group ib security ecosystem
play

Group-IB Security Ecosystem Portfolio update Tim Bobak APAC Sales - PowerPoint PPT Presentation

Jan 31, 2023 •429 likes •765 views

Group-IB Security Ecosystem Portfolio update Tim Bobak APAC Sales Director Group-IB Moneytaker Case Study Moneytaker Investigation Tracking started in Autumn of 2016 after first Russian Incident What happened after the breaches? Thefts from

  1. Group-IB Security Ecosystem Portfolio update Tim Bobak APAC Sales Director Group-IB

  2. Moneytaker Case Study Moneytaker Investigation Tracking started in Autumn of 2016 after first Russian Incident

  3. What happened after the breaches? Thefts from card processing and other payment systems

  4. Document exfiltration Confidential documents, Personal Data SWIFT and security guidelines

  5. Breaches go public But Group-IB stopped other attacks on US banks

  6. How did we investigate Attackers used SSL certificates across multiple campaigns and attack infrastructure

  7. What do we use? We survey the internet daily

  8. Group-IB Ecosystem Threat Intelligence Driven Products

  9. How our ecosystem is developed Very few companies globally have the infrastructure to create Threat Intelligence driven cyber security products Group-IB Infrastructure Analyst Driven Experience & TI • HoneyNet and botnet analysis • Forensics • Hacker community infiltration • Investigations • Open-source monitoring • Malware monitoring and research • ISP Level Sensors • CERT-GIB request database • IDS, EDR & Sandbox deployments • Security assessment • Clientside malware detection • Domain & Registrar data

  10. Early warning system to hunt attackers

  11. Threat Detection System TDS Endpoint TDS Sensors TDS Sandbox Huntbox Threat Detection System is a multi-part platform designed to cover all attack avenues inside of your network

  12. Attack Vectors covered Integrated modules to cover popular attack vectors Browser Customer Mail Local network Supply chain facing apps TDS Endpoint TDS Endpoint TDS Sensor TDS Sensor TDS Polygon TDS Sensor TDS Polygon TDS Endpoint TDS Endpoint How can you use this to catch a Moneytaker?

  13. TDS Sensor In-depth traffic Encrypted Traffic inspection Analysis Analyses DNS, HTTP, Hop Mechanisms to work with hidden HTTP / HTTPS, SMB and more channels, DG Algorithms Unique signatures Detect Lateral movement Proprietary data from exclusive Detects tools and techniques used sources written by our team by attackers for persistence

  14. Detecting network activity Usage Socks on port 7080 and 1808 VNC clients like as Fileless VNC, VNC, UltraVNC In the US, they used the LogMeIn Hamachi

  15. TDS Sandbox Unparalleled Stops Anti-evasion Detection Techniques Detailed reports for Extremely low false further investigation positive rates File extraction from Retrospective analysis emails and traffic Full process tree Get deep technical insights into the Hardware | Cloud malicious files targeting your networks

  16. Detecting malicious documents Emails with malicious attachments widely used in targeted attacks Malware Samples hosted on Moneytaker infrastructure Provides another avenue for detection

  17. TDS Endpoint and Huntbox TDS Huntbox TDS Endpoint Catch and log Link infrastructure changes made used by attackers by malware Send files to Enrich against data Polygon for from all your networks analysis Link suspicious Track the incident processes to from start to finish traffic Respond: clean All TDS Platform and isolate Detections in one infected hosts

  18. Huntbox & EDR – tracking an actor

  19. Huntbox & EDR – tracking an actor

  20. Group-IB Ecosystem After protecting: Getting smarter…

  21. Threat Intelligence UNIQUE COLLECTION DEEP AND DARK WEB INFRASTRUCTURE MONITORING HUMAN TTP FROM THE WILD INTELLIGENCE FINISHED THREAT KNOWLEDGE OF INTELLIGENCE MALWARE & CYBERCRIME TOOLS «Group-IB has the advantage of getting PERSONALIZED DATA visibility on many unique threats» FOR YOUR ORGANISATION

  22. Nation State Espionage

  23. Cybercriminal brand abuse Fraudsters copy legitimate site using similar domain and replace payment details.

  24. Make intelligence actionable Detailed TTPs and unique Tactical indicators Dedicated Team Members Reverse Engineering Requests Underground forum sweeps Attack analysis and recommendations Actionable API data for SIEM & TIP Platforms Group-IB CERT 24/7 monitoring and response

  25. Group-IB Ecosystem Protecting your Customers en-masse

  26. Protecting Clientside Attackers have developed tools and techniques to steal from your customers These need to be detected Group-IB has developed Secure Bank and Secure Portal, for protecting customers online in banking and e-commerce

  27. Session analysis on PC and Mobile Devices Functionality Behavioral Cross-channel analysis analysis IP & Device Botting and RDP fingerprinting Detection Detects code Global user changes & profiling malware Advanced rule Social engine engineering and AML detection Deploys via Javascript or SDK

  28. Investigating with Secure Bank

  29. Group-IB Ecosystem Suggestions and Review

  30. Consulting & Response Cyber Security Services You can remain unaware for months of hidden but active Security Investigations threats in networks Assessments and Computer Penetration Forensics Compromise assessment Testing allows for analyst driven detection, advisory and Incident assessment of previously Red Teaming Response undetected attacks From multiple actors… Compromise Pre-Incident Assessments Response Already available and used in ASEAN and APAC

  31. Review – Security driven by Intelligence

  32. Thank you for your attention! Questions? Tim Bobak APAC Sales Director Group-IB Twitter: @enablethemacros Email: bobak@group-ib.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways

Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways

Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways Bradley Reaves , Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, Kevin R. B. Butler Florida Institute of Cyber Security (FICS) SMS Ecosystem Cell

404 views • 14 slides
Privacy & Security at Henry Ford Health System 2 THE HFHS ECOSYSTEM $6 Billion in

Privacy & Security at Henry Ford Health System 2 THE HFHS ECOSYSTEM $6 Billion in

Evolution of Privacy & Security at Henry Ford Health System 2 THE HFHS ECOSYSTEM $6 Billion in Revenues 1300+ Member Medical Group $200 Million in uncompensated 1000+ Member Physician Network care (Non-Employed &

335 views • 22 slides
Ocean ecosystem conservation and seafood security for future generation A case study of

Ocean ecosystem conservation and seafood security for future generation A case study of

Ocean ecosystem conservation and seafood security for future generation A case study of ecosystem g y y approach to fisheries and the adaptive management of the Shiretoko World Natural Heritage Site g

950 views • 37 slides
The Role of Government in Securing the CAV Ecosystem Sevvy Palmer AESIN Security Conference,

The Role of Government in Securing the CAV Ecosystem Sevvy Palmer AESIN Security Conference,

The Role of Government in Securing the CAV Ecosystem Sevvy Palmer AESIN Security Conference, Glasgow, 16 th June 2016 The Role of Government in Securing the CAV Ecosystem 1 CAVs present tremendous opportunities safety efficiency mobility

393 views • 11 slides
CSE 484 / CSE M 584 Computer Security: Online Ecosystem Studies TA: Adrian

CSE 484 / CSE M 584 Computer Security: Online Ecosystem Studies TA: Adrian

CSE 484 / CSE M 584 Computer Security: Online Ecosystem Studies TA: Adrian Sham adrsham@cs With material from Franzi and various sources Reminders Homework #3 due tomorrow (5/29) at 5pm Lab

492 views • 32 slides
UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE Maritime Security - Commercial Shipping Security - Cruise Liner Security - Super-Yacht Security Maritime Security Services UCP GROUP is a market

247 views • 22 slides
CSE 484 / CSE M 584 Computer Security: Malware and Online Ecosystem Studies TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: Malware and Online Ecosystem Studies TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: Malware and Online Ecosystem Studies TA: Thomas Crosley tcrosley@cs With material from Franzi, Adrian Sham, and various sources Reminders Homework #3, due May 23th, 8pm (Tomorrow!) Lab #3 due

638 views • 40 slides
The political economy of water security, ecosystem services and livelihoods in the western

The political economy of water security, ecosystem services and livelihoods in the western

The political economy of water security, ecosystem services and livelihoods in the western Himalayas ESPA 2013 PROJECT, REFERENCE NE/ L001365/ 1 Project team University of Cambridge Bhaskar Vira Centre for Development and Research

264 views • 11 slides
Measuring Adoption of Security Additions to the HTTPS Ecosystem Quirin Scheitle July 16, 2018

Measuring Adoption of Security Additions to the HTTPS Ecosystem Quirin Scheitle July 16, 2018

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Measuring Adoption of Security Additions to the HTTPS Ecosystem Quirin Scheitle July 16, 2018 Applied Networking Research Workshop (ANRW)

303 views • 11 slides
SOFTWARE ECOSYSTEM MANJU HEGDE, CORPORATE VP, PRODUCTS GROUP, AMD OUTLINE Motivation HSA

SOFTWARE ECOSYSTEM MANJU HEGDE, CORPORATE VP, PRODUCTS GROUP, AMD OUTLINE Motivation HSA

HETEROGENEOUS SYSTEM ARCHITECTURE (HSA) AND THE SOFTWARE ECOSYSTEM MANJU HEGDE, CORPORATE VP, PRODUCTS GROUP, AMD OUTLINE Motivation HSA architecture v1 Software stack Workload analysis Software Ecosystem 2 PARADIGM SHIFTS.

933 views • 74 slides
National Ecosystem Services Classification System (NESCS) For UNSD SEEA-EEA UNSD Expert Group

National Ecosystem Services Classification System (NESCS) For UNSD SEEA-EEA UNSD Expert Group

Vision, Structure, Scope, and Applicability of the National Ecosystem Services Classification System (NESCS) For UNSD SEEA-EEA UNSD Expert Group Meeting Towards a standard international classification on ecosystem services June 20, 2016

387 views • 37 slides
Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments Seongmin Kim , Juhyeng Han, Jaehyeong Ha, Taesoo Kim *, Dongsu Han * 1 Tor anonymity network Tor: the most popular anonymity network for Internet

600 views • 36 slides
5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

Se minar 5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application Speaker Adam Davis Dave Batker Dr. Ben Guillon Ricardo Bayon 2011 ECOSYSTEM SERVICES SEMINAR SERIES Ecosystem Services Seminar

745 views • 35 slides
Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and

Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and

Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and basis for Suitable for ecosystem services decisions: Monetary terms that we have good knowledge of and is (WTP-studies, cost-benefit

617 views • 4 slides
South Florida South Florida Ecosystem Ecosystem Restoration Restoration I ntegrated Delivery

South Florida South Florida Ecosystem Ecosystem Restoration Restoration I ntegrated Delivery

South Florida South Florida Ecosystem Ecosystem Restoration Restoration I ntegrated Delivery I ntegrated Delivery Schedule Schedule Working Group August 2008 Background May TF: Members requested that we work with WG staff to

254 views • 10 slides
Non-IGMP-specific security or Why not to do security at the IGMP level Dave Thaler

Non-IGMP-specific security or Why not to do security at the IGMP level Dave Thaler

Non-IGMP-specific security or Why not to do security at the IGMP level Dave Thaler dthaler@microsoft.com General Internet Case Group Receiver Group key Content Group Group Key acquisition Node Provider Key Key Server Server

613 views • 10 slides
Economics of cybersecurity Measuring security levels Michel van

Economics of cybersecurity Measuring security levels Michel van

Economics of cybersecurity Measuring security levels Michel van Eeten Del. University of Technology Security produc=vity What is measurable? Security level

217 views • 10 slides
Response to Cyber Security Threat NIEs Approach to Information Security Background

Response to Cyber Security Threat NIEs Approach to Information Security Background

Response to Cyber Security Threat NIEs Approach to Information Security Background NTU / NIE is corporatized in April 2006 (Not requires to comply with IM8) Mission - To provide effective ICT resources, services and

841 views • 6 slides
KRACKing WPA2 in Practice Using Key Reinstallation Attacks Mathy Vanhoef @vanhoefm BlueHat

KRACKing WPA2 in Practice Using Key Reinstallation Attacks Mathy Vanhoef @vanhoefm BlueHat

KRACKing WPA2 in Practice Using Key Reinstallation Attacks Mathy Vanhoef @vanhoefm BlueHat IL, 24 January 2018 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Lessons learned 2 Overview Key reinstalls in

726 views • 47 slides
Incident Command: The far side of the edge Lisa Phillips Tom Daly Maarten Van Horenbeeck

Incident Command: The far side of the edge Lisa Phillips Tom Daly Maarten Van Horenbeeck

Incident Command: The far side of the edge Lisa Phillips Tom Daly Maarten Van Horenbeeck Incident Command: the far side of the Edge 30 POPs; 5 Continents; ~7Tb/sec Network Incident Command: the far side of the Edge Inspiration Incident

626 views • 36 slides
Infrastructure-Industry Working Group Quarterly Meeting July 31, 2019 3:00-4:30 pm (Eastern)

Infrastructure-Industry Working Group Quarterly Meeting July 31, 2019 3:00-4:30 pm (Eastern)

CAT Coalition Infrastructure-Industry Working Group Quarterly Meeting July 31, 2019 3:00-4:30 pm (Eastern) Agenda Welcome and Introductions Co- Chairs Remarks Overview of Phase 2 Year 2 Work plan FHWA Updates Guest

1.12k views • 86 slides
Use Case Analysis for Smart Cities and Communities Gyu Myoung Lee ITU-T Chair of FG-DPM, WP3/13

Use Case Analysis for Smart Cities and Communities Gyu Myoung Lee ITU-T Chair of FG-DPM, WP3/13

Workshop on Smart Sustainable Cities Samarkand, Uzbekistan, 1-2 June 2017 Use Case Analysis for Smart Cities and Communities Gyu Myoung Lee ITU-T Chair of FG-DPM, WP3/13 Co-chair, Q16/13 and Q4/20 Rapporteur LJMU UK/ KAIST Korea

829 views • 26 slides
Upgrading Distribution Resilience: A DOE-OE Solicitation Tuesday, April 7, 2015 Hosted by Todd

Upgrading Distribution Resilience: A DOE-OE Solicitation Tuesday, April 7, 2015 Hosted by Todd

Energy Storage Technology Advancement Partnership (ESTAP) Webinar: Upgrading Distribution Resilience: A DOE-OE Solicitation Tuesday, April 7, 2015 Hosted by Todd Olinsky-Paul ESTAP Project Director, CESA Housekeeping State & Federal

828 views • 58 slides
Homeland Security Exercise Evaluation Program (HSEEP) Pat Anders Manager, Health Emergency

Homeland Security Exercise Evaluation Program (HSEEP) Pat Anders Manager, Health Emergency

Homeland Security Exercise Evaluation Program (HSEEP) Pat Anders Manager, Health Emergency Preparedness Exercises Office of Health Emergency Preparedness 2 Target Audience The target audience for HSEEP training includes: Exercise Planning

1.5k views • 96 slides

More recommend