Group-IB Security Ecosystem Portfolio update Tim Bobak APAC Sales - - PowerPoint PPT Presentation

Group-IB Security Ecosystem

Portfolio update Tim Bobak APAC Sales Director Group-IB

Moneytaker Case Study

Moneytaker Investigation

Tracking started in Autumn of 2016 after first Russian Incident

What happened after the breaches?

Thefts from card processing and other payment systems

Document exfiltration

Confidential documents, Personal Data SWIFT and security guidelines

Breaches go public

But Group-IB stopped other attacks on US banks

How did we investigate Attackers used SSL certificates across multiple campaigns and attack infrastructure

What do we use? We survey the internet daily

Group-IB Ecosystem

Threat Intelligence Driven Products

How our ecosystem is developed

Very few companies globally have the infrastructure to create Threat Intelligence driven cyber security products Group-IB Infrastructure

• HoneyNet and botnet analysis
• Hacker community infiltration
• Open-source monitoring
• ISP Level Sensors
• IDS, EDR & Sandbox deployments
• Clientside malware detection

Analyst Driven Experience & TI

• Forensics
• Investigations
• Malware monitoring and research
• CERT-GIB request database
• Security assessment
• Domain & Registrar data

Early warning system to hunt attackers

Threat Detection System

Threat Detection System is a multi-part platform designed to cover all attack avenues inside of your network

Huntbox TDS Sensors TDS Sandbox TDS Endpoint

Attack Vectors covered

Customer facing apps

TDS Polygon

Mail

TDS Endpoint TDS Polygon

Browser

TDS Endpoint TDS Sensor

Local network

TDS Sensor TDS Endpoint

Supply chain

TDS Sensor TDS Endpoint

Integrated modules to cover popular attack vectors How can you use this to catch a Moneytaker?

TDS Sensor

Analyses DNS, HTTP, Hop HTTP / HTTPS, SMB and more

In-depth traffic inspection Unique signatures

Proprietary data from exclusive sources written by our team Mechanisms to work with hidden channels, DG Algorithms

Encrypted Traffic Analysis Detect Lateral movement

Detects tools and techniques used by attackers for persistence

Detecting network activity

Usage Socks on port 7080 and 1808 VNC clients like as Fileless VNC, VNC, UltraVNC In the US, they used the LogMeIn Hamachi

TDS Sandbox

Unparalleled Detection Detailed reports for further investigation Stops Anti-evasion Techniques File extraction from emails and traffic Extremely low false positive rates Retrospective analysis Full process tree Get deep technical insights into the malicious files targeting your networks

Hardware | Cloud

Detecting malicious documents

Emails with malicious

attachments widely

used in targeted attacks Malware Samples hosted on Moneytaker infrastructure Provides another avenue for detection

TDS Endpoint and Huntbox

Link infrastructure used by attackers Track the incident from start to finish Enrich against data from all your networks All TDS Platform Detections in one

TDS Huntbox TDS Endpoint

Catch and log changes made by malware Send files to Polygon for analysis Link suspicious processes to traffic Respond: clean and isolate infected hosts

Huntbox & EDR – tracking an actor

Huntbox & EDR – tracking an actor

Group-IB Ecosystem

After protecting: Getting smarter…

Threat Intelligence

DEEP AND DARK WEB MONITORING TTP FROM THE WILD HUMAN INTELLIGENCE KNOWLEDGE OF MALWARE & CYBERCRIME TOOLS FINISHED THREAT INTELLIGENCE UNIQUE COLLECTION INFRASTRUCTURE PERSONALIZED DATA FOR YOUR ORGANISATION

«Group-IB has the advantage of getting visibility on many unique threats»

Nation State Espionage

Cybercriminal brand abuse

Fraudsters copy legitimate site using similar domain and replace payment details.

Detailed TTPs and unique Tactical indicators Dedicated Team Members Reverse Engineering Requests Underground forum sweeps Attack analysis and recommendations Actionable API data for SIEM & TIP Platforms Group-IB CERT 24/7 monitoring and response

Make intelligence actionable

Group-IB Ecosystem

Protecting your Customers en-masse

Protecting Clientside

Attackers have developed tools and techniques to steal from your customers These need to be detected Group-IB has developed Secure Bank and Secure Portal, for protecting customers online in banking and e-commerce

Session analysis on PC and Mobile Devices

Behavioral analysis IP & Device fingerprinting Global user profiling Advanced rule engine Botting and RDP Detection Cross-channel analysis Detects code changes & malware Social engineering and AML detection

Functionality

Deploys via Javascript or SDK

Investigating with Secure Bank

Group-IB Ecosystem

Suggestions and Review

Consulting & Response

Security Assessments Penetration Testing Red Teaming Compromise Assessments Investigations and Computer Forensics Incident Response Pre-Incident Response

Already available and used in ASEAN and APAC

You can remain unaware for months of hidden but active threats in networks Compromise assessment allows for analyst driven detection, advisory and assessment of previously undetected attacks From multiple actors…

Cyber Security Services

Review – Security driven by Intelligence

Thank you for your attention! Questions?

Tim Bobak APAC Sales Director Group-IB Twitter: @enablethemacros Email: bobak@group-ib.com