Bot-Trek Cyber Intelligence (CI) a platform which allows customers - - PowerPoint PPT Presentation

▶

Feb 24, 2023 13 likes •284 views

Bot-Trek Cyber Intelligence (CI) a platform which allows customers the ability to monitor, analyze and predict potential threats to information security relevant to the company, its partners and customers Examples of Incidents Home Depot's

SLIDE 1

Bot-Trek Cyber Intelligence (CI) — a platform which allows customers the ability to monitor, analyze and predict potential threats to information security relevant to the company, its partners and customers

SLIDE 2

Examples of Incidents

2

Bot-Trek Cyber Intelligence

Home Depot's 56 Million Card Breach Bigger Than Target's

Home Depot Inc. said 56 million cards may have been compromised in a five-month attack on its payment terminals, making the breach much bigger than the holiday attack at Target Corp. …Data Breach at Health Insurer Anthem Could Impact Millions, Banks: Card Thieves Hit White Lodging Again, FBI: Businesses Lost $215M to Email Scams, Home Depot: 56M Cards Impacted, Malware Contained, Medical Records For Sale in Underground Stolen From Texas Life Insurance Firm, Sony Breach May Have Exposed Employee Healthcare, Salary Data, Malware Based Credit Card Breach at Kmart, Dairy Queen Confirms Breach at 395 Stores, Huge Data Leak at Largest U.S. Bond Insurer, Hackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System, eBay Urges Password Changes After Breach, Target: Names, Emails, Phone Numbers on Up To 70 Million Customers Stolen …

Chinese Hackers Target srael’s Iron Dome

Three Israeli defense contractors responsible for building the “Iron Dome” missile shield currently protecting Israel from a barrage of rocket attacks were compromised by hackers and robbed of huge quantities of sensitive documents pertain- ing to the shield technology.

Massive Sony breach sheds light on murky hacker universe

Last week Sony admitted to having suffered a major cybersecurity breach; hackers not only erased data from its systems, but also stole, and released to the public, pre-release movies, people’s private information, and sensitive documents.

SLIDE 3

Targeted Attacks in 2014

3

Bot-Trek Cyber Intelligence

Hacking of more than 50 Russian banks, 5 payment systems, and 16 retail companies. Access to isolated banking systems, ATMs, e-mail, and payment gateways. Hacking of telecom operators, state-owned companies, research institutions, and political orga-

nizations. Access to confidential information, tracking of GSM networks.

Hacking of energy, pharmaceutical, construction and educational institutions. Hacking of government, diplomatic, energy, oil, investment companies and research institutes.

Anunak Regin Energetic Bear Careto

SLIDE 4

Data on Damage (HP, PWC, Group-IB)

4

Bot-Trek Cyber Intelligence

* Group-IB data *HP, Ponemon data

Average damage due to cyber attacks per

$ 12.7 mln

In Russia, $ 3.3 mln

Reacting to the incident after it has already occurred is very expensive in terms of both the manage- ment of consequences and the eradication of attacker from the internal infrastructure

* PWC data

Incidents cause great damage to large organizations The average amount of financial losses due to information security incidents, 2013-2014.

$ 40 mln

is earned by one criminal group by stealing in Internet banking information

$ 1.5 mln

is direct damage caused by the targeted attack

< $ 1.2 mln

is сamount of direct steals we prevent per year Large organizations Income: over $ 1 bln Medium-sized organizations Income: over $ 100 mln to $ 1 bln Small organizations Income: less than $ 100 mln Damage amount, 2013 Damage amount, 2014

$ 5.9 mln $ 0.65 mln $ 0.41 mln $ 1 mln $ 1.3 mln $ 3.9 mln

SLIDE 5

Incident Development Time

5

Bot-Trek Cyber Intelligence

* Source: 2012 Verizon Data Breach Investigations

Time scale of events in % of the total number of hackings

Seconds Minutes Hours Days Weeks Months Years From attack to discredit From discredit to leakage From leakage to detection From detection to localization and elimination

10% 75% 12% 2% 0% 1% 1% 10% 38% 14% 25% 8% 8% 0% 0% 0% 2% 13% 29% 54% 2% 0% 1% 9 32 38% 17% 4%

Hacking takes minutes Detection and elimination take weeks and months

SLIDE 6

It is not possible to distinguish among thousands of events those that are really important Means of protection do not provide information on attackers, used tools and attack tactics Accidentally intercepted password can be the beginning of the targeted attack No indicators to identify interesting incidents The event importance can not be adequately estimated without the knowledge of the hacking target

Why do Incidents Happen?

6

Bot-Trek Cyber Intelligence

SLIDE 7

Be Proactive

7

Bot-Trek Cyber Intelligence

Preparation Hacking Data leakage Hours-months Seconds Months Forecast possible attacks Identify attacks in preparation Study attack tactics based on

ther incidents

Be prepared to resist threats in advance Suppress attack at the very beginning

1. Exploration

Collection of e-mails, confidential information, etc.

2. Arming

Collection exploits and backdoors

3. Delivery
f arms to the victim

via e-mail, Web, USB, etc.

4. Exploitation
f vulnerabilities by

using malicious programs in victim’s devices

5. Installation
f malicious

programs in victim’s devices

6. Management

Sending commands for remote control of victim’s device

7. Impact on the facilities,

access to needed data

SLIDE 8

Be constantly involved in the analysis of various incidents Track data leakage outside the protection perimeter Track attack on partners and customers Study data on new threats Identify hacked accounts in botnets and phishing pages Cyber Intelligence makes it possible to prevent the incident at the preparation stage and to become proactive

What is Needed for Proactive Protection?

8

Bot-Trek Cyber Intelligence

Analyze connections between events Be provided with the infrastructure for data processing and receive information on new threats

SLIDE 9

Bot-Trek Сyber Intelligence

9

Bot-Trek Cyber Intelligence

Bot-Trek Cyber Intelligence —

a platform enabling the customer to monitor, analyze and predict potential threats to information security that are relevant to the company, its partners and customers SaaS-solution: no installation required Integration with antifraud systems and IDS/IPS/SIEM Stix/Taxii support

SLIDE 10

CI Operation

10

Bot-Trek Cyber Intelligence Botnets SPAM traps Malware Forensic Sandboxes Bank cards Social networks Deep Web CERT Investigations Analysis and trends Risk notifications Cracked passwords, databases, etc. Hacktivism analysis DDoS, Deface, Phishing, Malvertising feeds Suspect IP Дропы/Mules Correlation Additional data c

llection

Intelligence exchange Analysis and check Relation to regions and business areas

Compatible with Stix/Taxii

API for Enterprise security Dashboard

Initial data Intelligence

SLIDE 11

The Data We Provide

11

Bot-Trek Cyber Intelligence

Analysis of the actions of criminal groups Assessment of attacks in various countries/ business segments Forecasting new threats Information on the most relevant threats

Strategic data:

Information on threats and analysis Information on current attacks Information on criminal groups/their tools/tactics Information on logins/passwords of the company, its partners and customers

Tactical/operational data:

IP and URL addresses Names of malicious attachments Themes of letters with targeted attacks Hacked legitimate web-sites spreading malware CChanges in the operating system Abnormal signs

Technical indicators:

SLIDE 12

Who Can Use the Data

12

Bot-Trek Cyber Intelligence

As the Security/Risk Manager You can:

Prevent accidents and fraud Correctly assess risks to the company Develop tactical and strategic security plans Track trends, global and local threats Assess the effectiveness of military protection processes Respond effectively to current challenges

As the Marketing Director You can:

Improve the effectiveness of the marketing tools you use Always be aware of the threats your company could be exposed to and have the tools for rapid counteraction. If necessary, add new channels to interact with potential customers of your company

As the Director of Human Resources (HR) You can:

Track unlawful activity of your employees Adjust the policy of the Company depending on the identified threats

As the Chief Executive Office (CEO) You can:

Always be aware of the most dangerous threats your company could be exposed to Assess the effectiveness of protected investments Be aware of potential financial losses

SLIDE 13

How to Manage the Large Amounts of Data?

13

Bot-Trek Cyber Intelligence

Tactic information can be filtered for countries and business areas Individual notifications

f targeted attacks on

you for you, your partners, and clients API for integration with your SIEM, IPS, and Firewall We support the STIX format upon submis- sion of threat data 24x7 support

SLIDE 14

Data Sources and Information Storage Security

Confidential data is available

nly to those companies which

they belong to Data on different countries are stored on servers in those countries: storage devices are currently deployed in the USA, Germany, Russia, the Netherlands, and Great Britain We process data in 11 languages

14

Bot-Trek Cyber Intelligence

SLIDE 15

Company

Bot-Trek Cyber Intelligence

Analytics and Trends

15 Content Possibilities Data flow

Analysis of hacking companies Damage evaluation Quarterly digests Statistical data Forecasting of threats Invest expediently Adjust the risk map Identify your enemy Prioritize threats

Analytics and trends

SLIDE 16

Discredited Data

16

Bot-Trek Cyber Intelligence

Company

Content Possibilities Data flow

Logins/passwords IMEI / IMSI Card data Files: SMS, screen images, logs Drops (Mules) Ensure against corporate leakage Ensure against fraud of customers Stop targeted attacks Get confirmation of hacking Identify the hacking source

Discredited data

Bot-Trek Cyber Intelligence

Russia is the Source of the Most Interesting Threats

23

Zeus SpyEye Carberp Tinba Dyre/Dyreza Rovnix Gozi/ISFB

Bank trojans

BlackHole Angler Rig Nuclear Neutrino Styx

Exploit Kits

Black Energy Optima Darkness Dirt Jumper Drive Revolution

DDoS trojans

Red October Energetic bear Anunak

Targeted attacks

SLIDE 24

24

Bot-Trek Cyber Intelligence

CERT-GIB is the first day-and-night accredited center for monitoring and detecting cyber threats Infrastructure of analysis

f network traffic

Customers with daily existing incidents Virus analysts, criminal experts, response team, own R&D Competent in operation with domains such as RU, RF, SU, ТАТАР, ДЕТИ Group-IB has the largest computer forensics lab in Eastern Europe

Group-IB in Russia

SLIDE 25

25

Bot-Trek Cyber Intelligence

Group-IB is one of 7 most influential information security companies

Why Group-IB?

80%

f all huge legal cases in a field of

cybercrime involve Group-IB’s expertise and research One of 7 companies included in the Gartner report in Cyber Intelligence section

Europol

signed an agreement with Group-IB to cooperate in combating cybercrime on a global scale

Rostec

has chosen Bot-Trek as one of the main solutions that help create corporate security system

Group-IB‘s

experts release detailed report on cyber crime trends every year

12 YEARS

f experience in a

field of computer forensics cyber crime prevention and brand protection

SLIDE 26

26

Bot-Trek Cyber Intelligence

Participation of Group-IB in Notable Investigations

Arrest of the author of Blackhole exploits: 40% of infections in the world occurred with the use of his exploits Arrest of Leonid Kuvaev: According to SPAMHOUSE, he is one

f three most dangerous spammers
f the world

Arrest of the owner

f the first bank mobile

botnet Anunak/Carbanak Attacks: successfully hacked

ver 50 banks

Arrest of the Carberp group: botnet of more than 6 million computers, hundreds of millions

f dollars stolen

SLIDE 27

Ask about all possibilities of Bot-Trek Cyber Intelligence

Bot-Trek Cyber Intelligence

http://ci.group-ib.com Manager Alexander Tushkanov Head, International Sales Group-IB +7 495 984 33 64 ext. 575 (Moscow landline) +44 (0) 74 7478 8808 (UK mobile) a.tushkanov@group-ib.com