CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is:...

www.dea.gov.ge

CERT-GOV-GE Activities & Services

Tbilisi, Georgia 2014

CERT-GOV-GE Manager David Kvatadze

CERT-GOV-GE - Structural unit was formed within the Information Security and Policy

division of LEPL Data Exchange Agency under the Ministry of Justice of Georgia, which

processes, analyses and solves information security incidents.

CERT-GOV-GE Constituency

CERT-GOV-GE

Critical Information

systems subject Banks

Internet service

providers

International CERT’s

Govt. Sector

Pvt. Sector

Hosting Providers

Military Secret

CERT-GOV-GE Services

Services: IP address monitoring service portal; Incident Handling; Penetration test Netflow Sensors (Nfdump & Nfsen); Web-Site Intrusion Detection (Threat Factor); Blacklist sevice; Safe DNS Georgia; Training on Cyber Incident Handling; Check My IP;

Other activities: Georgian Information Security Forum (Abuse Forum); Information Security Awareness:

CERT-GOV-GE

We are members of the following organizations:

The Cyber security Executing Arm Of The UNITED NATIONS SPECIALISED AGENCY of The International Telecommunication Union (ITU)

We are full member of FIRST. FIRST is the Forum of Incident

Response and Security Teams.

The Trusted Introducer - a.k.a. TI - is the trusted backbone of the

Security and Incident Response Team community in Europe.

CERT-GOV-GE is Autorized To Use CERT Trademark.

CERT-GOV-GE

Certifications:

All Our Team members are Certified by SANS GIAC.

Plans:

All Our Team members have plan to pass SANS GSNA exam.

Plans for the 2015 year :

CERT.gov.ge is planning to become a member of European Government CERTs (EGC) group.

CERT.gov.ge is planning to become a certified member of Trusted Introducer.

It is also planned to become a member of APCERT.

CERT-GOV-GE (Computer Emergency Response Team)

Our Partners:

www.arbornetworks.com

www.impact-alliance.org www.trusted-introducer.org www.nato.int

www.shadowserver.org www.team-cymru.org www.arakis.pl

www.eset.com www.symantec.com www.microsoft.com

http://www.cert.pl/

CERT-EE www.cert.ee/

www.cert.at www.quarantainenet.nl

Infected 10 000 IP Addresses

Infected 500 IP Addresses

15-20 Phishings 25-30 Deface Web-Sites 15-20 Malware Sites

Infected 100 IP Addresses

http://thehackernews.com/2012/03/albania-is-most-malware-infected-nation.html

IP address monitoring portal

12 Million Infected IP,s 200 thousand unique IP’s

Check My IP

Your IP address is: 146.255.225.150

Infection type: ZeuS

Detailed Information

Check My IP

• Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan horse that steals banking

information by Man-in-the-browser keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek.

• Command & Control: 89.232.125.112 • Date: 27 მაისი 2013 11:23:15 PM

Check My IP

Your IP address is: 146.255.225.150

Infection type: not found

Incident Handling

Contact: incidents@dea.gov.ge

Penetration test

Top 10 commercial tools

NetFlow Sensors (NfDump & NfSen)

Analyze NetFlow Data For Security.

Detects: • SSH Brute Force Attacks. • Botnets. • dDoS Attacks.

Website Intrusion Detection (ThreatFactor)

Open Source Project.

Monitors Web Pages for Intrusions (Exploits, Hacker

Signatures, Information Leakage).

Custom Rule Based Detection.

Blacklist Service

IP and Domain blacklist.

Different formats for different software. Available for Organization's. http://blacklists.cert.gov.ge

Safe DNS Georgia

Integrated with Collective Intelligence Framework. Blocks malware domains and redirecting to warning page. First DNSSEC Enabled Resolver In Georgia.

5.159.16.16 5.159.20.20

Training on Cyber Incident Handling

CERT.GOV.GE Services

NATO SPS Programme

Afghanistan Moldova Macedonia Montenegro

Azerbaijan

Cyber Defence Training for IT Professionals

Georgian Information Security Forum (Abuse Forum)

CERT-GOV-GE other activities

2014 FIRST

Regional Symposium

Tbilisi, Georgia October 13-16, 2014

24 September,2014

Red Team • CERT-GOV-GE • COMCERT.pl

Blue Team • Education Management Information System • National Public Registry • Ministry of Labour Health and Social Affairs of Georgia • MagtiCom • Bank of Georgia • Georgian Research and Educational Network Association Grena • Ministry of Internal Affairs • National Bank of Georgia • Cyber Security Bureau • Smart Logic • state chancelary • Geocell • VTB Bank • Ministry of Finance of Georgia • Public Service Development Agency • Free University of Tbilisi

Information Security Awareness:

www.facebook.com/certgovge

• We are receiving and analyzing information about 20000 infected Georgian IP addresses from our international partner organizations on a daily basis. • We shut down approximately 20 phishing sites that are located in Georgian web space on monthly basis. • Hackers deface approximately 25 sites in Georgian cyber space on monthly basis. • We receive information about 35 infected web sites which are located in Georgian web space on monthly basis.

20112012

20132014

GOV.GE

E-mail: cert@dea.gov.ge Tel: +995 32 291 51 40 Fax: +995 32 291 51 40 Web-page: www.cert.gov.ge www.facebook.com/certgovge

saqarTvelo, Tbilisi 0102,

wminda nikolozos/n. CxeiZis 2

Mtel.: (+995 32)14 39 81

www.dea.gov.ge

www.cert.gov.ge

www.e-government.ge

Thank You!

Questions?

CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is:...

Documents

Presentation.p zeus

ZeuS: A Persistent Criminal Enterprise...ZeuS Trojan 2. ZeuS configuration file (config) 3. ZeuS drop zone where stolen credentials are sent The ZeuS botnet uses several delivery methods

Templo Zeus

ZEUS ELECTROSTATIC SYSTEM: cabina ZEUS OCTAGONAL

Zeus Servizi

SKT MULTI-FAMILY - ZEUS esterno ENG - Hidromek · OPTIONAL Zeus 35.10 EN 1459 Zeus 37.7 EN 1459 Zeus 38.10 EN 1459 EN 1459 Zeus 37.8 EN 1459 Zeus 37.8 6,50 m 9,75 MAX 3,5 ton 70°

Catching Malware En Masse: DNS and IP Style · HTTP!traffic!url!paQerns! A!Zeus!CnC!domain!can!serve!3!types!of!urls:! YConfig! YBinary! YDrop!zone! Example!Zeus!CnC!observed!traffic!

Infection Prevention and Control (IP&C). Learning objectives 1.Outline the history of infection prevention and control. 2.Describe the goals of infection

Satan, Zeus, Baal, and the Prince of Rome Zeus and Baal.pdf · Zeus This can be compared with the “Greek Zeu pater, vocative of Zeus pater “Father Zeus.” Hence, Jupiter is simply

· 042-865-3940, 3924, 3964 ZEUS ZEUS API ZEUS QUICK NRF . zees 2017B ZEUS QUICK ZEUS 'h v ZEUS ZEUS API O Adl EH ZEUS ZEUS (CIT-25J/TCF-ClT) 031-290-5640 W Plus) Leica ARM2165)

ZEUS-Stand und Perspektiven oder Was Sie schon immer über ZEUS wissen wollten … Wolfram Zeuner/ZEUS HERA Der ZEUS Detektor Ein Blick ins Proton

KOKOLAKIS Zeus Tomb ( on Zeus Cretois)

LINHA SMART METER ZEUS - eletraenergy.com · LINHA SMART METER ZEUS. Medidores Inteligentes de Energia Elétrica ZEUS 8021, ZEUS 8031 e Zeus 8023 • 1. Funcionalidades 2. Características

LINHA SMART METER ZEUS - Eletra Energy Solutions · LINHA SMART METER ZEUS. Medidores Inteligentes de Energia Elétrica ZEUS 8021, ZEUS 8031 e Zeus 8023 Os medidores ZEUS 8021, ZEUS

ICHEP2006 results from ZEUS (+ one H1+ZEUS combined)

Joias Zeus

Zeus Precision

QT-ZEUS II Series - ID Enhancements · technical specifications dvr’s qt-zeus ii series jul/2009 version 2.0 qt-zeus ii series full integration with quaddrix ip devices and free

Stars - Zeus

FICHE - extranet.editis.com€¦ · « Zeus prend une grande inspiration et murmure : – Je m’appelle Zeus. – Plus fort ! ordonne le Titan. – Zeus ! crie Zeus. Je suis Zeus