inteco-cert team update - first · samples fastflux open resolver threats urls bots. 7 services...
Post on 21-Aug-2020
1 Views
Preview:
TRANSCRIPT
1
FIRST TC / TF-CSIRT Las Palmas, January 27th 2015
Javier Berciano
INTECO-CERT team update
2
INTECO INCIBE
3
Coordination SETSI-SES
SETSI-SESagreement
CRITICAL INFRAESTRUCTURE
PROTECTION
FIGHT AGAINST CYBERCRIME AND CYBERTERRORISM
AWARENESS AND TRAINING
4
INTECO-CERT CERTSI
+
5
Services
Incidenthandling
Proactivedetection
Earlywarning
CyberExercises
Awarenessraising
Enterprises and citizensincidencias@certsi.es
Critical infrastructurespic@certsi.es
24x7x365
6
Services
Incidenthandling
Proactivedetection
Earlywarning
CyberExercises
Awarenessraising
MICS
C&C
SPAM
Samples
FastFlux
Open Resolver
Threats
URLs
bots
7
Services
0day vulnerabilities reports
General software
SCADA software
Incidenthandling
Proactivedetection
Earlywarning
CyberExercises
Awarenessraising
8
Services
Design: APT behaviour scenario with 3 phases
• Phase 1: Social engineering
• Phase 2: Internal pentest
• Phase 3: Incident handling scenario
15 critical infrastructures operators involved
Incidenthandling
Proactivedetection
Earlywarning
CyberExercises
Awarenessraising
9
Services
Learn for protect
OSINT reports
Cheatsheets
Best practices
Incidenthandling
Proactivedetection
Earlywarning
CyberExercises
Awarenessraising
10
AntiBotnet service
Facts:
5,8 millions botnet related evidences daily
Close to 74.000 unique Spanish IP addresses infected
Information from 570 sinkholes with 83 different botnets
11
Goals:
Botnet mitigation and disinfection
Realtime IP check service
End user reporting
AntiBotnet service
12
Analysis and information processing
End-user identification and
notifications generation
Feed (bots)
CyberSecurity Intelligence Engine
BOTNET EVIDENCES DATABASE
TRUSTED SOURCES
DETECTION
Analysis of Threats
Metrics
END USER
ANTIBOTNET SERVICE URL + Botnet Ticket
Threat Information and disinfection Tools
Awareness and Prevention
AntiBotnet service
13
Online IP check
AntiBotnet service
14
Chrome extension
AntiBotnet service
15
Detailed information about threat
AntiBotnet service
Disinfection tools (AV cleaners)
16
GFzo
torpig
28/10/14
xxx
1.1.1
AntiBotnet service
17
AntiBotnet service
18
Thank you!Javier Berciano
javier.berciano@incibe.es
Questions?
top related