacked-by-fake-fingerprints/

Virus Epidemics in Space

• Nov 12, 2013 ISS attacked by ‘virus epidemics’

• Infected International Space Station(ISS) computers and laptops through

the USB memory of the Russian cosmonaut brought a laptop

– Kaspersky guessed virus ‘W32.Gammima.AG’ or a type of Trojan virus

‘GameThief.Win32.Magania’

• To enhance the security and reliability of the computer system,

OS is changed from Windows XP to Linux

9http://www.theguardian.com/technology/2013/nov/12/international-space-station-virus-epidemics-malware

OpenSSL HeartBleed Vulnerability

• A security bug for OpenSSL library disclosed in April 2014

– Half a million of the Internet secure web servers were to be vulnerable

– Many other systems such as network equipments and security solutions were

also vulnerable, including 75 Cisco routers and switches

10http://unseennow.com/blog/protect-heartbleed-bug/https://en.wikipedia.org/wiki/Heartbleed

11

http://www.pocket-lint.com/news/131937-sony-pictures-hack-here-s-everything-we-know-about-the-massive-attack-so-far

• Nov 24, 2014. Hacked by Guardians of Peace (GOP)

• ‘The Interview’ the film believed to have been the reason

– The film’s plot involving the CIA planning to kill the secretive nation’s

supreme leader Kim Jong-un

• The hackers have obtained some100 terabytes of data stolen from Sony

– Estimated that the cost to fix the breach will be in the region of $100 million

• The director of the FBI has defended his bureau’s claim that the hacking

attack was the work of the North Korean government

Sony Pictures Hack

12

Newer Aircraft Vulnerable to Hacking

• Mar, 2015. The planes include the Boeing 787 Dreamliner, the Airbus

A350 and A380 aircraft were reported to have vulnerabilities

– The main plane computers and passenger internet area are physically

networked

• Airplane Wi-Fi hacking could take full control of the plane

– Main computers including control, navigation and communication systems

http://edition.cnn.com/2015/04/14/politics/gao-newer-aircraft-vulnerable-to-hacking/

LEGAL ISSUES AND

INVESTIGATION

13

Legal Issues in Cloud Computing

• By storing the data to cloud, criminals can avoid the legal issues

– Organizations don’t know where the data is located

14

http://www.cyberlawconsulting.com

http://www.mondaq.com/turkey/x/400668/Data+

Protection+Privacy/Critical+Legal+Issues+In+Cloud+Agreeme

nts

International Collaboration for Global Incidents

• Computer Security Incident Response Team (CSIRT)

– A reliable and trusted single point of contact for

reporting computer security incidents worldwide

• Forum of Incident Response and Security Team (FIRST)

– A premier organization and recognized global leader

in incident response

• Asia Pacific Computer Emergency Response Team (APCERT)

– Work to help create a safe, clean and reliable cyber space

in the Asia Pacific Region through global collaboration

15

RESEARCH CHALLENGES

16

DDoS Attacks (1/3)

• A Distributed denial-of-service (DDoS) attacks is an attempt to make a

machine or network resource unavailable to its intended users

• One of the main threat to the cyber security

17

<DDoS attack diagram>

http://hackmageddon.com/2015/01/13/2014-

cyber-attacks-statistics-aggregated/

DDoS Attacks (2/3)

• Distributed reflection denial of service attack

– Using IP address spoofing, the source address is set to that of the targeted

victim, which means all the replies will go to (and flood) the target

18

DDoS Attacks (3/3)

• DDoS attacks continue to represent an insidious threat, with an alarming

increase in the Simple Service Discovery Protocol reflection attacks

19<Arbor networks quarterly report on global DDoS attack data Q3 2014>

20

Defense Strategies and Cyber

Shelter for DDoS Attacks (1/4)

Resilient topology & DNS load balancing

Dependable server design

URL splitting

ISP on-demand filtering

URL rate limiting

• Broader DDoS Solutions

– No single effective solution

• Network topology, server design, attack filtering

21

Defense Strategies and Cyber

Shelter for DDoS Attacks (2/4)

• Dependable Servers

– Servers are more susceptible to DDoS than networks

• Even though DDoS traffic filtered, a server can be suffered from

unfiltered attack traffic

– URL splitting

• Light weight first page in one server, redirect to next page in a different server

• Load sharing with multiple servers

22

Defense Strategies and Cyber

Shelter for DDoS Attacks (3/4)

• Resilient Topology

– Resiliency of network topology

• Avoid single point of failures via link congestion

– Disperse replicated servers

• Once a server crashed, then the other can continue to provide the same services

23

Defense Strategies and Cyber

Shelter for DDoS Attacks (4/4)

• DDoS Shelter Service

– Reroutes attack traffic

• Destined for the targeted website to the Shelter and cleans it

– All traffic to the website will be collected by the Shelter to cope with the attack

for a certain period of time

http://eng.krcert.or.kr/service/ddos.jsp

Malware in Documents

• Hangul Document Exploit

– Put the shell code to heap area in the document for exploiting the

vulnerability of HWP word processor

– OS shut down after a while and print the message ‘Who Am I?’

24

<Attack simulation in .hwp vulnerability>

https://www.youtube.com/watch?v=z0Cvca8Ak9A

• Detecting Android malware variants by family signature

• New approach using CodeGraph system and android API

Discovering Android Malware

using Behavior Signature

25

• Jonghoon Kwon, Jihwan Jeong, Jehyun Lee, Heejo Lee, “DroidGraph: Discovering Android Malware by Analyzing Semantic Behavior", IEEE Conf. on Communications and Network Security (IEEE CNS), Oct. 29. 2014.

• Suyeon Lee, Jehyun Lee, Heejo Lee, "Screening Smartphone Applications using Behavioral Signatures", IFIP Int'l Information Security and Privacy Conference (IFIP SEC), Vol. 405, pp. 14-27, Jul. 8. 2013.

Detecting Repackaged Malapps

using Software-based Attestation

• MysteryChecker

– Verifier randomly generates an attestation module

– Verifier transfers a new attestation module to target, and the target replies an

attestation result

26

• Chanyoung Lee, Dongwon Seo, Jihwan Jeong, Jonghoon Kwon, Heejo Lee, “MysteryChecker: Unpredictable Attestation to Detect Repackaged Malicious Applications in Android”, IEEE Conf. on Malicious and Unwanted Software (IEEE Malware), Oct. 2014

CONSIDERATION FOR THE FUTURES

27

• Almost 40% of adults rarely protect themselves against cyber crooks

• National Crime Agency (NCA) has started a security awareness campaign

Security Awareness (1/2)

28http://www.nationalcrimeagency.gov.uk/news/news-listings/423-almost-

40-of-adults-rarely-protect-themselves-against-cyber-crooks

<August 13, 2014>

• NCA is urging you to be careful when using the internet

– Device’s software up-to-date

– Not opening files on a website or email from suspicious sources

– Being cautious when putting USB sticks and CDs into computer

• Cyber Streetwise campaign provides easy tips so that users stay safe

online

Security Awareness (1/2)

29https://www.cyberstreetwise.com/

Security Awareness Training

30

Youth IT security camp• Is held by MSIP

since 2012

• Plants the security

awareness in young people

V School• Is held annually by

AhnLab since 2006

• Is corporate social

activities as a talent donation

Human Resource Development (1/2)

Best of Best (BOB) program

• Is started from 2012

• A stepped mentoring program with top security experts

• A practice education and project of utility knowledge-based

• continuous support to white hackers for entering the workforce

31

Human Resource Development (2/2)

32

CODE GATE (Hacking conference)• Is the world-class global event on

information protection to foster the

global experts

• Capture the flag (CTF) sample problem

INCOGNITO (Hacking conference)• Is a name for the Korean university

computer security club union

created in 2012

• The members are 12 universities

including Korea Univ, POSTECH,

KAIST, and SNU.

CSIRT Training Program

33

APISC Security Training Course• Since 2005 KISA has been implementing the Asia-Pacific Information

Security Training Course (APISC)

• Program• 1-day on Information Security in Korea

• 1-day for economy update by participants

• 3-days of TRANSITS course on CSIRT building and operation

HRD Programs in Information Security(1/2)

• Undergraduate and graduate course for information security

– Information security departments in undergraduate course are established in

2002 from KCC of IT resources development project

– Graduate course

• 21 courses in general graduate school

• 11 courses in special graduate school

34

Universities StudentsGraduate

(2014)

Undergraduate

degree program36 5,701 545

Graduate

degree program32 1,241 281

http://isis.kisa.or.kr/ebook/swfViewPage.jsp?type=2015

• Selection of information security specialized university in Korea, June 2015

– Curriculum operation: incident response, digital forensics, cyber security

– Collaborative projects with enterprises

Korea university Seoul women’s university Ajou university

HRD Programs in Information Security(2/2)

35http://isis.kisa.or.kr/ebook/swfViewPage.jsp?type=2015

THANK YOU

36