Asia-24-Ryu-Voice-Phishing-Syndicates-Unmasked-An-In-Depth-Investigation-and-Exposure.pdf

1、#BHASIA BlackHatEventsVoice Phishing Syndicates Unmasked:An In-Depth Investigation and ExposureSojun Ryu(S2W Inc.),Yeongjae Shin(Ex-S2W Inc.)#BHASIA BlackHatEvents1.Background2.Overview3.Attack infrastructure provided as SaaS4.SecretCallsIndex5.Automation#BHASIA BlackHatEventsLead of Threat Analysis

2、 Team,S2W Tracking major ransomware and APT attack groups and identifying their TTP Interested and passionate about reverse engineering,threat intelligence,and incident responseCareer Oct,2020:Threat Analysis Team,S2W TALON Dec,2013 Oct,2020:KrCERT/CC,KISASpeaker of FIRSTCON,FIRSTCTI,Virus Bulletin,

3、ISCR,DCCSocial So-jun Ryuhypen1117#BHASIA BlackHatEventsYeongYeong-jaejae ShinShinResearcher of SRE Squad,at GoormObservability research and threat analysis on Cloud-nativeAnalysis of threat actors on cloud-delivered infrastructureComplianceCareerNov,2023:SRE Squad,at GoormMar,2022 Nov,2023:Threat A

4、nalysis Team,S2W TALONSpeaker of SIS,Virus BulletinSFacebook ProfileLinkedin Profile#BHASIA BlackHatEvents1.Background#BHASIA BlackHatEvents1.Background An extension of When Voice Phishing met Malicious Android App at Black Hat Asia in 2019.Voice phishing is social engineering attack over the phone.

5、Discovered in the 2000s,since 2006 Today in South Korea Main goal is to extort money from the victims With native South Koreans now occupying key positions,attack scenarios becoming sophisticated.#BHASIA BlackHatEvents1.BackgroundSource:Financial Supervisory Service6,7202,3531,6821,4511,96550,37218,

6、26513,21312,81611,5031920212223Damage AmountNumber of VictimsStatistics for voice phishing victimization(Unit:100M KRW,(=75K USD)#BHASIA BlackHatEvents1.BackgroundSource:Financial Supervisory Service0.1330.1290.1270.1130.1711920212223Damage per victimStatistics for voice phishing victimization(Unit: