Bot-Trek Cyber Intelligence (CI) — a platform which allows customers the ability to monitor, analyze and predict potential threats to information security relevant to the company, its partners and customers
Examples of Incidents Home Depot's 56 Million Card Chinese Hackers Target Massive Sony breach sheds Breach Bigger Than Target's srael’s Iron Dome light on murky hacker universe Home Depot Inc. said 56 million cards may have Three Israeli defense contractors responsible for Last week Sony admitted to having suffered a major been compromised in a five-month attack on its building the “Iron Dome” missile shield currently cybersecurity breach; hackers not only erased data payment terminals, making the breach much protecting Israel from a barrage of rocket attacks from its systems, but also stole, and released to the bigger than the holiday attack at Target Corp. were compromised by hackers and robbed of public, pre-release movies, people’s private informa - huge quantities of sensitive documents pertain - tion, and sensitive documents. ing to the shield technology. … Data Breach at Health Insurer Anthem Could Impact Millions, Banks: Card Thieves Hit White Lodging Again, FBI: Businesses Lost $215M to Email Scams, Home Depot: 56M Cards Impacted, Malware Contained, Medical Records For Sale in Underground Stolen From Texas Life Insurance Firm, Sony Breach May Have Exposed Employee Healthcare, Salary Data, Malware Based Credit Card Breach at Kmart, Dairy Queen Confirms Breach at 395 Stores, Huge Data Leak at Largest U.S. Bond Insurer, Hackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System, eBay Urges Password Changes After Breach, Target: Names, Emails, Phone Numbers on Up To 70 Million Customers Stolen … 2 Bot-Trek Cyber Intelligence
Targeted Attacks in 2014 Hacking of more than 50 Russian banks, 5 payment systems, and 16 retail companies. Access to Anunak isolated banking systems, ATMs, e-mail, and payment gateways. Hacking of telecom operators, state-owned companies, research institutions, and political orga - Regin nizations. Access to confidential information, tracking of GSM networks. Energetic Hacking of energy, pharmaceutical, construction and educational institutions. Bear Careto Hacking of government, diplomatic, energy, oil, investment companies and research institutes. 3 Bot-Trek Cyber Intelligence
Data on Damage (HP, PWC, Group-IB) $ 40 mln is earned by one criminal group by stealing in Reacting to the incident after it has already occurred is very expensive in terms of both the manage - Internet banking information ment of consequences and the eradication of attacker from the internal infrastructure Damage amount, Damage amount, 2013 2014 * Group-IB Large organizations data $ 3.9 mln $ 5.9 mln Income: over $ 1 bln Medium-sized organizations $ 1 mln $ 1.3 mln Income: over $ 100 mln to $ 1 bln $ 1.5 mln is direct damage caused by the Small organizations < $ 1.2 mln targeted attack $ 0.65 mln $ 0.41 mln Income: less than $ 100 mln is сamount of direct steals we prevent per year Incidents cause great damage to large organizations Average damage due to cyber attacks per The average amount of financial losses due to information $ 12.7 mln security incidents, 2013-2014. * PWC data In Russia, $ 3.3 mln 4 *HP, Ponemon data Bot-Trek Cyber Intelligence
Incident Development Time Seconds Minutes Hours Days Weeks Months Years 10% 75% 12% 2% 0% 1% 1% From attack to discredit Hacking takes minutes 10% 38% 14% 25% 8% 8% 0% From discredit to leakage 0% 0% 2% 13% 29% 54% 2% From leakage to detection Detection and elimination From detection take weeks 0% 1% 9 32 38% 17% 4% to localization and and months elimination Time scale of events in % of the total number of hackings 5 Bot-Trek Cyber Intelligence * Source: 2012 Verizon Data Breach Investigations
Why do Incidents Happen? Means of protection do not pro- Accidentally intercepted pass- vide information on attackers , word can be the beginning of the used tools and attack tactics targeted attack It is not possible to distinguish among thousands of events those that are really important The event importance can No indicators to identify not be adequately estimated interesting incidents without the knowledge of the hacking target 6 Bot-Trek Cyber Intelligence
Be Proactive 1. Exploration 2. Arming Collection of e-mails, Collection exploits Hours-months Preparation confidential information, and backdoors Forecast etc. possible attacks Identify attacks in preparation 3. Delivery 5. Installation 4. Exploitation Study attack tactics of arms to the victim of malicious of vulnerabilities by based on via e-mail, Web, programs in using malicious programs USB, etc. other incidents victim’s devices in victim’s devices Seconds Hacking Be prepared to resist threats in advance Suppress attack 6. Management 7. Impact on the facilities, at the very beginning Sending commands for access to needed data remote control of Data leakage victim’s device Months 7 Bot-Trek Cyber Intelligence
What is Needed for Proactive Protection? Cyber Intelligence makes it possible to prevent the incident at the preparation stage and to become proactive Track data leakage outside the Be constantly involved in the analy- protection perimeter sis of various incidents Be provided with the infrastructure Identify hacked accounts in botnets for data processing and receive and phishing pages information on new threats Track attack on partners Study data on new threats and customers Analyze connections between events 8 Bot-Trek Cyber Intelligence
Bot-Trek Сyber Intelligence Bot-Trek Cyber Intelligence — a platform enabling the customer to monitor, analyze and predict potential threats to information security that are relevant to the company, its partners and customers SaaS-solution: no installation required Integration with antifraud systems and IDS/IPS/SIEM Stix/Taxii support 9 Bot-Trek Cyber Intelligence
CI Operation Initial data Intelligence Compatible Bank cards with Stix/Taxii Analysis and trends Botnets Risk notifications API for Investigations Enterprise Correlation security Cracked passwords, Sandboxes databases, etc. Analysis and check Hacktivism Deep Web analysis Intelligence exchange SPAM traps DDoS, Deface, Phishing, Malvertising feeds Dashboard Additional CERT data c ollection Malware Suspect IP Relation to regions Social networks and business areas Дропы/Mules Forensic 10 Bot-Trek Cyber Intelligence
The Data We Provide Strategic data: Analysis of the actions of criminal groups Technical indicators: Assessment of attacks in various countries/ business segments IP and URL addresses Forecasting new threats Names of malicious attachments Information on the most relevant threats Themes of letters with targeted attacks Tactical/operational data: Hacked legitimate web-sites spreading malware Information on threats and analysis CChanges in the operating system Information on current attacks Abnormal signs Information on criminal groups/their tools/tactics Information on logins/passwords of the company, its partners and customers 11 Bot-Trek Cyber Intelligence
Who Can Use the Data As the Security/Risk Manager As the Marketing Director You can: You can: Improve the effectiveness of the marketing tools you use Prevent accidents and fraud Always be aware of the threats your company could be exposed to and Correctly assess risks to the company have the tools for rapid counteraction. Develop tactical and strategic security plans If necessary, add new channels to interact with potential customers of Track trends, global and local threats your company Assess the effectiveness of military protection processes Respond effectively to current challenges As the Chief Executive Office (CEO) You can: As the Director of Human Resources (HR) You can: Always be aware of the most dangerous threats your company could be exposed to Track unlawful activity of your employees Assess the effectiveness of protected investments Adjust the policy of the Company depending on the identified threats Be aware of potential financial losses 12 Bot-Trek Cyber Intelligence
How to Manage the Large Amounts of Data? Tactic information can API for integration be filtered for countries with your SIEM, IPS, and business areas Individual notifications and Firewall of targeted attacks on you for you, your part- ners, and clients We support the STIX format upon submis- 24x7 sion of threat data support 13 Bot-Trek Cyber Intelligence
Data Sources and Information Storage Security Confidential data is available We process data in 11 Data on different countries are stored on only to those companies which languages servers in those countries: storage devices they belong to are currently deployed in the USA, Germany, Russia, the Netherlands, and Great Britain 14 Bot-Trek Cyber Intelligence
Analytics and Trends Data flow Content Possibilities Company Analysis of hacking companies Damage evaluation Invest expediently Quarterly digests Analytics Adjust the risk map and trends Statistical data Identify your enemy Forecasting of threats Prioritize threats 15 Bot-Trek Cyber Intelligence
Recommend
More recommend