Upload
rudolph-gilbert
View
225
Download
0
Embed Size (px)
Citation preview
The Cyber Defense center and its services portfolio
McAfee Professional Services – Foundstone Services
Intro Threat Landscape.Services
DISCUSSION TOPICS
Threat Intelligence.
The CDC
Physical Presence CERT
Regional Support
Reactive, Proactive,
Quality Mgt
Cyber Defense Center
Incident Response
Training
Advanced Malware Analysis
Strategic Services/Ass
essments
Contextual Threat
intelligence
Mobile Forensics
Computer ForensicsWhat is it?
CERT Computer
Emergency Response Team
Reactive ProactiveSecurity Quality
Management
• Incident Handling• Vulnerability Handling• Artifact Handling
• Announcements• Technology Watch• Security Audits or
Assessments• Configuration and
Maintenance of Security Tools, Applications, and Infrastructures
• Development of Security Tools
• Intrusion Detection Services• Threat Intelligence
• Risk Analysis• Business Continuity and
Disaster Recovery Planning• Security Consulting• Awareness Building• Education/Training• Product Evaluation
Computer Emergency Response Team (CERT)
Threat Landscape.
Services.
DISCUSSION TOPICS
Threat Intelligence.
•
Spotlight Qatar
Qatar86.2% internet penetration by June 2012 [2]
Highest GDP per capita by 2012 [3]
66% higher malware rate vs. worldwide in Q2 2012 [4]
Critical infrastructure directly tied to largest segment of economy
[1] McAfee Foundstone EMEA Cyber Defense Centre[2] InternetWorldFacts.com[3] CIA World Factbook [4] Microsoft Security Intelligence Report – Volume 13
[1]
Threat Intelligence
Cyber Defense Centre – A Threat Intelligence System Developed in ME.
Focused on E(ME)A.
Open Source Intelligence Public & Underground
Private data sources & API’s
Cryptolocker Infections Gulf Region
KSA UAE Yemen Oman Qatar Kuwait Bahrain0
50
100
150
200
250
Threat Intelligence
Threat Intelligence
Qatari Hackers
Loosely organized
Members of general Arabic hacking discussion groups
Small footprint compared to other Arab hacker communities
Threat Profile - Islamic Security
6,861 members and 55,279+ posts since May, 2012.Administrators include: aBo aLi, Mr.Dm4r, Lov3rDns
Topics Include: - Hacking Tutorials and Targets- Tool Development and Distribution- Services and Tools for Sale- “Achievements” of Intrusions
Islamic Security – Posts Per Day
5/25
/08
6/12
/08
6/30
/08
7/18
/08
8/5/
08
8/23
/08
9/10
/08
9/28
/08
10/1
6/08
11/3
/08
11/2
1/08
12/9
/08
12/2
7/08
1/14
/09
2/1/
09
2/19
/09
3/9/
09
3/27
/09
4/14
/09
5/2/
09
5/20
/09
6/7/
09
6/25
/09
7/13
/09
7/31
/09
8/18
/09
9/5/
09
9/23
/09
10/1
1/09
10/2
9/09
11/1
6/09
12/4
/09
12/2
2/09
1/9/
10
1/27
/10
0
50
100
150
200
250
300
350
Islamic Security – Attachment Uploads Per Day
5/25
/08
6/11
/08
6/28
/08
7/15
/08
8/1/
08
8/18
/08
9/4/
08
9/21
/08
10/8
/08
10/2
5/08
11/1
1/08
11/2
8/08
12/1
5/08
1/1/
09
1/18
/09
2/4/
09
2/21
/09
3/10
/09
3/27
/09
4/13
/09
4/30
/09
5/17
/09
6/3/
09
6/20
/09
7/7/
09
7/24
/09
8/10
/09
8/27
/09
9/13
/09
9/30
/09
10/1
7/09
11/3
/09
11/2
0/09
12/7
/09
12/2
4/09
1/10
/10
0
1
2
3
4
5
6
7
8
9
10
Islamic Security – Tool Sharing
Islamic Security – Tool Sharing
Threat Intelligence
Profile: Qatar-Attack 61 reported hackings
Methods:Defacements via SQL,file upload, XSS and DDOSusing open source tools
Attacked domains in 11+
countries on 5 continents
Maintains or contributes videos
and blog posts that assist others
in hacking
Threat Intelligence
Profile: Qatar-AttackNames: Qatar-Attack
DB-AttackQatar-Sniper
n1tr0g3n / n1tr0g3n0xid3
MrAboght
alOahTaNi
Aboqhht Qahtani
Naef Alqahtani
Emails: [email protected]
[email protected]@windowslive.com
Twitter: @MrAboqht
YouTube: MrAboqht
Domains: secur1ty.org
s-war.comdb-attack.com
Affiliations: alm3r3fh Group
v4-team
Threat Intelligence
.QA Domain Hacked Locations .QA Hacked Operating Systems
90%
4%
1%
4%
1%
LINUX UNIX WINDOWS BSD UNKNOWN
Hosted in Qatar84%
Hosted Offshore
16%
Threat Profile - Islamic Security
6,861 members and 55,279+ posts since May, 2012.Administrators include: aBo aLi, Mr.Dm4r, Lov3rDns
Topics Include: - Hacking Tutorials and Targets- Tool Development and Distribution- Services and Tools for Sale- “Achievements” of Intrusions
Islamic Security – Attachment Uploads Per Day
5/25
/08
6/11
/08
6/28
/08
7/15
/08
8/1/
08
8/18
/08
9/4/
08
9/21
/08
10/8
/08
10/2
5/08
11/1
1/08
11/2
8/08
12/1
5/08
1/1/
09
1/18
/09
2/4/
09
2/21
/09
3/10
/09
3/27
/09
4/13
/09
4/30
/09
5/17
/09
6/3/
09
6/20
/09
7/7/
09
7/24
/09
8/10
/09
8/27
/09
9/13
/09
9/30
/09
10/1
7/09
11/3
/09
11/2
0/09
12/7
/09
12/2
4/09
1/10
/10
0
1
2
3
4
5
6
7
8
9
10
Trends in attacks
RAM Scrapers
Malware targeting phone and computer
ATM attacks
Dexter
Dec 2012
Vskimmer
Jan 2013
BlackPOS
March 2013
Alina
Oct 2012
The rise of the RAM Scrapers
Example: VSKIMMER
Example: VSKIMMER
Where is the CCArd data?
Example: VSKIMMER
What is the name of the USB stick?
Writing the dumpfile to USB-stick
Example: BlackPOS
DEMO
Latest in the world of POS
You swipe and pay,Meanwhile track-data of your card is send by SMS to criminal….
Shukran!
T H A N KY O U !