group ib security ecosystem
play

Group-IB Security Ecosystem Portfolio update Tim Bobak APAC Sales - PowerPoint PPT Presentation

Jan 31, 2023 •429 likes •765 views

Group-IB Security Ecosystem Portfolio update Tim Bobak APAC Sales Director Group-IB Moneytaker Case Study Moneytaker Investigation Tracking started in Autumn of 2016 after first Russian Incident What happened after the breaches? Thefts from

  1. Group-IB Security Ecosystem Portfolio update Tim Bobak APAC Sales Director Group-IB

  2. Moneytaker Case Study Moneytaker Investigation Tracking started in Autumn of 2016 after first Russian Incident

  3. What happened after the breaches? Thefts from card processing and other payment systems

  4. Document exfiltration Confidential documents, Personal Data SWIFT and security guidelines

  5. Breaches go public But Group-IB stopped other attacks on US banks

  6. How did we investigate Attackers used SSL certificates across multiple campaigns and attack infrastructure

  7. What do we use? We survey the internet daily

  8. Group-IB Ecosystem Threat Intelligence Driven Products

  9. How our ecosystem is developed Very few companies globally have the infrastructure to create Threat Intelligence driven cyber security products Group-IB Infrastructure Analyst Driven Experience & TI • HoneyNet and botnet analysis • Forensics • Hacker community infiltration • Investigations • Open-source monitoring • Malware monitoring and research • ISP Level Sensors • CERT-GIB request database • IDS, EDR & Sandbox deployments • Security assessment • Clientside malware detection • Domain & Registrar data

  10. Early warning system to hunt attackers

  11. Threat Detection System TDS Endpoint TDS Sensors TDS Sandbox Huntbox Threat Detection System is a multi-part platform designed to cover all attack avenues inside of your network

  12. Attack Vectors covered Integrated modules to cover popular attack vectors Browser Customer Mail Local network Supply chain facing apps TDS Endpoint TDS Endpoint TDS Sensor TDS Sensor TDS Polygon TDS Sensor TDS Polygon TDS Endpoint TDS Endpoint How can you use this to catch a Moneytaker?

  13. TDS Sensor In-depth traffic Encrypted Traffic inspection Analysis Analyses DNS, HTTP, Hop Mechanisms to work with hidden HTTP / HTTPS, SMB and more channels, DG Algorithms Unique signatures Detect Lateral movement Proprietary data from exclusive Detects tools and techniques used sources written by our team by attackers for persistence

  14. Detecting network activity Usage Socks on port 7080 and 1808 VNC clients like as Fileless VNC, VNC, UltraVNC In the US, they used the LogMeIn Hamachi

  15. TDS Sandbox Unparalleled Stops Anti-evasion Detection Techniques Detailed reports for Extremely low false further investigation positive rates File extraction from Retrospective analysis emails and traffic Full process tree Get deep technical insights into the Hardware | Cloud malicious files targeting your networks

  16. Detecting malicious documents Emails with malicious attachments widely used in targeted attacks Malware Samples hosted on Moneytaker infrastructure Provides another avenue for detection

  17. TDS Endpoint and Huntbox TDS Huntbox TDS Endpoint Catch and log Link infrastructure changes made used by attackers by malware Send files to Enrich against data Polygon for from all your networks analysis Link suspicious Track the incident processes to from start to finish traffic Respond: clean All TDS Platform and isolate Detections in one infected hosts

  18. Huntbox & EDR – tracking an actor

  19. Huntbox & EDR – tracking an actor

  20. Group-IB Ecosystem After protecting: Getting smarter…

  21. Threat Intelligence UNIQUE COLLECTION DEEP AND DARK WEB INFRASTRUCTURE MONITORING HUMAN TTP FROM THE WILD INTELLIGENCE FINISHED THREAT KNOWLEDGE OF INTELLIGENCE MALWARE & CYBERCRIME TOOLS «Group-IB has the advantage of getting PERSONALIZED DATA visibility on many unique threats» FOR YOUR ORGANISATION

  22. Nation State Espionage

  23. Cybercriminal brand abuse Fraudsters copy legitimate site using similar domain and replace payment details.

  24. Make intelligence actionable Detailed TTPs and unique Tactical indicators Dedicated Team Members Reverse Engineering Requests Underground forum sweeps Attack analysis and recommendations Actionable API data for SIEM & TIP Platforms Group-IB CERT 24/7 monitoring and response

  25. Group-IB Ecosystem Protecting your Customers en-masse

  26. Protecting Clientside Attackers have developed tools and techniques to steal from your customers These need to be detected Group-IB has developed Secure Bank and Secure Portal, for protecting customers online in banking and e-commerce

  27. Session analysis on PC and Mobile Devices Functionality Behavioral Cross-channel analysis analysis IP & Device Botting and RDP fingerprinting Detection Detects code Global user changes & profiling malware Advanced rule Social engine engineering and AML detection Deploys via Javascript or SDK

  28. Investigating with Secure Bank

  29. Group-IB Ecosystem Suggestions and Review

  30. Consulting & Response Cyber Security Services You can remain unaware for months of hidden but active Security Investigations threats in networks Assessments and Computer Penetration Forensics Compromise assessment Testing allows for analyst driven detection, advisory and Incident assessment of previously Red Teaming Response undetected attacks From multiple actors… Compromise Pre-Incident Assessments Response Already available and used in ASEAN and APAC

  31. Review – Security driven by Intelligence

  32. Thank you for your attention! Questions? Tim Bobak APAC Sales Director Group-IB Twitter: @enablethemacros Email: bobak@group-ib.com

Recommend

Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways

Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways

Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways Bradley Reaves , Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, Kevin R. B. Butler Florida Institute of Cyber Security (FICS) SMS Ecosystem Cell

404 views • 14 slides
Privacy & Security at Henry Ford Health System 2 THE HFHS ECOSYSTEM $6 Billion in

Privacy & Security at Henry Ford Health System 2 THE HFHS ECOSYSTEM $6 Billion in

Evolution of Privacy & Security at Henry Ford Health System 2 THE HFHS ECOSYSTEM $6 Billion in Revenues 1300+ Member Medical Group $200 Million in uncompensated 1000+ Member Physician Network care (Non-Employed &

335 views • 22 slides
Ocean ecosystem conservation and seafood security for future generation A case study of

Ocean ecosystem conservation and seafood security for future generation A case study of

Ocean ecosystem conservation and seafood security for future generation A case study of ecosystem g y y approach to fisheries and the adaptive management of the Shiretoko World Natural Heritage Site g

950 views • 37 slides
The Role of Government in Securing the CAV Ecosystem Sevvy Palmer AESIN Security Conference,

The Role of Government in Securing the CAV Ecosystem Sevvy Palmer AESIN Security Conference,

The Role of Government in Securing the CAV Ecosystem Sevvy Palmer AESIN Security Conference, Glasgow, 16 th June 2016 The Role of Government in Securing the CAV Ecosystem 1 CAVs present tremendous opportunities safety efficiency mobility

393 views • 11 slides
CSE 484 / CSE M 584 Computer Security: Online Ecosystem Studies TA: Adrian

CSE 484 / CSE M 584 Computer Security: Online Ecosystem Studies TA: Adrian

CSE 484 / CSE M 584 Computer Security: Online Ecosystem Studies TA: Adrian Sham adrsham@cs With material from Franzi and various sources Reminders Homework #3 due tomorrow (5/29) at 5pm Lab

492 views • 32 slides
UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE Maritime Security - Commercial Shipping Security - Cruise Liner Security - Super-Yacht Security Maritime Security Services UCP GROUP is a market

247 views • 22 slides
CSE 484 / CSE M 584 Computer Security: Malware and Online Ecosystem Studies TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: Malware and Online Ecosystem Studies TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: Malware and Online Ecosystem Studies TA: Thomas Crosley tcrosley@cs With material from Franzi, Adrian Sham, and various sources Reminders Homework #3, due May 23th, 8pm (Tomorrow!) Lab #3 due

638 views • 40 slides
The political economy of water security, ecosystem services and livelihoods in the western

The political economy of water security, ecosystem services and livelihoods in the western

The political economy of water security, ecosystem services and livelihoods in the western Himalayas ESPA 2013 PROJECT, REFERENCE NE/ L001365/ 1 Project team University of Cambridge Bhaskar Vira Centre for Development and Research

264 views • 11 slides
Measuring Adoption of Security Additions to the HTTPS Ecosystem Quirin Scheitle July 16, 2018

Measuring Adoption of Security Additions to the HTTPS Ecosystem Quirin Scheitle July 16, 2018

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Measuring Adoption of Security Additions to the HTTPS Ecosystem Quirin Scheitle July 16, 2018 Applied Networking Research Workshop (ANRW)

303 views • 11 slides
SOFTWARE ECOSYSTEM MANJU HEGDE, CORPORATE VP, PRODUCTS GROUP, AMD OUTLINE Motivation HSA

SOFTWARE ECOSYSTEM MANJU HEGDE, CORPORATE VP, PRODUCTS GROUP, AMD OUTLINE Motivation HSA

HETEROGENEOUS SYSTEM ARCHITECTURE (HSA) AND THE SOFTWARE ECOSYSTEM MANJU HEGDE, CORPORATE VP, PRODUCTS GROUP, AMD OUTLINE Motivation HSA architecture v1 Software stack Workload analysis Software Ecosystem 2 PARADIGM SHIFTS.

933 views • 74 slides
National Ecosystem Services Classification System (NESCS) For UNSD SEEA-EEA UNSD Expert Group

National Ecosystem Services Classification System (NESCS) For UNSD SEEA-EEA UNSD Expert Group

Vision, Structure, Scope, and Applicability of the National Ecosystem Services Classification System (NESCS) For UNSD SEEA-EEA UNSD Expert Group Meeting Towards a standard international classification on ecosystem services June 20, 2016

387 views • 37 slides
Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments Seongmin Kim , Juhyeng Han, Jaehyeong Ha, Taesoo Kim *, Dongsu Han * 1 Tor anonymity network Tor: the most popular anonymity network for Internet

600 views • 36 slides
5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

Se minar 5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application Speaker Adam Davis Dave Batker Dr. Ben Guillon Ricardo Bayon 2011 ECOSYSTEM SERVICES SEMINAR SERIES Ecosystem Services Seminar

745 views • 35 slides
Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and

Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and

Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and basis for Suitable for ecosystem services decisions: Monetary terms that we have good knowledge of and is (WTP-studies, cost-benefit

617 views • 4 slides
South Florida South Florida Ecosystem Ecosystem Restoration Restoration I ntegrated Delivery

South Florida South Florida Ecosystem Ecosystem Restoration Restoration I ntegrated Delivery

South Florida South Florida Ecosystem Ecosystem Restoration Restoration I ntegrated Delivery I ntegrated Delivery Schedule Schedule Working Group August 2008 Background May TF: Members requested that we work with WG staff to

254 views • 10 slides
Non-IGMP-specific security or Why not to do security at the IGMP level Dave Thaler

Non-IGMP-specific security or Why not to do security at the IGMP level Dave Thaler

Non-IGMP-specific security or Why not to do security at the IGMP level Dave Thaler dthaler@microsoft.com General Internet Case Group Receiver Group key Content Group Group Key acquisition Node Provider Key Key Server Server

613 views • 10 slides
Ansaldo Energia Group Silvio Straneo - analyst security at Security Department in Ansaldo Energia

Ansaldo Energia Group Silvio Straneo - analyst security at Security Department in Ansaldo Energia

Space technologies at Ansaldo Energia Group Silvio Straneo - analyst security at Security Department in Ansaldo Energia Group 1 Security System SEO is the Security Department of Ansaldo Energia Group spa chaired by Security Officer; the Unit

677 views • 29 slides
Biodiversity and ecosystem function Managing landscapes for multiple ecosystem services

Biodiversity and ecosystem function Managing landscapes for multiple ecosystem services

Biodiversity and ecosystem function Managing landscapes for multiple ecosystem services Christopher Philipson Twitter @PhilipsonChris Biodiversity and ecosystem function: the grassland experiments Cedar Creek in North America

578 views • 25 slides
Ecosystem Natural Capital Accounting (2) ECOSYSTEM NATURAL CAPITAL ACCOUNTS: A QUICK START PACKAGE

Ecosystem Natural Capital Accounting (2) ECOSYSTEM NATURAL CAPITAL ACCOUNTS: A QUICK START PACKAGE

SUB-REGIONAL CAPACITY BUILDING WORKSHOP ON SUSTAINABLE FINANCE AND RESOURCE MOBILIZATION FOR BIODIVERSITY FOR CARICOM MEMBER STATES ST. JOHNS, ANTIGUA AND BARBUDA 18 - 21 MAY 2015 Ecosystem Natural Capital Accounting (2) ECOSYSTEM NATURAL

438 views • 31 slides
Capturing Coral Reef and Related Ecosystem Services What are ecosystem goods and services?

Capturing Coral Reef and Related Ecosystem Services What are ecosystem goods and services?

Capturing Coral Reef and Related Ecosystem Services What are ecosystem goods and services? Provisioning Regulating Cultural Support Benefits that people get from nature Why value ecosystem services? A. National wealth accounts

213 views • 17 slides
Session 3: Ecosystem service classification and links to ecosystem functions and conditions Mark

Session 3: Ecosystem service classification and links to ecosystem functions and conditions Mark

System of Environmental-Economic Accounting Session 3: Ecosystem service classification and links to ecosystem functions and conditions Mark Eigenraam UNSD Forum of Experts in SEEA Experimental Ecosystem Accounting United Nations

508 views • 22 slides
Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type

Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type

Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type Initiatives Ecosystem Status Report Ecosystem Regional Roadmap National Ecosystem Policy January 2018 S taff outlined other

310 views • 12 slides
Advanced Air Mobility Ecosystem Crosscutting Working Group Virtual Kickoff June 2020

Advanced Air Mobility Ecosystem Crosscutting Working Group Virtual Kickoff June 2020

Advanced Air Mobility Ecosystem Crosscutting Working Group Virtual Kickoff June 2020 Organizational Framework and Barriers 1. Public Acceptance 2. Supporting Infrastructure 1. Safe Airspace Ops 3. Operational Integration 2. Efficient

222 views • 5 slides
SECURITY This resource was developed in association with the Rethinking Security Group

SECURITY This resource was developed in association with the Rethinking Security Group

SECURITY This resource was developed in association with the Rethinking Security Group TODAYS BIG QUESTION: What is security? BASIC IDEA: Security means freedom from harm and fear. When there is a lot of harm and fear, there is

691 views • 23 slides

More recommend