ThaiCERT Incident Response & Phishing cases in Thailand By
advertisement
ThaiCERT Incident Response & Phishing cases in Thailand By Kitisak Jirawannakool Thai Computer Emergency Response team (ThaiCERT) Agenda About ThaiCERT ThaiCERT IR Phishing in Thailand About ThaiCERT Ministry of Science and Technology National Science and Development Agency (NSTDA) National Electronics and Computer Technology Center (NECTEC) Thai Computer Emergency Response Team (ThaiCERT) Thailand National CERT Full member of FIRST, APCERT www.thaicert.org Objectives of ThaiCERT To handle the computer crime and coordinate with the related organization. To gain the knowledge and skill in the information security which is the factor effect to the stability of Thailand. To establish the team, which can handle the incidence of computer security and develop team personnel’s skill. Current ThaiCERT Dr. Komain 5 Ph.D. 30 Staffs Dr. Siwaruk Dr. Banchong Dr. Kitti Dr. Kamol Current ThaiCERT • ThaiCERT Services • ThaiCERT R&D (3 research area) • Wireless Broadband Security Research and Development • Information Security Standard Research and Development • National Security Technology Research and Development ThaiCERT Services • Public Services • User security awareness raising • i.e. publication of security knowledge on the web, and Safety-Net Booklet • E-learning on computer security • Incident Response • Virus Alert • Security Advisory • Incident Coordinator ThaiCERT Website Publication Electronic Transaction Security Standard (version 1) (based on BS 7799/ISO 17799:2000 Standard) Electronic Transaction Security Standard (version 2) (based on ISO 27001/ISO 17799:2005 Standard ThaiCERT Services • Incident Response Services – E-mail – Telephone • IT Security Audit Services – Penetration Test – Vulnerability Scanning – Information Security Assessment (ISA) • ISO/IEC27001 and ISO/IEC17799 std – IT Security Plan Development Service ThaiCERT Services • Security Training – i.e. OS Hardening, Wireless Security, Security Standard Implementation • Wireless Security Services – Design and Implementation Services • Virus Protection Services – Virus Alert Service – Virus Buster Service – E-Mail Antivirus Gateway ThaiCERT R&D • IT Security Standard • Wireless Security ThaiCERT R&D • • • • 2-D Barcode Security Malware Analysis Lab Fingerprint Software Security Sensor ThaiCERT R&D • Broadband Wireless for National Security ThaiCERT IR General IR Process Constituency Statistics Incident Response Process 1 Via E-Mail,Call,Web,Fax Attacker 3 2 Verify Reporting Process 5 Coordination Process 4 NO Site Constituency Checking YES Analysis and response 6 Constituency NSTDA and under NECTEC BIOTEC MTEC NANOTEC Government organizations some ISPs other organizations by request Collaboration (National Information Technology Committee) NECTEC TECHNIQUE NITC SECURITY POLICY ( National Security Council ) POLICE NSC COORDINATE COORDINATE ThaiCERT COORDINATE UNIVERSITIES COORDINATE ISP Incident Management System Statistics - Overall 500 453 450 389 400 400 378 355 350 342 Cases 300 250 200 150 150 100 50 0 2001 2002 2003 2004 Year 2005 2006 2007 Types of Incident 350 307 300 Spam Mail 262 Cases 250 183 150 100 50 0 171 Other 162 170 154 132 90 66 55 38 34 12 2001 27 2002 31 48 17 2003 46 10 2004 Year Malware Phishing 210 200 Port Scan and Probe 24 56 29 20 2005 1716 2006 38 35 7 0 2007 Types of Incident 2007 Malware 11% Port Scan and Probe 2% Phishing 77% Others (Hack, DDos etc.) 10% Monthly - 2007 Malware 40 Phishing Piracy 35 Scan System Compromise 30 Other 25 20 15 10 5 0 JAN. FEB. MAR. APR. MAY. JUN. JUL. AUG. SEP. OCT. NOV. DEC. Organization type 30 Government sector 26 Private sector 25 25 N/A 19 20 17 15 15 13 21 22 15 12 11 10 8 6 7 9 5 7 5 2 10 11 3 1 1 FEB. MAR. 0 7 2 1 10 6 11 9 12 8 6 3 1 0 JAN. APR. MAY. JUN. JUL. AUG. SEP. OCT. NOV. DEC. Phishing Cases in Thailand Overview Types of Phishing Incidents Discussion Internet Usage in Thailand Millions 14 Thailand Internet user 12 10 8 6 4 2 0 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 Year Source : http://internet.nectec.or.th/webstats/internetuser.iir?Sec=internetuser ) Phishing in Thailand has increased rate 2007 and rapidly speed Thailand 2006 Rank 4 ) Financial institution want to haveThailand more Rank 9 security in making business on internet. ) Finding phishing websites and emails for early warning the financial institutions 28 Types of phishing incidents Hosting phishing site > 90% of ThaiCERT incidents Servers were hacked handle by using general IR process Thai banks-related phishing site Servers were in outside Thailand Thai banks fell victim too How do we handle? Phishing? ThaiCERT Yes Was Bank aware? No Alert the Bank Yes No Collect information of phishing web E-mail Inform to Admin Inform to other CERT Yes Is server in Thailand? No Discussion The Phishing cases are increasing. Phishing has little impact in Thailand. Thai people ignore English e-mail. Thai people don’t trust security in etransaction. There are a lot of off-line banks and ATMs branches, which are convenient. Thai Computer Emergency Response Team National Security Technology and Innovation Laboratory NECTEC Building 112 Thailand Science Park Phahon Yothin Rd., Klong 1, Klong Luang, Pathumthani 12120. THAILAND. TEL: +66 (0) 2-564-6868 FAX: +66 (0) 2-564-6871 E-MAIL: thaicert@nectec.or.th WEBSITE: http://www.thaicert.org Q/A
