View
143
Download
3
Category
Preview:
DESCRIPTION
OWASP Ukraine Thomas George presentation
Citation preview
“Menschenkenntnis” and Cyber
SecurityThomas George
International Business Manager - cyscon GmbH
Who are Cyscon?• Founded 2001 by Thorsten Kraft
• Cyber Security Consulting
• Founding Member of Botfrei and ACDC Project.
• Official Partner of BSI - German Federal Office for Information Security
• 2010 - Conficker Takedown
• 2013 - Check & Secure - Private User Initiative
Working Relationshipscyscon works with a variety of partners in the IT
Security world. These include:
• Internet Service Providers, including Vodafone and 1&1 Telecom
• Banks, such as Deutsche Bank and Postbank
• Law enforcement, including FBI and Europol
• NGOs, including Stop.Think.Connect - Funded by the Department of Homeland Security
Knowing your Enemy
How cyscon gets its data.
Sinkholing
• 80 Million Events per day
• 42 Different Types of Malware recognised
Honeypots and Spam Traps
• 3.5 Million Spam Emails Per Day
• Honeypots installed on real systems by our customers
• 40,000 New Malicious URLs Each Day
Web Crawling
• Systems Continually Crawling the Web
• 16 Different Settings - Chilled to Paranoia
• Analysing Behaviour and AV Detection
The Data Toilet• Gathering Data since 2006
• Enriching Data with Meta Data
• More than 20,000 Sensors
• More than 50 Partners
• WHOIS, SSH HOSTKEY, DNS details, etc.
What goes in?
Where Does it All Go?• Data is sent to ISPs
• AND / OR
• Anonymised and Sent to Law Enforcement, Research or Industry
Internet Service Providers
Sensor
Sensor
Concentrator
ConcentratorSensor
SensorSensor
SensorSensor
Sensor
Anonymisation
Law Enforcement Agencies
Research
Industry
Detection Supporting
Flushing the Toilet
• Okay…we have the data.
• Let’s Make Some Money!
Menschenkenntnis in Business
Wer keine Menschenkenntnis hat, hat als Kaufmann bereits verloren
Flexibility
• Knowing what customers want
• Using trust and Existing Relationships
• Knowing when to work for free
BanksIts All About the Money
What is Hurting?
• Losing Money
• Losing More Money
• Losing Even More Money
• Losing Reputation
How do Banks (and their customers) lose money?
• Redirection of Payment
• Identity Theft through Trojan Infection
• Direct Phishing Scams
Technical Overview - Banking Services
Threat Detection, Mitigation, Prevention
Malware Detection• Identification of infected customers
• More than 40 Trojan Families - 4000 events per second.
• JSON Format - Easy to implement and process
• Can be combined with sales of Malware Deletion Product.
Malicious Traffic Mitigation
• Access to C-SIRT Database and Cyber Threat Detection Cloud
• Database fed by Worldwide sensors of Malicious Traffic
• Eliminates Cyber Attacks against banking platforms.
Brand Protection• Fully automated takedown service
• Detection, Blocking, Blacklisting
• Normal process time, 2 hours
• Excellent contacts to ISPs for quick takedowns
Menschenkenntnis in the Community
“Love thy Neighbour”
Two Sides of the Story
• How much can experts do without end users?
• GameOver Zeus Takedown - Pointless?
• “Slipping through the net”
The Cyber Vaccination
• Appears as analysis system from AV industry.
• Protection against MITB attacks and identity theft.
• Works on 10 different browsers.
• Free to use - One time installation.
• Attack interception - Malicious code cannot be executed.
• “Panic Switch” when intruder is detected.
HitmanPro: A Second Opinion Scanner
• Behavioural analysis - not signature based.
• 10MB file, can boot from USB.
• Complement to existing AV programs
• 30 Day free trial for emergency cases.
Case Study:Cyber Alliance of
Switzerland
How can the “Check & Secure” Technology be Implemented by Banks?
Concept and Goals• Making Switzerland into the “Cleanest
Internet Country in the World
• Identification and Help for Infected End Users
• Support for the deletion of malware and securing of end user systems with Check & Secure and End User Products.
Realisation• Banking Partners: Credit Suisse, Raffeisen,
Postfinance and UBS.
• Internet Service Partners: Swisscom, Sunrise, UPC
• Creation of a shared Malware database.
• Planned Launch 1.8.2014.
Recommended