ThaiCERT Incident Response & Phishing cases in Thailand. By Kitisak Jirawannakool Thai Computer Emergency Response team (ThaiCERT)

Similar documents
Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

National Cybersecurity preparation to deal with Cyber Attacks

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Establishing National Incident Response Capability for Viet Nam - VNCERT activities and challenges

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Implementing a National Strategy : the case of the Tunisian CERT

Dan Lobb CRISC Lisa Gable CISM Katie Friebus

TLD-OPS Standing Committee Meeting cctld Security and Stability Together

ICT PROFESSIONAL MICROSOFT OFFICE SCHEDULE MIDRAND

AIL Framework for Analysis of Information Leaks From a CSIRT use-case towards a generic analysis open source software

The Scenes of Cyber Crime

Jordan Levesque Making sure your business is PCI compliant

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Sophos Central for partners and customers: overview and new features. Jonathan Shaw Senior Product Manager, Sophos Central

Fixed and wireless broadband mapping in Belgium

ITU- Arab Regional Cyber Security Center s Activities & Regional Threats landscape

Indian Computer Emergency Response Team (CERT-In) Annual Report (2008)

Certified Cyber Security Specialist

Swedish IT Incident Centre

Cybersecurity is a Team Sport

CIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra

Get BitDefender Client Security 2 Years 30 PCs software suite ]

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

Italian government CERT: INITIAL RESULTS

A strategy for Inexpensive Automated Containment of Infected or Vulnerable Systems

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

locuz.com SOC Services

MELANI: Information exchange a story of success

DAS LRS Monthly Service Report

Centre for cybersecurity Belgium : Role, Missions et future capacities

ERS IT Portfolio Report

An overview of the CERT/CC and CSIRT Community

The New Security Heroes. Alan Paller

Stakeholders Analysis

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

CIRT: Requirements and implementation

2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cybersecurity Strategy of the Republic of Cyprus

Statistical Methods in Trending. Ron Spivey RETIRED Associate Director Global Complaints Tending Alcon Laboratories

Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP

RISING CYBER SECURITY CAPABILITY WITH A UNIQUE NETWORK OF TRUSTED PARTNERS. Jan De Blauwe Chairman Cyber Security Coalition Belgium

Towards an Egyptian Framework for CyberSecurity

Automatic Renewal Using DIY Technology to Create an Improved Patron Experience

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

Integrated Water Resources Science and Services (IWRSS)

1 History of CyberSecurity in the Philippines 2 3

IBM Security Systems IBM X-Force 2012 Annual Trend and Risk Report

Must Have Items for Your Cybersecurity or IT Budget in 2018

A practical guide to IT security

CONE 2019 Project Proposal on Cybersecurity

Personal Cybersecurity

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

June 2012 First Data PCI RAPID COMPLY SM Solution

Getting Security Operations Right with TTP0

Statistics Clearinghouse function Infrastructure Alert function

New Zealand National Cyber Security Centre Incident Summary

Statement for the Record

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

For Official Use Only

SIGS AFTERWORK EVENT. Security: which operational model for which scenario. Hotel Warwick - Geneva

Itu regional workshop

Thailand Initiatives and Challenges in Cyber Terrorism

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Bradford J. Willke. 19 September 2007

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Crisis Management Plan

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

Cyber Security Development. Ghana in Perspective

This report is based on sampled data. Jun 1 Jul 6 Aug 10 Sep 14 Oct 19 Nov 23 Dec 28 Feb 1 Mar 8 Apr 12 May 17 Ju

Action Plan Developed by The Iranian Institute of Certified Accountants (IICA) BACKGROUND NOTE ON ACTION PLANS

ANNUAL GENERAL MEETING Tuesday, March 3, 2015, Novotel Mitte, Berlin

Electronic payments in the Netherlands

CALENDAR FOR THE YEAR 2018

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

SFC strengthens internet trading regulatory controls

The Development of. ICT in Thailand. by Thaweesak Koanantakool, Ph.D.

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Gateway Transportation Collaboration Forum. 21/01/2015 Gateway Transportation Collaboration Forum 1

Access Control and Physical Security Management. Contents are subject to change. For the latest updates visit

APWG Global Phishing Survey 2H2010

Customer Forum. Access to Data. Author, Department. 26 April 2018

SECURE YOUR APPLICATIONS, SIMPLIFY AUTHENTICATION AND CONSOLIDATE YOUR INFRASTRUCTURE

DHS Cybersecurity: Services for State and Local Officials. February 2017

Cyber Security Technologies

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

USGv6: US Government. IPv6 Transition Activities 11/04/2010 DISCOVER THE TRUE VALUE OF TECHNOLOGY

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Information Security of the Beijing 2008 Olympic Games. Yonglin ZHOU

San Joaquin County Emergency Medical Services Agency

Malware Research at SMU. Tom Chen SMU

Securing Europe's Information Society


Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA

Communications Security, Reliability & Interoperability Council

ISACA MANILA CHAPTER CALENDAR OF ACTIVITIES

BUDGET PLAN KETSANA EMERGENCY RECONSTRUCTION AND REHABILITATION PROJECT (ERRP) COVERING PROJECT PERIOD: THREE YEARS Jul-10

HIGH RISK REPORT J.CREW GROUP, INC. September 14, 2017

Transcription:

ThaiCERT Incident Response & Phishing cases in Thailand By Kitisak Jirawannakool Thai Computer Emergency Response team (ThaiCERT)

Agenda About ThaiCERT ThaiCERT IR Phishing in Thailand

About ThaiCERT Ministry of Science and Technology National Science and Development Agency (NSTDA) National Electronics and Computer Technology Center (NECTEC) Thai Computer Emergency Response Team (ThaiCERT) Thailand National CERT Full member of FIRST, APCERT www.thaicert.org

Objectives of ThaiCERT To handle the computer crime and coordinate with the related organization. To gain the knowledge and skill in the information security which is the factor effect to the stability of Thailand. To establish the team, which can handle the incidence of computer security and develop team personnel s skill.

Current ThaiCERT Dr. Komain Dr. Siwaruk Dr. Banchong Dr. Kitti Dr. Kamol 5 Ph.D. 30 Staffs

Current ThaiCERT ThaiCERT Services ThaiCERT R&D (3 research area) Wireless Broadband Security Research and Development Information Security Standard Research and Development National Security Technology Research and Development

ThaiCERT Services Public Services User security awareness raising i.e. publication of security knowledge on the web, and Safety-Net Booklet E-learning on computer security Incident Response Virus Alert Security Advisory Incident Coordinator

ThaiCERT Website

Publication Electronic Transaction Security Standard (version 1) (based on BS 7799/ISO 17799:2000 Standard) Electronic Transaction Security Standard (version 2) (based on ISO 27001/ISO 17799:2005 Standard

ThaiCERT Services Incident Response Services E-mail Telephone IT Security Audit Services Penetration Test Vulnerability Scanning Information Security Assessment (ISA) ISO/IEC27001 and ISO/IEC17799 std IT Security Plan Development Service

ThaiCERT Services Security Training i.e. OS Hardening, Wireless Security, Security Standard Implementation Wireless Security Services Design and Implementation Services Virus Protection Services Virus Alert Service Virus Buster Service E-Mail Antivirus Gateway

ThaiCERT R&D IT Security Standard Wireless Security

ThaiCERT R&D 2-D Barcode Security Malware Analysis Lab Fingerprint Software Security Sensor

ThaiCERT R&D Broadband Wireless for National Security

ThaiCERT IR General IR Process Constituency Statistics

Incident Response Process 1 Via E-Mail,Call,Web,Fax 2 3 Attacker Reporting Process Verify 5 NO 4 Coordination Process Site Constituency Checking YES 6 Analysis and response

NSTDA and under NECTEC BIOTEC MTEC NANOTEC Constituency Government organizations some ISPs other organizations by request

Collaboration NECTEC TECHNIQUE ( National Security Council ) NSC COORDINATE COORDINATE UNIVERSITIES (National Information Technology Committee) ThaiCERT NITC SECURITY POLICY POLICE COORDINATE COORDINATE ISP

Incident Management System

Statistics - Overall 500 450 400 350 355 389 400 453 378 342 Cases 300 250 200 150 100 50 0 150 2001 2002 2003 2004 2005 2006 2007 Year

Types of Incident 350 300 307 Spam Mail 250 262 Port Scan and Probe Malware Cases 200 150 183 171 170 210 132 162 154 Phishing Other 100 50 0 90 66 31 48 56 55 46 38 29 38 34 35 12 27 17 24 10 20 17 7 16 0 2001 2002 2003 2004 2005 2006 2007 Year

Types of Incident 2007 Malware 11% Phishing 77% Port Scan and Probe 2% Others (Hack, DDos etc.) 10%

Monthly - 2007 40 35 30 Malware Phishing Piracy Scan System Compromise Other 25 20 15 10 5 0 JAN. FEB. MAR. APR. MAY. JUN. JUL. AUG. SEP. OCT. NOV. DEC.

Organization type 30 Government sector 25 26 25 Private sector N/A 20 19 22 21 15 10 5 0 15 17 15 13 12 12 11 11 11 10 8 10 9 9 8 6 6 7 7 5 7 6 3 2 2 1 3 1 1 1 0 JAN. FEB. MAR. APR. MAY. JUN. JUL. AUG. SEP. OCT. NOV. DEC.

Phishing Cases in Thailand Overview Types of Phishing Incidents Discussion

Internet Usage in Thailand Millions 14 Thailand Internet user 12 10 8 6 4 2 0 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 Year Source : http://internet.nectec.or.th/webstats/internetuser.iir?sec=internetuser

Phishing in Thailand has increased rate and rapidly speed 2007 Thailand Rank 4 Financial institution want to have more security in making business on internet. 2006 Thailand Rank 9 Finding phishing websites and emails for early warning the financial institutions 28

Types of phishing incidents Hosting phishing site > 90% of ThaiCERT incidents Servers were hacked handle by using general IR process Thai banks-related phishing site Servers were in outside Thailand Thai banks fell victim too

How do we handle? ThaiCERT Phishing? No Yes Was Bank aware? No Alert the Bank Yes Collect information of phishing web Inform to Yes Is server E-mail Admin in Thailand? Inform to No other CERT

Discussion The Phishing cases are increasing. Phishing has little impact in Thailand. Thai people ignore English e-mail. Thai people don t trust security in e- transaction. There are a lot of off-line banks and ATMs branches, which are convenient.

Thai Computer Emergency Response Team National Security Technology and Innovation Laboratory NECTEC Building 112 Thailand Science Park Phahon Yothin Rd., Klong 1, Klong Luang, Pathumthani 12120. THAILAND. TEL: +66 (0) 2-564-6868 FAX: +66 (0) 2-564-6871 E-MAIL: thaicert@nectec.or.th WEBSITE: http://www.thaicert.org

Q/A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback