AlphaBay Market was the largest and most prolific provider of cybercrime and fraud-related services in the world. English-speaking cybercriminal community used AlphaBay as a platform to target governments and business all over the world, including Japan’s financial services sector. This talk reveals its history and unique qualities that helped the marketplace achieve such a dominant position within the underground economy. Our findings include evidence of a uniquely sophisticated financial model, cryptocurrency manipulation at a large scale etc., and it deep ties with the Russian cybercriminal community.

Rakuten has rapidly expanded the number of members, circulation amount, and number of services to be provided since its establishment in 1997. In addition, the Rakuten group's services centered on the Rakuten market have accelerated to globalization, and now in various countries The Rakuten brand is used to develop Internet services.With Rakuten's service grow rapidly and its brand awareness rises, Rakuten is also a good target from the point of view of attackers, security measures of Internet services, measures against cyber crime In this session, we will share about Rakuten's case study introduction and effective countermeasure method (browser based phishing protection in conjunction with APWG, arrest of the criminal by cooperation with the police etc).

The talk will address ransom malware and the developing cyber-extortion threat through exploring how threat actors and groups are effectively utilising and manipulating ransomware to target individuals and organisations. Insight into the ransomware business model will offer the audience an understanding of the reasons behind the proliferation of the ransom malware market in the criminal underground.

There are frequent discussions of Russian related cyber-attacks, but these mainly focus on attribution of infrequent Nation State and government related incidents. This presentation focuses on what is more important to the information security community, the large and active eco-system of Russian speaking cyber criminals, whose attacks target business and information security teams daily worldwide.

Financial institutions are likely to remain top cybercrime targets.In the past year, several cybercrime occurred in Taiwan, such as several domestic securities and futures firms had experienced cyber attacks and Taiwan bank ATMs spew out millions after hack. How the hackers can access ATMs in Taiwan, stealing a total of over $2.5 million from the Bank without using cash cards? This talk will review the cyber attacks and discuss how it happened and what we learned. Cybercrime continues to evolve into a truly transnational phenomenon. Collaboration is the key in fighting cybercrime.

The APWG has been sharing threat data for over 12 years to help protect organizations and the all internet users against cyber threats. Initially founded to focus on the phishing, as the threat landscape on the internet has grown so has APWG. Today our vetted member community shares information to fight cybercrime and fraud not only on phishing but numerous other types of threat data including malicious IP addresses and ransomware information. This session will look at the history of sharing these types of data, how sharing has changed over the years and the necessity to automate these process.

While the importance of sharing cyber threat intelligence (CTI) and considering countermeasures in advance as cyber attacks become more sophisticated is increasing, IP addresses and domains as detection indices included in CTI are attacked by attackers in short cycles Dispose (change or disappear). As a countermeasure on the defender side, we are moving towards increasing the cost of attackers by improving the sharing speed of CTI, and we receive large amounts of CTI every day. As a result, the situation is such that the CTI is also disposable in a short cycle. In this report, we built a detection index learning method based on CTI that is accumulated day by day and implemented a detection index learning engine learning how detection indices are used by attackers Report on the learning result. We also report on the possibility of reconstructing and combining the result of learning the detection index and applying it to mid- to long-term advanced protection in combination with another data source.

In light of the comparative legitimacy of the argument over the legality of the law enforcement agency investigation method against cyber crime and to compare it with the logic of illegal GPS judgment and to point out the problem as much as possible for future discussion For example.