The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone...
-
Upload
rudolph-gilbert -
Category
Documents
-
view
220 -
download
0
Transcript of The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone...
![Page 1: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/1.jpg)
The Cyber Defense center and its services portfolio
McAfee Professional Services – Foundstone Services
![Page 2: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/2.jpg)
Intro Threat Landscape.Services
DISCUSSION TOPICS
Threat Intelligence.
![Page 3: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/3.jpg)
The CDC
Physical Presence CERT
Regional Support
Reactive, Proactive,
Quality Mgt
![Page 4: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/4.jpg)
Cyber Defense Center
Incident Response
Training
Advanced Malware Analysis
Strategic Services/Ass
essments
Contextual Threat
intelligence
Mobile Forensics
Computer ForensicsWhat is it?
CERT Computer
Emergency Response Team
Reactive ProactiveSecurity Quality
Management
• Incident Handling• Vulnerability Handling• Artifact Handling
• Announcements• Technology Watch• Security Audits or
Assessments• Configuration and
Maintenance of Security Tools, Applications, and Infrastructures
• Development of Security Tools
• Intrusion Detection Services• Threat Intelligence
• Risk Analysis• Business Continuity and
Disaster Recovery Planning• Security Consulting• Awareness Building• Education/Training• Product Evaluation
Computer Emergency Response Team (CERT)
![Page 5: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/5.jpg)
Threat Landscape.
Services.
DISCUSSION TOPICS
Threat Intelligence.
![Page 6: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/6.jpg)
•
![Page 7: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/7.jpg)
Spotlight Qatar
Qatar86.2% internet penetration by June 2012 [2]
Highest GDP per capita by 2012 [3]
66% higher malware rate vs. worldwide in Q2 2012 [4]
Critical infrastructure directly tied to largest segment of economy
[1] McAfee Foundstone EMEA Cyber Defense Centre[2] InternetWorldFacts.com[3] CIA World Factbook [4] Microsoft Security Intelligence Report – Volume 13
[1]
![Page 8: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/8.jpg)
Threat Intelligence
Cyber Defense Centre – A Threat Intelligence System Developed in ME.
Focused on E(ME)A.
Open Source Intelligence Public & Underground
Private data sources & API’s
![Page 9: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/9.jpg)
Cryptolocker Infections Gulf Region
KSA UAE Yemen Oman Qatar Kuwait Bahrain0
50
100
150
200
250
![Page 10: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/10.jpg)
Threat Intelligence
![Page 11: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/11.jpg)
Threat Intelligence
Qatari Hackers
Loosely organized
Members of general Arabic hacking discussion groups
Small footprint compared to other Arab hacker communities
![Page 12: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/12.jpg)
Threat Profile - Islamic Security
6,861 members and 55,279+ posts since May, 2012.Administrators include: aBo aLi, Mr.Dm4r, Lov3rDns
Topics Include: - Hacking Tutorials and Targets- Tool Development and Distribution- Services and Tools for Sale- “Achievements” of Intrusions
![Page 13: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/13.jpg)
Islamic Security – Posts Per Day
5/25
/08
6/12
/08
6/30
/08
7/18
/08
8/5/
08
8/23
/08
9/10
/08
9/28
/08
10/1
6/08
11/3
/08
11/2
1/08
12/9
/08
12/2
7/08
1/14
/09
2/1/
09
2/19
/09
3/9/
09
3/27
/09
4/14
/09
5/2/
09
5/20
/09
6/7/
09
6/25
/09
7/13
/09
7/31
/09
8/18
/09
9/5/
09
9/23
/09
10/1
1/09
10/2
9/09
11/1
6/09
12/4
/09
12/2
2/09
1/9/
10
1/27
/10
0
50
100
150
200
250
300
350
![Page 14: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/14.jpg)
Islamic Security – Attachment Uploads Per Day
5/25
/08
6/11
/08
6/28
/08
7/15
/08
8/1/
08
8/18
/08
9/4/
08
9/21
/08
10/8
/08
10/2
5/08
11/1
1/08
11/2
8/08
12/1
5/08
1/1/
09
1/18
/09
2/4/
09
2/21
/09
3/10
/09
3/27
/09
4/13
/09
4/30
/09
5/17
/09
6/3/
09
6/20
/09
7/7/
09
7/24
/09
8/10
/09
8/27
/09
9/13
/09
9/30
/09
10/1
7/09
11/3
/09
11/2
0/09
12/7
/09
12/2
4/09
1/10
/10
0
1
2
3
4
5
6
7
8
9
10
![Page 15: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/15.jpg)
Islamic Security – Tool Sharing
![Page 16: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/16.jpg)
Islamic Security – Tool Sharing
![Page 17: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/17.jpg)
Threat Intelligence
Profile: Qatar-Attack 61 reported hackings
Methods:Defacements via SQL,file upload, XSS and DDOSusing open source tools
Attacked domains in 11+
countries on 5 continents
Maintains or contributes videos
and blog posts that assist others
in hacking
![Page 18: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/18.jpg)
Threat Intelligence
Profile: Qatar-AttackNames: Qatar-Attack
DB-AttackQatar-Sniper
n1tr0g3n / n1tr0g3n0xid3
MrAboght
alOahTaNi
Aboqhht Qahtani
Naef Alqahtani
Emails: [email protected]
[email protected]@windowslive.com
Twitter: @MrAboqht
YouTube: MrAboqht
Domains: secur1ty.org
s-war.comdb-attack.com
Affiliations: alm3r3fh Group
v4-team
![Page 19: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/19.jpg)
Threat Intelligence
.QA Domain Hacked Locations .QA Hacked Operating Systems
90%
4%
1%
4%
1%
LINUX UNIX WINDOWS BSD UNKNOWN
Hosted in Qatar84%
Hosted Offshore
16%
![Page 20: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/20.jpg)
Threat Profile - Islamic Security
6,861 members and 55,279+ posts since May, 2012.Administrators include: aBo aLi, Mr.Dm4r, Lov3rDns
Topics Include: - Hacking Tutorials and Targets- Tool Development and Distribution- Services and Tools for Sale- “Achievements” of Intrusions
![Page 21: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/21.jpg)
Islamic Security – Attachment Uploads Per Day
5/25
/08
6/11
/08
6/28
/08
7/15
/08
8/1/
08
8/18
/08
9/4/
08
9/21
/08
10/8
/08
10/2
5/08
11/1
1/08
11/2
8/08
12/1
5/08
1/1/
09
1/18
/09
2/4/
09
2/21
/09
3/10
/09
3/27
/09
4/13
/09
4/30
/09
5/17
/09
6/3/
09
6/20
/09
7/7/
09
7/24
/09
8/10
/09
8/27
/09
9/13
/09
9/30
/09
10/1
7/09
11/3
/09
11/2
0/09
12/7
/09
12/2
4/09
1/10
/10
0
1
2
3
4
5
6
7
8
9
10
![Page 22: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/22.jpg)
Trends in attacks
RAM Scrapers
Malware targeting phone and computer
ATM attacks
![Page 23: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/23.jpg)
![Page 24: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/24.jpg)
Dexter
Dec 2012
Vskimmer
Jan 2013
BlackPOS
March 2013
Alina
Oct 2012
The rise of the RAM Scrapers
![Page 25: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/25.jpg)
Example: VSKIMMER
![Page 26: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/26.jpg)
Example: VSKIMMER
Where is the CCArd data?
![Page 27: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/27.jpg)
Example: VSKIMMER
What is the name of the USB stick?
Writing the dumpfile to USB-stick
![Page 28: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/28.jpg)
Example: BlackPOS
DEMO
![Page 29: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/29.jpg)
Latest in the world of POS
You swipe and pay,Meanwhile track-data of your card is send by SMS to criminal….
Shukran!
![Page 31: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/31.jpg)
![Page 32: The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services.](https://reader035.fdocuments.in/reader035/viewer/2022062421/56649e4a5503460f94b3efac/html5/thumbnails/32.jpg)
T H A N KY O U !