SlideShare une entreprise Scribd logo

Current Conditions and Challenges of Cybersecurity in Taiwan

APNIC
APNIC

Presentation by Chih-Ho Chou at APNIC 44 on Tuesday, 12 September 2017.

Internet
1  sur  38
Current Conditions and Challenges of Cybersecurity in Taiwan Chou, Chih-Ho (周智禾) Section Chief, Department of Cyber Security, Executive Yuan, Taiwan (ROC) 9/12/2017
Outline • Cybersecurity Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 1
Introduction of NICST • National Information and Communication Security Taskforce (NICST) • Established since January 2001 • Convened by Vice Premier, Executive Yuan • Steering Committee comprised of central government CISOs/Municipality CISOs/Deputy Director of NSB/Experts • Secretariat by Department of Cyber Security (DCS), Executive Yuan • 8 major working groups for cyber security related tasks execution and coordination among agencies • One service center (National Center for Cyber Security Technology, NCCST) plays the role of National CSIRT 行政院資通安全處 2
Organization Chart 行政院資通安全處 3  MJIB: Ministry of Justice Investigation Bureau  CIB: Criminal Investigation Bureau
PDCA Cycle of Government Sector Information Security Management System 行政院資通安全處 4 Cyber Offensive and Defensive Exercise Annual Audit (1st Party/3rd Party) Cyber Health Check, VA, PT Incident Report and Social Engineering Drills Agency Governance Maturity and Protection Capability Level Assessment National Cyber Security Indicators Domestics/Intl. Contests Agencies - Implement Agency TDL (ISMS/Defense-in-Depth/24x7 Monitoring/Dedicated Staff) - Implement IT System TDL - Deploy Agency-wide GCB - Incident Report and Handling… NCCST - G-ISMS Services (Early Warning/Incident Response/System Security/Mgmt Process/Awareness Training) - Public-Private Partnership (G-SOC/G-ISAC) - International Cooperation… Competent Authorities - Cyber Crime Investigation - Content Security - Human Resources Development - Personal Information Protection - Mobile App Test  NICST Committee Meeting  NICST Consulting Committee Meeting  NICST Working Group Meeting  CIO and CISO Meeting  Quarterly Workshop for IT Personnel  Cybersecurity Management Act (Draft)  National Strategy for Cybersecurity Development Program (2017~2020)  National Cyber Security Whitepaper  Directives for Agencies - Agency Responsibility Ranking Criteria - Agency To-Do List (TDL) - IT System To-Do List - Incident Report Guideline
• Cyber Security Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 5
International Cybersecurity Trends 行政院資通安全處 6 The open systems and the Internet are used in critical infrastructures increasingly. That results in the growing of the risks. Organized hackers use Advanced Persistent Threat (APT) attacks to steal the confidential data of official, national defense and business Information and security providers have been hacked to lead to damage the trusted supply chain Cyber criminals steal personal data to affect the operations of e-commerce and finance Cyber-warfare and DDoS paralyzed national network operations
International Cybersecurity Trends • Ransomware expands • Almost 10% of organizations detected ransomware activity last quarter • Automatic attacks • 80% of organizations reported high-or critical-severity exploits • More mobile malwares • The total malware volume jumped from 1.7%(in Q4 2016) to 8.7%(in Q1 2017) • Build botnets out of IoT(Internet of Thing) devices to launch the DDoS attack – e.g. Mirai 行政院資通安全處 7 Source:Fortinet (Taiwan Security View: IOT Threats on Rise)
APT Hackers Around the Globe • Over 20 APT hacker teams (2014~2015) • US, UK, China, Russia, and Israel • North Korea and Middle East 行政院資通安全處 8 Source:https://apt.securelist.com/
APT Attacks • APT Attack Analysis • 91% of APT Attacks started from a spear phishing e-mail • 94% of spear phishing e-mails have attachment files • Most common file types are .doc、.exe、.scr、.au3、.jpg、.pdf 行政院資通安全處 9 Source:2015 Symantec Internet Security Threat Report
Hard to Detect 行政院資通安全處 10 Source:2015 Mandiant Annual Threat Report
Problems with Website Vulnerabilities • So far, most websites around the globe still have vulnerabilities 行政院資通安全處 11 Source: 2015 Symantec Internet Security Threat Report
• Cyber Security Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 12
Network Equipment at Risk • Network equipment are hard to manage, and very easily get hacked • Hacking network equipment is old news, but hackers continue to do so because it relatively easy • We were collecting phishing mails and analyzed them • We traced this C&C IP, and found it was located in a civilian household 行政院資通安全處 13
It is a Wireless Router • The C&C actually is a wireless router • default password • built-in VPN function 行政院資通安全處 14 The account created by hacker
Transfer Data • Router transferred packets automatically • Transfer all packets came from port 80, 443 to 192.168.10.2 • 192.168.10.2 is the VPN IP • The hacker would continuously receive victims' reporting packets sending through port 80, 443 行政院資通安全處 15
Looking at the Log • From the router log we could find the record of the hacker activities 行政院資通安全處 16 The hacker used the VPN service The VPN IP that hacker used
Hacker Collect Victim Data via C&C • This wireless router was set to transfer packets automatically • The hacker only needed to connect to the VPN service, then it will receive all packets automatically • After further investigation, victims were not only the Taiwan government agencies, there are other countries IP such as U.S., France, U.K., and Germany, reported to this C&C • We have sent alert info to CERTs of these countries 行政院資通安全處 17
• Cyber Security Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 18
Mobile Botnet 行政院資通安全處 19 2014/6/3 APNIC noticed Dropbox to remove the malicious files 2014/6/7 TWNCERT received this intelligence from APNIC 2014/6/9 TWNCERT cooperated to trace the Botnet with MJIB 2014/6/19~2014/7/10 Sniffing the network traffic from the victims 2014/7/18 MJIB starts investigating this case
C&C Server 行政院資通安全處 20
C&C Server 行政院資通安全處 21 one-to-many mode cell phone number / devices ID SMS message with malicious URL
C&C Server 行政院資通安全處 22 many-to-one mode cell phone number / devices ID SMS message SMS message many-to-one mode
行政院資通安全處 23 Hackers swindle money about $144,148 USD ($4,324,440 NTD )
• We discovered 43,899 Bots IPs, The 98% Bots IPs located in Malaysia. 行政院資通安全處 24
• We also found 393,471 contact information from packets (About 1% of the total population in Malaysia) 行政院資通安全處 25
No. Organization 1 MCMC 2 MyCERT 3 SingCERT 4 US-CERT 5 AusCERT 6 ID-SIRTII/CC 7 ThaiCERT 8 JPCERT/CC 9 HKCERT 10 KrCERT/CC 11 CNCERT/CC 行政院資通安全處 26
• Cyber Security Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 27
Avalanche • On Nov. 30th, 2016, Avalanche, a large global network hosting infrastructure used by cyber criminals was dismantled. • Crimeware-as-a-service (CaaS) • Targeting over 40 major financial institutions • Sensitive personal information stolen • Victims’ compromised systems might also have been used to conduct other malicious activities. • Money mule 行政院資通安全處 28
Malware families • Corebot • stealing banking and credential infomation • Matsnu • Malware dropper • Nymaim • multipurpose malware family • Gozi + Nymaim = Goznym • Ranbyus (use DGA to generate .tw domain) • Banking Trojan • Rovnix • Banking Trojan with bootkit • Tinba • Tiny banking trojan • URLZone/Bebloh • Banking trojan 行政院資通安全處 29
Double Fast Flux 行政院資通安全處 30 DNS server a.b.com 1.2.3.4 5.6.7.8 11.12.13.14 b.tw DN Period Malicious IP a.b.com. 100 IN A 1.2.3.4 a.b.com. 100 IN A 5.6.7.8 a.b.com. 100 IN A 11.12.13.14 a.b.com. 100 IN A 15.16.17.18.19 a.b.com. 100 IN A 20.21.22.23 b.com. 1000 IN NS Ns1.a.tw. b.com. 1000 IN NS Ns2.a.tw. b.com. 1000 IN NS Ns3.a.tw. b.com. 1000 IN NS Ns4.a.tw. Ns1.a.tw. 200 IN A 24.25.26.27 Ns2.a.tw. 200 IN A 28.29.30.31 Ns3.a.tw. 200 IN A 32.33.34.35 Ns4.a.tw. 200 IN A 36.37.38.39
The actions in Taiwan • MJIB cooperated with TWNIC (Taiwan Network Information Center) • 27,987 .tw domain names generated by Domain Generation Algorithm (DGA) • Those domain names had not been registered in TWNIC • Takedown operation was executed at 13:30 UTC on Nov. 30th, 2016 行政院資通安全處 31 • Shadowserver worked with partners to build the sinkholing infrastructure and coordinate the international DNS Registry/Registrar activities
Results • MJIB in Taiwan collaborated with investigators from 30 countries, including the FBI, the United States Department of Homeland Security (DHS), Europol and Eurojust • Crucial support of prosecutors and investigators from 30 countries • 5 individuals were arrested • 37 premises were searched • 39 servers were seized • Victims of malware infections were identified in over 180 countries • 221 servers were put offline through abuse notifications sent to the hosting providers • Over 800,000 domains seized, sinkholed or blocked. 行政院資通安全處 32
• Cyber Security Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 33
Challenges • Lack of timeliness in terms of information sharing of criminal intelligence • Crime investigation mode overemphasize on individual case basis • The issues about the protection of personal data • It is hard to trace the origins of attacks • TOR (The Onion Router) network • Changes in technology - Cloud Computing • Where the data resides • What law applies • The data obtained from suspect’s computer may have little meaning 行政院資通安全處 34
Suggestions • Facilitate trans-border law enforcement exchange visitors • NICs may • establish a platform to record the malicious domains or IPs • provide the query records of Root DNS Server • help law enforcement agencies block malicious domains or IPs • Establish contact window for intelligence exchanges 行政院資通安全處 35
Contact information • TWNCERT • http://www.twncert.org.tw/ • +886-2-27339922; twncert@twncert.org.tw • TWCERT/CC • https://www.twcert.org.tw/ • +886-2-23776418; twcert@cert.org.tw • MJIB • http://www.mjib.gov.tw/ • +886-2-29112241ext2971; safenet@mjib.gov.tw • CIB • https://www.cib.gov.tw/English/ • +886-2-27652111~5; https://www.cib.gov.tw/Service/EMail 行政院資通安全處 36
行政院資通安全處 37 Thanks for your attentions

Recommandé

Risk management
Risk managementRisk management
Risk managementJubayer Alam Shoikat
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability ManagementRahul Neel Mani
 
Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidentsEdinburgh Napier University
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Malvertising
MalvertisingMalvertising
MalvertisingNick Bilogorskiy
 
ERM overview
ERM overviewERM overview
ERM overviewHisham Haridy MBA, PMP®, RMP®, SP®
 
Risk assessment tools and techniques
Risk assessment tools and techniquesRisk assessment tools and techniques
Risk assessment tools and techniquesAhmad Azwang Aisram Omar
 

Recommandé

Risk management
Risk managementRisk management
Risk managementJubayer Alam Shoikat
 
Challenges of Vulnerability Management
Challenges of Vulnerability Management Challenges of Vulnerability Management
Challenges of Vulnerability ManagementRahul Neel Mani
 
Security managment risks, controls and incidents
Security managment risks, controls and incidentsSecurity managment risks, controls and incidents
Security managment risks, controls and incidentsEdinburgh Napier University
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Malvertising
MalvertisingMalvertising
MalvertisingNick Bilogorskiy
 
ERM overview
ERM overviewERM overview
ERM overviewHisham Haridy MBA, PMP®, RMP®, SP®
 
Risk assessment tools and techniques
Risk assessment tools and techniquesRisk assessment tools and techniques
Risk assessment tools and techniquesAhmad Azwang Aisram Omar
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyMohammad Febri
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Cybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas IndustryCybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas IndustryTunde Ogunkoya
 
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...EyesOpen Association
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceMehrdad Jingoism
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Planmhdpaknejad
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTBUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTContinuity and Resilience
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Cisa domain 3
Cisa domain 3Cisa domain 3
Cisa domain 3ShivamSharma909
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
CloudSeK COCON POC Talk
CloudSeK COCON POC TalkCloudSeK COCON POC Talk
CloudSeK COCON POC TalkRahul Sasi
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit ViewPLN9 Security Services Pvt. Ltd.
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Risk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation SlidesRisk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation SlidesSlideTeam
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionageMarie Elisabeth Gaup Moe
 

Contenu connexe

Tendances

Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyMohammad Febri
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Cybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas IndustryCybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas IndustryTunde Ogunkoya
 
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...EyesOpen Association
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceMehrdad Jingoism
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Planmhdpaknejad
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTBUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTContinuity and Resilience
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
CloudSeK COCON POC Talk
CloudSeK COCON POC TalkCloudSeK COCON POC Talk
CloudSeK COCON POC TalkRahul Sasi
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Risk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation SlidesRisk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation SlidesSlideTeam
 

Tendances (20)

Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management Technology
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
 
Cybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas IndustryCybersecurity in Oil Gas Industry
Cybersecurity in Oil Gas Industry
 
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...
L'Art du threat Modeling : Modéliser les menaces informatiques avec la méthod...
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
 
Disaster Recovery Plan
Disaster Recovery PlanDisaster Recovery Plan
Disaster Recovery Plan
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENTBUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Cisa domain 3
Cisa domain 3Cisa domain 3
Cisa domain 3
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
CloudSeK COCON POC Talk
CloudSeK COCON POC TalkCloudSeK COCON POC Talk
CloudSeK COCON POC Talk
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Risk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation SlidesRisk Management Plan PowerPoint Presentation Slides
Risk Management Plan PowerPoint Presentation Slides
 

Similaire à Current Conditions and Challenges of Cybersecurity in Taiwan

ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...TI Safe
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...REVULN
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in ActionSatnam Singh
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Analysis of a “/0” Stealth Scan From a Botnet
Analysis of a “/0” Stealth Scan From a BotnetAnalysis of a “/0” Stealth Scan From a Botnet
Analysis of a “/0” Stealth Scan From a BotnetNexgen Technology
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
[GITSN] wireless data security system
[GITSN] wireless data security system[GITSN] wireless data security system
[GITSN] wireless data security system운상 조
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNorth Texas Chapter of the ISSA
 
Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Parag Deodhar
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.AlgoSec
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Vrince Vimal
 

Similaire à Current Conditions and Challenges of Cybersecurity in Taiwan (20)

ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionage
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
InfoSec Deep Learning in Action
InfoSec Deep Learning in ActionInfoSec Deep Learning in Action
InfoSec Deep Learning in Action
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Analysis of a “/0” Stealth Scan From a Botnet
Analysis of a “/0” Stealth Scan From a BotnetAnalysis of a “/0” Stealth Scan From a Botnet
Analysis of a “/0” Stealth Scan From a Botnet
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
[GITSN] wireless data security system
[GITSN] wireless data security system[GITSN] wireless data security system
[GITSN] wireless data security system
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
 
Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
Security Requirements in IoT Architecture
Security Requirements in IoT Architecture Security Requirements in IoT Architecture
Security Requirements in IoT Architecture
 

Plus de APNIC

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 

Plus de APNIC (20)

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 

Dernier

TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...ICT Watch - Indonesia
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)ICT Watch - Indonesia
 
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesLumiverse Solutions Pvt Ltd
 
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...vmzoxnx5
 
How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...rrouter90
 

Dernier (8)

TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
 
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best Practices
 
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
 
How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...
 

Current Conditions and Challenges of Cybersecurity in Taiwan

  • 1. Current Conditions and Challenges of Cybersecurity in Taiwan Chou, Chih-Ho (周智禾) Section Chief, Department of Cyber Security, Executive Yuan, Taiwan (ROC) 9/12/2017
  • 2. Outline • Cybersecurity Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 1
  • 3. Introduction of NICST • National Information and Communication Security Taskforce (NICST) • Established since January 2001 • Convened by Vice Premier, Executive Yuan • Steering Committee comprised of central government CISOs/Municipality CISOs/Deputy Director of NSB/Experts • Secretariat by Department of Cyber Security (DCS), Executive Yuan • 8 major working groups for cyber security related tasks execution and coordination among agencies • One service center (National Center for Cyber Security Technology, NCCST) plays the role of National CSIRT 行政院資通安全處 2
  • 4. Organization Chart 行政院資通安全處 3  MJIB: Ministry of Justice Investigation Bureau  CIB: Criminal Investigation Bureau
  • 5. PDCA Cycle of Government Sector Information Security Management System 行政院資通安全處 4 Cyber Offensive and Defensive Exercise Annual Audit (1st Party/3rd Party) Cyber Health Check, VA, PT Incident Report and Social Engineering Drills Agency Governance Maturity and Protection Capability Level Assessment National Cyber Security Indicators Domestics/Intl. Contests Agencies - Implement Agency TDL (ISMS/Defense-in-Depth/24x7 Monitoring/Dedicated Staff) - Implement IT System TDL - Deploy Agency-wide GCB - Incident Report and Handling… NCCST - G-ISMS Services (Early Warning/Incident Response/System Security/Mgmt Process/Awareness Training) - Public-Private Partnership (G-SOC/G-ISAC) - International Cooperation… Competent Authorities - Cyber Crime Investigation - Content Security - Human Resources Development - Personal Information Protection - Mobile App Test  NICST Committee Meeting  NICST Consulting Committee Meeting  NICST Working Group Meeting  CIO and CISO Meeting  Quarterly Workshop for IT Personnel  Cybersecurity Management Act (Draft)  National Strategy for Cybersecurity Development Program (2017~2020)  National Cyber Security Whitepaper  Directives for Agencies - Agency Responsibility Ranking Criteria - Agency To-Do List (TDL) - IT System To-Do List - Incident Report Guideline
  • 6. • Cyber Security Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 5
  • 7. International Cybersecurity Trends 行政院資通安全處 6 The open systems and the Internet are used in critical infrastructures increasingly. That results in the growing of the risks. Organized hackers use Advanced Persistent Threat (APT) attacks to steal the confidential data of official, national defense and business Information and security providers have been hacked to lead to damage the trusted supply chain Cyber criminals steal personal data to affect the operations of e-commerce and finance Cyber-warfare and DDoS paralyzed national network operations
  • 8. International Cybersecurity Trends • Ransomware expands • Almost 10% of organizations detected ransomware activity last quarter • Automatic attacks • 80% of organizations reported high-or critical-severity exploits • More mobile malwares • The total malware volume jumped from 1.7%(in Q4 2016) to 8.7%(in Q1 2017) • Build botnets out of IoT(Internet of Thing) devices to launch the DDoS attack – e.g. Mirai 行政院資通安全處 7 Source:Fortinet (Taiwan Security View: IOT Threats on Rise)
  • 9. APT Hackers Around the Globe • Over 20 APT hacker teams (2014~2015) • US, UK, China, Russia, and Israel • North Korea and Middle East 行政院資通安全處 8 Source:https://apt.securelist.com/
  • 10. APT Attacks • APT Attack Analysis • 91% of APT Attacks started from a spear phishing e-mail • 94% of spear phishing e-mails have attachment files • Most common file types are .doc、.exe、.scr、.au3、.jpg、.pdf 行政院資通安全處 9 Source:2015 Symantec Internet Security Threat Report
  • 11. Hard to Detect 行政院資通安全處 10 Source:2015 Mandiant Annual Threat Report
  • 12. Problems with Website Vulnerabilities • So far, most websites around the globe still have vulnerabilities 行政院資通安全處 11 Source: 2015 Symantec Internet Security Threat Report
  • 13. • Cyber Security Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 12
  • 14. Network Equipment at Risk • Network equipment are hard to manage, and very easily get hacked • Hacking network equipment is old news, but hackers continue to do so because it relatively easy • We were collecting phishing mails and analyzed them • We traced this C&C IP, and found it was located in a civilian household 行政院資通安全處 13
  • 15. It is a Wireless Router • The C&C actually is a wireless router • default password • built-in VPN function 行政院資通安全處 14 The account created by hacker
  • 16. Transfer Data • Router transferred packets automatically • Transfer all packets came from port 80, 443 to 192.168.10.2 • 192.168.10.2 is the VPN IP • The hacker would continuously receive victims' reporting packets sending through port 80, 443 行政院資通安全處 15
  • 17. Looking at the Log • From the router log we could find the record of the hacker activities 行政院資通安全處 16 The hacker used the VPN service The VPN IP that hacker used
  • 18. Hacker Collect Victim Data via C&C • This wireless router was set to transfer packets automatically • The hacker only needed to connect to the VPN service, then it will receive all packets automatically • After further investigation, victims were not only the Taiwan government agencies, there are other countries IP such as U.S., France, U.K., and Germany, reported to this C&C • We have sent alert info to CERTs of these countries 行政院資通安全處 17
  • 19. • Cyber Security Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 18
  • 20. Mobile Botnet 行政院資通安全處 19 2014/6/3 APNIC noticed Dropbox to remove the malicious files 2014/6/7 TWNCERT received this intelligence from APNIC 2014/6/9 TWNCERT cooperated to trace the Botnet with MJIB 2014/6/19~2014/7/10 Sniffing the network traffic from the victims 2014/7/18 MJIB starts investigating this case
  • 22. C&C Server 行政院資通安全處 21 one-to-many mode cell phone number / devices ID SMS message with malicious URL
  • 23. C&C Server 行政院資通安全處 22 many-to-one mode cell phone number / devices ID SMS message SMS message many-to-one mode
  • 24. 行政院資通安全處 23 Hackers swindle money about $144,148 USD ($4,324,440 NTD )
  • 25. • We discovered 43,899 Bots IPs, The 98% Bots IPs located in Malaysia. 行政院資通安全處 24
  • 26. • We also found 393,471 contact information from packets (About 1% of the total population in Malaysia) 行政院資通安全處 25
  • 27. No. Organization 1 MCMC 2 MyCERT 3 SingCERT 4 US-CERT 5 AusCERT 6 ID-SIRTII/CC 7 ThaiCERT 8 JPCERT/CC 9 HKCERT 10 KrCERT/CC 11 CNCERT/CC 行政院資通安全處 26
  • 28. • Cyber Security Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 27
  • 29. Avalanche • On Nov. 30th, 2016, Avalanche, a large global network hosting infrastructure used by cyber criminals was dismantled. • Crimeware-as-a-service (CaaS) • Targeting over 40 major financial institutions • Sensitive personal information stolen • Victims’ compromised systems might also have been used to conduct other malicious activities. • Money mule 行政院資通安全處 28
  • 30. Malware families • Corebot • stealing banking and credential infomation • Matsnu • Malware dropper • Nymaim • multipurpose malware family • Gozi + Nymaim = Goznym • Ranbyus (use DGA to generate .tw domain) • Banking Trojan • Rovnix • Banking Trojan with bootkit • Tinba • Tiny banking trojan • URLZone/Bebloh • Banking trojan 行政院資通安全處 29
  • 31. Double Fast Flux 行政院資通安全處 30 DNS server a.b.com 1.2.3.4 5.6.7.8 11.12.13.14 b.tw DN Period Malicious IP a.b.com. 100 IN A 1.2.3.4 a.b.com. 100 IN A 5.6.7.8 a.b.com. 100 IN A 11.12.13.14 a.b.com. 100 IN A 15.16.17.18.19 a.b.com. 100 IN A 20.21.22.23 b.com. 1000 IN NS Ns1.a.tw. b.com. 1000 IN NS Ns2.a.tw. b.com. 1000 IN NS Ns3.a.tw. b.com. 1000 IN NS Ns4.a.tw. Ns1.a.tw. 200 IN A 24.25.26.27 Ns2.a.tw. 200 IN A 28.29.30.31 Ns3.a.tw. 200 IN A 32.33.34.35 Ns4.a.tw. 200 IN A 36.37.38.39
  • 32. The actions in Taiwan • MJIB cooperated with TWNIC (Taiwan Network Information Center) • 27,987 .tw domain names generated by Domain Generation Algorithm (DGA) • Those domain names had not been registered in TWNIC • Takedown operation was executed at 13:30 UTC on Nov. 30th, 2016 行政院資通安全處 31 • Shadowserver worked with partners to build the sinkholing infrastructure and coordinate the international DNS Registry/Registrar activities
  • 33. Results • MJIB in Taiwan collaborated with investigators from 30 countries, including the FBI, the United States Department of Homeland Security (DHS), Europol and Eurojust • Crucial support of prosecutors and investigators from 30 countries • 5 individuals were arrested • 37 premises were searched • 39 servers were seized • Victims of malware infections were identified in over 180 countries • 221 servers were put offline through abuse notifications sent to the hosting providers • Over 800,000 domains seized, sinkholed or blocked. 行政院資通安全處 32
  • 34. • Cyber Security Overview of Taiwan Government • Cyber Attack Trends • Cases Studies • Attack via Network Equipment • Mobile Botnet • Avalanche • Conclusions 行政院資通安全處 33
  • 35. Challenges • Lack of timeliness in terms of information sharing of criminal intelligence • Crime investigation mode overemphasize on individual case basis • The issues about the protection of personal data • It is hard to trace the origins of attacks • TOR (The Onion Router) network • Changes in technology - Cloud Computing • Where the data resides • What law applies • The data obtained from suspect’s computer may have little meaning 行政院資通安全處 34
  • 36. Suggestions • Facilitate trans-border law enforcement exchange visitors • NICs may • establish a platform to record the malicious domains or IPs • provide the query records of Root DNS Server • help law enforcement agencies block malicious domains or IPs • Establish contact window for intelligence exchanges 行政院資通安全處 35
  • 37. Contact information • TWNCERT • http://www.twncert.org.tw/ • +886-2-27339922; twncert@twncert.org.tw • TWCERT/CC • https://www.twcert.org.tw/ • +886-2-23776418; twcert@cert.org.tw • MJIB • http://www.mjib.gov.tw/ • +886-2-29112241ext2971; safenet@mjib.gov.tw • CIB • https://www.cib.gov.tw/English/ • +886-2-27652111~5; https://www.cib.gov.tw/Service/EMail 行政院資通安全處 36