The situation of threats in cyberspace in the first half of 2018

Similar documents
JPCERT/CC Incident Handling Report [January 1, March 31, 2018]

Police Technical Approach to Cyber Threats

JPCERT/CC Internet Threat Monitoring Report [July 1, September 30, 2016]

JPCERT/CC Internet Threat Monitoring Report [July 1, September 30, 2014]

Overview of nicter - R&D project against Cyber Attacks in Japan -

About Issues in Building the National Strategy for Cybersecurity in Vietnam

9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

Security & Phishing

Phishing Activity Trends Report August, 2006

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015]

Phishing Activity Trends Report August, 2005

Bank of america report phishing

Legal Foundation and Enforcement: Promoting Cybersecurity

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Personal Cybersecurity

Cyber Insurance: What is your bank doing to manage risk? presented by

Electronic payments in the Netherlands

Prolexic Attack Report Q4 2011

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

DMARC Continuing to enable trust between brand owners and receivers

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

The BUSINESS of Fraud. Don t let it put you out of business. AFFILIATE LOGO

Observation by the Internet Fixed-Point Monitoring System (TALOT2) for November 2011

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Phishing Activity Trends Report March, 2005

A Review Paper on Network Security Attacks and Defences

The Scenes of Cyber Crime

Phishing Activity Trends

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Phishing Activity Trends Report October, 2004

Improving Domain Names Utilization

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

Management Frameworks

SONY CASE STUDY PROTECTING FROM WEB BROWSER BASED CYBER ATTACKS

Web Cash Fraud Prevention Best Practices

Simple and Powerful Security for PCI DSS

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

Phishing Activity Trends Report January, 2005

Top 10 Global Threat Rank by Source

Botnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer

The Interactive Guide to Protecting Your Election Website

Unique Phishing Attacks (2008 vs in thousands)

New Developments in the SpamPots Project

How to Catch a Thief. Trends & Technologies in the Fight Against Fraud. Rohan Langley SAS

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Korea Phishing Activity Trends Report

3-4 DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks

FOR IMMEDIATE RELEASE

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

FREQUENTLY ASKED QUESTIONS

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016

Observation by Internet Fix-Point Monitoring System (TALOT2) for March 2011

CIRT: Requirements and implementation

Provisional Translation

Cybersecurity Strategy of the Republic of Cyprus

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

Best Practices Guide to Electronic Banking

Information Security Policies in Japan

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

A Multi-Stakeholder Approach in the Fight Against Cybercrime

Japanese-Style STIX and TAXII Information Sharing Platform. December 7, 2017 Masato Terada Hitachi Incident Response Team Hitachi Ltd.

Computer Security Trend 2008 from Japan. SQL Injection, DNS cache poisoning, Phishing, Key logger Malware and Targeted Attacks

The Global Cybercrime Industry

Phishing Activity Trends Report November, 2004

Anti-Phishing Working Group

SAQ² ( Sakusaku ) JAPAN Project -Action Plan for Establishing ICT Use Environment for Foreign Tourists-

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Who We Are! Natalie Timpone

RSA Web Threat Detection

Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Overview of PBI-blockchain cooperation technology

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cyber Security Guide for NHSmail

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

CRITICAL INFRASTRUCTURE AND CYBER THREAT CRITICAL INFRASTRUCTURE AND CYBER THREAT

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Intelligent and Secure Network

Security in India: Enabling a New Connected Era

An improved security model for identity authentication against cheque payment fraud in Tanzanian banks

Phishing Activity Trends

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

716 West Ave Austin, TX USA

OA Cyber Security Plan FY 2018 (Abridged)

Cyber Hygiene Guide. Politicians and Political Parties

Consolidated Financial Results for the Second Quarter, Fiscal 2018

WHITE PAPER. ENSURING SECURITY WITH OPEN APIs. Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs

Gujarat Forensic Sciences University

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

CE Advanced Network Security Phishing I

May the (IBM) X-Force Be With You

Cyber Security Guide. For Politicians and Political Parties

Transcription:

The situation of threats in cyberspace in the first half of 2018 1. Cyber-attacks (1) Scanning activities in cyberspace a. Overview of unexpected incoming packets to the sensors 1 The number of unexpected incoming packets to the sensors was 2,223.6 per IP address in a day, which has been shown an upward trend on the whole in recent years. Figure 1 [Number of unexpected incoming packets to the sensors] b. Characteristics Diversified targets of cyber-attacks and scanning activities As for destination ports 2 where unexpected incoming packets were observed, the number of unexpected incoming packets to commonly used ports (port number 1023 and below) remained high and yet the number has been on a downward trend since the first half of 2017. On the other hand, the number of unexpected incoming packets to ports (port number 1024 and above) which are used for communications with IoT devices or specific parties has been on an upward trend, and the number exceeded that of unexpected incoming packets to ports 1023 and below in the first half of 2018. 1 The sensors are components of the Real-time Detection Network System that the NPA operates around-theclock, and are placed at the Internet connection points. These sensors detect connecting information (including scanning activities for attempting cyber-attacks) which is not assumed to be ordinary use of the Internet, and the system assembles and analyzes the information. 2 Port is an interface of a computer for specifying which protocol is to be applied in TCP/IP communication, and a number 0 to 65525 is assigned to each port. 1

Figure 2 [Number of unexpected incoming packets by destination port per IP address in a day] As for the percentage of the numbers of unexpected incoming packets to each destination port in the first half of 2018, others got increased and concentrative access to the specific ports decreased. The reason why the percentage of others got increased seems that the range of targets of scanning activities and cyber-attacks were diversified, expanding into networks of IoT or cryptocurrency. One of other characteristics is that the percentage of unexpected incoming packets from bots of Mirai to 80/TCP and these packets, targeting vulnerability of Microsoft Windows, to 445/TCP got increased again. Figure 3 [Percentage of unexpected incoming packets by destination port] 2

Observation of unexpected incoming packets targeting cryptocurrency network Unexpected incoming packets targeting cryptocurrency network have been increasing in recent years. The NPA observed an increase in the number of IP addresses which were the sources of unexpected incoming packets presumably targeting Ethereum network in and after late March 2018, and observed a surge in the middle of June. Figure 4 [Number of originating IP addresses of unexpected incoming packets, toward destination port 8545/TCP, which seemed to target Ethereum network] The NPA observed unexpected incoming packets targeting Claymore, which is mining tool for Ethreum, in and after January 2018, and observed an increase in the number of unexpected incoming packets which were presumably related to scanning activity targeting cryptocurrency EOS in and after late May 2018. Infection activity of malware which is furnished with a function of mining cryptocurrency In February 2018, the NPA observed an increase in unexpected incoming packets which were presumably made by malware ADB. Miner that infected terminals of Android TV Box and mined cryptocurrency without permission of users of the terminals. And in and after March 2018, the NPA observed a lot of the unexpected incoming packets. Figure 5 [Number of access to port 5555/TCP presumably targeting Android TV Box] 3

In addition, in and after late March 2018, the NPA observed unexpected incoming packets targeting NoSQL database Redis, content management system Drupal and GPON routers, which once had vulnerability. (2) Situation of cyber-attacks and efforts toward them a. Situation (a) Overview The Japanese police share information on cyber-attacks, which seemed to intend to thieve information, with business operators through the Counter Cyber-intelligence Information-Sharing Network 3. The number of spear phishing e-mail attacks the Japanese police confirmed through the Network has been on an upward trend in recent years, and yet the number in the first half of 2018 (2,578) was lower than the number in the second half of the last year which was the highest ever. Figure 6 [Number of spear phishing e-mail attacks] And web browsing failures in the websites of Japanese government agencies, public transport and aquariums occurred as in 2017. The Japanese police confirmed that the self-styled international hacker group Anonymous posted SNS with messages which seemed to be claims of responsibility for the cyber-attacks against 15 organizations. 3 A framework between the police and 7,769 organizations/business operators with cutting-edge technologies all over the country (as of July 2018) to share information on cyber-attacks which seem to intend to thieve information. Through the framework the police and the member organizations/business operators also share results of analysis on spear phishing e-mail attacks against governmental entities, in coordination with the National Center of Incident-readiness and Strategy for Cybersecurity (NISC). 4

(b) Modus operandi of spear phishing e-mail attacks Figure 7 [Chart of spear phishing e-mail attacks] Indiscriminate style 4 spear phishing e-mail attacks continued to occur frequently A lot of indiscriminate style spear phishing e-mail attacks occurred and accounted for about 87% of the total. The percentage remained high. Year Indiscriminate style Non indiscriminate style 2013, 2 nd half 63.6% ( 185 cases) 36.4% (106 cases) 2014, 1 st half 39.8% ( 86 cases) 60.2% (130 cases) 2014, 2 nd half 92.1% (1,388 cases) 7.9% (119 cases) 2015, 1 st half 91.5% (1,347 cases) 8.5% (125 cases) 2015, 2 nd half 91.7% (2,161 cases) 8.3% (195 cases) 2016, 1 st half 85.4% (1,667 cases) 14.6% (284 cases) 2016, 2 nd half 94.2% (1,974 cases) 5.8% (121 cases) 2017, 1 st half 89.0% ( 524 cases) 11.0% ( 65 cases) 2017, 2 nd half 97.9% (5,322 cases) 2.1% (116 cases) 2018, 1 st half 87.1% (2,246 cases) 12.9% (332 cases) Figure 8 [Percentage of indiscriminate style spear phishing e-mail attacks and others] 4 The NPA defines an act that an offender, sending an e-mail to which malware anti-virus software on the market cannot detect is attached and which is disguised as what is related to business of an addressee, attempts to infect a computer of the addressee with the malware to thieve information as spear phishing e-mail attack. The NPA categorizes a spear phishing e-mail attack which brings the same text or the same malware to 10 or more than 10 addressees as indiscriminate style. 5

Most of the spear phishing e-mails were sent to unpublicized e-mail addresses As for destination of the spear phishing e-mails, unpublicized e-mail addresses accounted for about 85% of the total. The percentage remained high. Most of the e-mail addresses of the spear phishing e-mails were forged In the spear phishing e-mail cases, 96% of the e-mail addresses of the addressers seemed to be forged. Change in the proportion of formats of files which were attached to spear phishing e-mails As for the proportion of formats of files that were attached to spear phishing e- mails, the proportion of the MS-Excel file showed a big raise in the first half of 2018. Figure 9 [Percentage of formats of files attached to spear phishing e-mails] Change in formats of compressed files As for formats of the compressed files that were attached to spear phishing e-mail, script files 5 which had kept high proportion since the second half of 2016 was not found, and executable files showed high percentage. 5 A file written by a simple programing language (scripting language). This file is often abused to download malicious executive files. 6

Figure 10 [Percentage of formats of compressed files attached to spear phishing e-mails] b. Efforts (a) Takedowns on C2 servers used for cyber-attacks The Japanese police encouraged hosting server businesses to take down C2 servers 6 which had been identified through the analysis of malware used in cyber-attack cases. Six C2 servers were taken down in the first half of 2018. (b) Promoting countermeasures against cyber-attacks on the Tokyo 2020 Olympic and Paralympic Games Preparing for the Tokyo 2020 Olympic and Paralympic Games, the Japanese police conducted several measures against cyber-attacks, such as joint drills with relevant organizations on the supposition of cyber-attacks and information sharing with relevant organizations in the countries that hosted the Olympic and Paralympic Games before. 2. Cybercrimes (1) The number of cleared cybercrime cases and consultation regarding cybercrime The number of cleared cybercrime cases has been on an upward trend in recent years, and yet it slightly decreased as compared to the first half of 2017 which was the highest ever. And the number of consultation regarding cybercrime was the highest in 2016, and yet it decreased in 2017. The number in the first half of 2018 was 61,473, and it was also lower than that in the first half of 2017. 6 Command and Control Server. It might be abbreviated to C&C server. A C2 server, operating in response to commands from an offender and giving commands to computers which are infected with malware, plays a central role of malicious operations of computers. 7

Figure 11 [Number of cleared cybercrime cases] Figure 12 [Number of consultation regarding cybercrime] 8

(2) Situation of online banking fraud a. Overview The number of online banking fraud cases was 211, and the amount of damage was about 372 million yen (about 3.3 million US dollars), and both of them have been on a downward trend on the whole. Figure 13 [Number of online banking fraud cases] Figure 14 [Amount of damage of online banking fraud] b. Characteristics Significant decrease in damage to corporate bank accounts 9

The damage caused in corporate accounts decreased as compared to the first half of 2017 mainly at regional banks and Shinkin banks due to the countermeasures such as enhancement of monitoring 7 and the launch of onetime password authentication. Significant decrease in the number of unauthorized wire transfer cases where electronic settlement service system was abused As for unauthorized wire transfer cases where electronic settlement service system was abused, unauthorized wire transfer for purchasing cryptocurrency via electronic settlement service system was not confirmed, so that the number of those cases decreased significantly. About 60% of the destination accounts for the unauthorized wire transfer were under names of Vietnamese As for nationalities of the account holders, Vietnam represented 65%, China 15%, and Japan 12% of 358 accounts which were identified as the first destination accounts for the unauthorized wire transfer. (3) Unauthorized transmission of cryptocurrency caused by unauthorized computer access to cryptocurrency exchange operators The number of reported cases was 158, and the total amount of damage was about 60.53 billion yen, which exceeds the one in first half of 2017 (51 reported cases and 115 million yen) by 107 cases and 60.388 billion yen. In the 102 cases (64.6%) out of the 158 cases that were reported to the police, customers used the same ID and password as used for other services. (4) Efforts Countermeasures against DreamBot that is malware with a function to remit balance without being noticed by account holders Since the infection with the malware DreamBot still continued to occur, the police, in partnership with the JC3, urged Internet users and financial institutions to draw attention. And the JC3 created on its website the page where Internet users could check whether their computers were infected with DreamBot. Countermeasures against unauthorized cryptocurrency transmission The NPA provided the Financial Services Agency with information on situation of unauthorized cryptocurrency transmission, and secured cooperation of the Financial Services Agency in guidance to, and its assistance for cryptocurrency exchange operators. Countermeasures, in coordination with the JC3, against fraudulent websites related to online shopping The JC3, collaborating with the Aichi Prefectural Police in developing tools to detect fraudulent websites, provided URLs of the fraudulent websites, which the JC3 detected with the 7 Monitoring IP addresses which were used for unauthorized remittance. 10

tools, to the APWG 8. Providing information leading directly to prevention of damage, and requesting to enhance preventive measures The NPA requested financial institutions to enhance monitoring their transactions, to urge their customers to use a onetime password and two-path authentication 9, and to implement thoroughly customer identification. (End) 8 Anti-Phishing Working Group. A nonprofit organization founded in 2003 in the United States in order to address phishing scam. 9 An authentication method where information required to complete transaction is transmitted through 2 channels. For example, a customer inputs what is required for online banking transaction into his/her PC, and authenticates the transaction, inputting an ID, a password, and so on into his/her smartphone. Even if the PC used for online banking were operated without authority to wire-transfer due to computer-virus infection, unauthorized transaction will be prevented because an authentication through another (smartphone) channel is required to complete the transaction. 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback