group ib security ecosystem
play

Group-IB Security Ecosystem Portfolio update Tim Bobak APAC Sales - PowerPoint PPT Presentation

Group-IB Security Ecosystem Portfolio update Tim Bobak APAC Sales Director Group-IB Moneytaker Case Study Moneytaker Investigation Tracking started in Autumn of 2016 after first Russian Incident What happened after the breaches? Thefts from


  1. Group-IB Security Ecosystem Portfolio update Tim Bobak APAC Sales Director Group-IB

  2. Moneytaker Case Study Moneytaker Investigation Tracking started in Autumn of 2016 after first Russian Incident

  3. What happened after the breaches? Thefts from card processing and other payment systems

  4. Document exfiltration Confidential documents, Personal Data SWIFT and security guidelines

  5. Breaches go public But Group-IB stopped other attacks on US banks

  6. How did we investigate Attackers used SSL certificates across multiple campaigns and attack infrastructure

  7. What do we use? We survey the internet daily

  8. Group-IB Ecosystem Threat Intelligence Driven Products

  9. How our ecosystem is developed Very few companies globally have the infrastructure to create Threat Intelligence driven cyber security products Group-IB Infrastructure Analyst Driven Experience & TI • HoneyNet and botnet analysis • Forensics • Hacker community infiltration • Investigations • Open-source monitoring • Malware monitoring and research • ISP Level Sensors • CERT-GIB request database • IDS, EDR & Sandbox deployments • Security assessment • Clientside malware detection • Domain & Registrar data

  10. Early warning system to hunt attackers

  11. Threat Detection System TDS Endpoint TDS Sensors TDS Sandbox Huntbox Threat Detection System is a multi-part platform designed to cover all attack avenues inside of your network

  12. Attack Vectors covered Integrated modules to cover popular attack vectors Browser Customer Mail Local network Supply chain facing apps TDS Endpoint TDS Endpoint TDS Sensor TDS Sensor TDS Polygon TDS Sensor TDS Polygon TDS Endpoint TDS Endpoint How can you use this to catch a Moneytaker?

  13. TDS Sensor In-depth traffic Encrypted Traffic inspection Analysis Analyses DNS, HTTP, Hop Mechanisms to work with hidden HTTP / HTTPS, SMB and more channels, DG Algorithms Unique signatures Detect Lateral movement Proprietary data from exclusive Detects tools and techniques used sources written by our team by attackers for persistence

  14. Detecting network activity Usage Socks on port 7080 and 1808 VNC clients like as Fileless VNC, VNC, UltraVNC In the US, they used the LogMeIn Hamachi

  15. TDS Sandbox Unparalleled Stops Anti-evasion Detection Techniques Detailed reports for Extremely low false further investigation positive rates File extraction from Retrospective analysis emails and traffic Full process tree Get deep technical insights into the Hardware | Cloud malicious files targeting your networks

  16. Detecting malicious documents Emails with malicious attachments widely used in targeted attacks Malware Samples hosted on Moneytaker infrastructure Provides another avenue for detection

  17. TDS Endpoint and Huntbox TDS Huntbox TDS Endpoint Catch and log Link infrastructure changes made used by attackers by malware Send files to Enrich against data Polygon for from all your networks analysis Link suspicious Track the incident processes to from start to finish traffic Respond: clean All TDS Platform and isolate Detections in one infected hosts

  18. Huntbox & EDR – tracking an actor

  19. Huntbox & EDR – tracking an actor

  20. Group-IB Ecosystem After protecting: Getting smarter…

  21. Threat Intelligence UNIQUE COLLECTION DEEP AND DARK WEB INFRASTRUCTURE MONITORING HUMAN TTP FROM THE WILD INTELLIGENCE FINISHED THREAT KNOWLEDGE OF INTELLIGENCE MALWARE & CYBERCRIME TOOLS «Group-IB has the advantage of getting PERSONALIZED DATA visibility on many unique threats» FOR YOUR ORGANISATION

  22. Nation State Espionage

  23. Cybercriminal brand abuse Fraudsters copy legitimate site using similar domain and replace payment details.

  24. Make intelligence actionable Detailed TTPs and unique Tactical indicators Dedicated Team Members Reverse Engineering Requests Underground forum sweeps Attack analysis and recommendations Actionable API data for SIEM & TIP Platforms Group-IB CERT 24/7 monitoring and response

  25. Group-IB Ecosystem Protecting your Customers en-masse

  26. Protecting Clientside Attackers have developed tools and techniques to steal from your customers These need to be detected Group-IB has developed Secure Bank and Secure Portal, for protecting customers online in banking and e-commerce

  27. Session analysis on PC and Mobile Devices Functionality Behavioral Cross-channel analysis analysis IP & Device Botting and RDP fingerprinting Detection Detects code Global user changes & profiling malware Advanced rule Social engine engineering and AML detection Deploys via Javascript or SDK

  28. Investigating with Secure Bank

  29. Group-IB Ecosystem Suggestions and Review

  30. Consulting & Response Cyber Security Services You can remain unaware for months of hidden but active Security Investigations threats in networks Assessments and Computer Penetration Forensics Compromise assessment Testing allows for analyst driven detection, advisory and Incident assessment of previously Red Teaming Response undetected attacks From multiple actors… Compromise Pre-Incident Assessments Response Already available and used in ASEAN and APAC

  31. Review – Security driven by Intelligence

  32. Thank you for your attention! Questions? Tim Bobak APAC Sales Director Group-IB Twitter: @enablethemacros Email: bobak@group-ib.com

Recommend


More recommend