DSEI - Combating Threats of the New Era Measures against Cyber Who Targets Japan & Why? Ideas to Combat! Cartan McLaughlin CEO Nihon Cyber Defence Co., Ltd. © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. COMMON NATION STATE THREAT ACTORS Russia - BEAR China - PANDA North Korea - CHOLLIMA • Fancy Bear (APT 28) • Emissary Panda (APT 27) • Lazarus • Cozy Bear (APT 29) • Stone Panda (APT 10) • Bluenoroff • Voodoo Bear • Comment Crew (APT 1) • Andariel • Energetic Bear • Ke3Chang • Deep Panda © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. MISSION - NATION STATE THREAT ACTORS Russia – BEAR China – PANDA North Korea – CHOLLIMA • Political • Military • Financial • Military • Intellectual Property • Intellectual Property • Financial • Financial © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. UN Report: North Korean virtual currency hackers have earned up to $2 billion so far © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. RGB: NORTH KOREAN CYBER ESPIONAGE • The Reconnaissance General Bureau of AGENCY/GROUP North Korea • Prime Agency for North Korea cyber activities BUREAU 121: • North Korean cyberwarfare agency • Suspected/Alleged for Sony Hack 2014 • Suspected 1,800 specialists or more UNIT 180: • North Korean cyberwarfare cell • Suspected/Alleged for : - • Bangladesh Bank robbery in 2016 • the WannaCry ransomware attack 2017 LAZARUS GROUP: • Suspected for Bitpoint (2019) and Coincheck(2018) hack • Suspected groups under the hood: • Financially motivated © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. TIMELINE OVERLAP • Lazarus Attacks • N.Korea Missile Launch Tests © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. TIMELINE OVERLAP • Lazarus Attacks • N.Korea Missile Launch Tests © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. TIMELINE OVERLAP ・Lazarus Attacks ・N.Korea Missile Launch Tests © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. COMMON MITRE TTPs Targeting Japan MITRE ATT&CK TM © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. RUSSIA • Cozy Bear – [ APT29] • Fancy Bear CHINA • APT10 – [ MenuPass ] • Emissary Panda – [ APT27, Lucky Mouse ] • Stone Panda • Ke3Chang – [ APT15, Mirage, Vixen Panda, GREF ] • Deep Panda – [ APT19, Shell Crew, WebMasters ] • Comment Crew – [ APT1 ] • Axiom – [ Group 72, Winnti ] NORTH KOREA • Lazarus – [ APT 38, Unit 180, Bureau 121 ] • Bluenoroff © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. Cyber Security Incidents JAPAN © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. CASE STUDY • When • July 4th , 2019 (Thursday) • What • Newly released mobile payment system compromised • Exploited ability to request password reset with only the following information (and the ability to send new password to any email address) • Date of birth • Account email • Account phone number © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. CASE STUDY • When • Between April 23rd – May 10th, 2019 • What • 461,000 leaked customer account information including… • Names • Addresses • Phone Numbers • Credit Card Data © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. CASE STUDY Coincheck Hack: One of The Largest Heist Ever • What $560 million stolen in Virtual Cybercurrency • Where Japan • When January 26th, 2018 • Who Lazarus (Suspected) • Why Financial Gains & Disruption • How Phishing Attack © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. CASE STUDY Case: BITPoint Hack • What $32 million stolen in Virtual Cybercurrency • Where Japan • When July 12th, 2019 • Who Lazarus (Suspected) / HYDSVN (MOKES Malware) • Why Financial Gains & Disruption • How Under Investigation © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. What can Japan do? Follow UK National Model! • Creation of National Cyber Security Centre • Collaboration of Government Agencies • Proactive Collaborative Defence and Information Sharing Portals • Creation of Cyber Awareness for the Individuals and Companies – Cyber Essentials • Accreditation and Academia to build National Capability GCHQ NCSC LAW ENFORCEMENT UK Cyber • Guidance • National Crime Agency (National Cyber R&R • Threat assessment Crime Unit) • Incident response • Metropolitan Police Cyber Crime Unit • Information sharing • Regional Organised Crime Units • City of London Police • Support for regulators • Police forces in Scotland, Wales and • Support for national skills Northern Ireland programmes • Accreditation • Education and research POLICY DEPARTMENTS WITH CYBER • Direct role in defence of non- RESPONSIBILITY Prime Minister (National Security Council) –National Security military government networks Strategy implementation and some parts of Critical • Cabinet Office – Minister with responsibility for broad cyber security issues; Cyber and Government Security MOD Offensive Cyber National Infrastructure and Directorate/Office of Cyber Security and Information Assurance National Offensive Cyber Defence – Cross-government policy coordination, implementation of Programme. National Cyber Security Strategy, management of NCSP funds • CERT-UK and GovCERT • Department for Digital, Culture, Media and Sport – cyber skills and digital strategy Run jointly by GCHQ and • Ministry of Defence – cyber deterrence MOD. • doctrine, cyber reserves • Department for International Trade – cyber exports • Department for Education – national curriculum • Department for Business, Energy and Industrial Strategy – industrial strategy • Foreign and Commonwealth Office – international cyber policy Defence of Military Networks • Home Office – domestic safety and security System not working Unclear who was in charge Resources wasted Why was the NCSC formed? Cyber security a growing a problem But also an opportunity Enormous benefits from digitalisation Realisation that Incident Response (IR) at a national level was dysfunctional Care-CERT MoD – CERT NCSC works Law Enforcement with other Intelligence services parts of government Lead Government Departments (LGDs) Cabinet Office Regulators The NCSC’s Operations Directorate Intelligence Services Where do the Partner countries (Both IS and CERTS) tips come Cyber Incident Response (CIR) Companies from? MoD and Care CERT Victims through the online reporting format Cyber Essentials & 10 Steps Accreditation • NCSC marketplace & suppliers to government • CREST accreditation • ACEs & accredited courses • Cyber awards • Academia Academia - QUB Belfast CSIT Centre Secure Information Technologies Our vision is to be a global innovation hub for cyber security, this means that CSIT will accelerate new value creation, drive new venture creation and build capacity for the cyber security industry. Main Research Areas Network Security: • Advanced detection algorithms Next generation real-time defensive technologies • Deep packet inspection technologies Data security: • Novel biometric authentication mechanisms • High performance cryptography • Physical Unclonable Functions (PUF) for smart cards and chipsets Insider Threat: • Detection tools for corporate and government systems including anomaly detection Conclusion • A vital part of the UK’s work on increasing its cyber security has been to establish strong government and industry links and Collaboration & Trust • Particularly indispensable: sharing information, senior understanding of importance, connecting government expertise to business’ behaviour 質問 QUESTIONS??? © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. ありがとうございました THANK YOU © Nihon Cyber Defence Co., Ltd, 2019. All rights reserved. Warning! Hacking without permission is a criminal offence. The Insider Threat TLP AMBER - CONFIDENTIAL Types of Malicious Insider – CPNI Research Deliberate - 6% Self initiated – 76% Exploited/Recruited - 15% Motivations for insider activity •NSA WAS CONSIDERED TO BE •PERFECT STORM OF OVER- •LEADERSHIP DID NOT TAKE THE “SECURITY GOLD CONFIDENCE, LACK OF INSIDER THREAT SERIOUSLY STANDARD” AND FAILED UNDERSTANDING OF VULNERABILITIES, AND Snowden - UNWILLINGNESS TO QUESTION INAPPROPRIATE ACTIVITIES The key points TOO MUCH CONFIDENCE IN FOCUSED ON WHAT MOST FAILED TO IMPLEMENT A SECURITY CLEARANCE CONSIDER TO BE HOLISTIC PROGRAM (POLYGRAPH) “CYBERSECURITY,” I.E., PERIMETER SECURITY, OR SECURING THE FACILITY AGAINST THREATS FROM OUTSIDERS.