TRIAM - Threat Intelligence Report - April 15
description
Transcript of TRIAM - Threat Intelligence Report - April 15
-
Threat Intelligence ReportApril, 2015
-
2 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
I Executive Summary 3
II Global Data Analysis 4Malicious Activities Source Countries 4
Attack Distribution Top 03 Foreign Attackers 4
III Malware Attacks 6Most Probing Countries 6
Most Probing Countries Unique IP Addresses 7
Most Probing IP Addresses 7
Most Attacking IP Addresses 8
Attacking IP Addresses 10 Attacks 9
Top Vulnerabilities 11
Most Malwares Detected 12
Detected Malware Hashes 13
Cnc IP Addresses & Domains 13
Attacked Protocols 14
IV SIP Attacks 15What is SIP? 15
V Web Attacks 16IP Addresses Conducting Web Based Attacks 16
Web Attack Payloads 16
VI Brute-Force Attacks 18Most Usernames Used 18
Most Passwords Used 18
Top IP Addresses Conducting SSH Attacks 19
Tools Used For SSH Based Attacks 19
VII References 20
VIII About TRIAM 21
IX About Contributors 22
Table of Contents
-
3 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Executive SummaryTo be able to respond to any threat effectively, one mustfirst identify the threat agents, understand their motives and study their means of attack comprehensively, i.e. onemust achieve situational awareness to be able to defendagainst, respond to, or counter a threat.
In an effort to provide situational awareness to the in-dustry stakeholders, about the cyber threat landscape of Pakistan, the TRIAM Threat Intelligence Team is extremely proud to present you this monthly Threat Intelligence re-port for the month of April 2015.
In this edition of our monthly Threat Intelligence report we have observed interesting set of activities being per-formed in Pakistan cyberspace. One of the interesting observations has been the increased number of attacks coming IP Addresses of China coinciding with the Chi-nese Prime Ministers visit to Pakistan in April. The details of these attacks, and all other attacks are documented in this report. The major set of attacks that have been dis-covered recently in Pakistan by global and TISS research and IR teams are summarized as follows:
Equation Group Equation Group is the most advanced APT group found so far and is called the Crown Crea-tor of Cyber Espionage. According to Kaspersky Labs researchers the group is unique in almost every aspect of their activities: they use tools, that are very advanced and expensive to develop, in order to infect victims, re-trieve data and hide activity in a professional way, and also utilize classic spying techniques to deliver malicious payloads to the victims. More details for this advanced APT group can be found on: https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/
Ransomware Ransomware malware is constantly af-fecting Pakistan based organizations with key motive of financial gains. Ransomware works by encrypting data of infected machines belonging to organizations and indi-viduals thus completely blocking the access to the data. The decryption key is sent only if a ransom is paid. There has been exponential increase in number of Ransomware attacks in the year 2015 and taking preventive measures from this threat is highly recommended at all layers.
If you require more details on these threats or are ex-
posed to these or different malwares, please reach out to us for focused and quick response.
This report has been compiled using our advanced threat intelligence gathering platform consisting of sensors like honeypots, web crawlers and aggregators deployed through-out Pakistan. The information obtained using these sensors are then enriched by correlating informa-tion from different sources. Our aim for releasing these monthly reports is to enable all stakeholders in Pakistan to keep abreast with on-going threats and remain vigi-lant in protecting their networks from potential attacks. Trillium will soon make these threat feeds available to Pakistan based organizations so that their Security Infor-mation and Event Management (SIEM) systems, Firewalls and Intrusion Detection / Prevention Systems can be fed to provide protection against Pakistan specific attacks.
In month of Aprilinformation gathered from our sensors indicates that:
Multiple IP addresses particularly from China have been probing Pakistan cyberspace actively and look-ing for vulnerabilities to exploit.
Attacks of different nature that materialized and had a major impact have been observed coming from Romania, China and Brazil.
Among the detected malwares that are most active in Pakistan cyberspace, 96% activity has been ob-served for Net-Worm.Win32.Kido.ih an infamous worm that hogs network resources and is spread by exploiting Microsoft OS specific vulnerabilities.
The details of information gathered by our sensors are described further in this report.We hope that you find this months report useful and feel free to contact us with any feedback.DFIR Research team, Threat Intelligence
www.triam.com.pkwww.infosecurity.com.pk
-
4 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Global Data AnalysisThis section presents analysis of attack data from sensors deployed at different places in Pakistan. We process millions of log entries and security alerts that are being captured by our custom and purpose built sensors during the threat analysis. In order to provide real time threat intelligence and security alerts to our customers we perform advanced analytics on the collected alerts by correlating security events from multiple sensors
The countries hosting IP addresses that are carrying out malicious activities in Pakistan cyberspace are shown in Figure 1.
Malicious Activities - Source/Host Countries
Figure 1 - Percentage of events by source/host countries
The following figures present the distribution of attack types originating from top three countries hosting the attacking IP addresses. It is quite evident from the following figures that attack type distributions of each originating/hosting country is very different from the other. These figures reflect the fact that attack types, motivation of attackers, and sophistication of attacks are different in different regions of the World.
Attack Distribution - Top 03 Foreign Attackers
Figure 2 - Attacks Originating from IP Addresses Hosted in China
-
5 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Figure 3 - Attacks Originating from IP Addresses Hosted in Romania
Figure 4 - Attacks Originating from IP Addresses Hosted in Brazil
-
6 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Malware AttacksMalware attacks are the major threats being faced by Pakistani organizations. Using the Internet, attackers employ unique malware based techniques to infect their target systems for different reasons varying from creating mere nuisance to stealing credentials to eavesdropping on communication to capturing proprietary and highly confidential information.
Attackers scan the Internet to look-out for vulnerable services and try to exploit them to gain access to the system and ultimately the network. Often root-kits (type of malware) are used to take over and maintain control of a compromised system. The following section of the report will present the latest trends of malware based attacks which were identified based on the information gathered from our sensors during the month of April.
The correlated information from different sensors reveals that there were more than 2,54,000 number of connection attempts to Pakistan cyberspace from different countires of the world. Furthermore, we detected more than 57,000 materialized attacks that were launched in this period. Over 9,000 unique IP addresses tried to establish a connection with our deployed sensors through-out Pakistan at-least once.
After thorough automated analysis and correlation, most of these connection attempts were classified as malicious and were doing intense scanning for figuring out running services (particularly the vulnerable ones) over Pakistan cyberspace.
One of the top IP address that established most number of connections was found to be 89.40.31.192 with more than 38,400 connections. The origin of this IP address was found to be Romania. There were about 1900 unique IP addresses that succeeded in exploiting a particular vulnerability and uploaded some malware. Total number of attacks launched during this time period was more than 57,000.
One of the top IP addresses that initiated most number of attacks was found to be 89.40.31.192 with about 12,300 successful attacks. The origin of this IP address was found to be Romania. The most number of attacks were launched by exploiting MS08-067, MS08-068, MS09-001 vulnerabilities, which could allow remote code execution.
Furthermore, as per our correlated information, port 445 received the highest number of attack traffic with 87.48% of total attacks received. The service hosted on port 445 was SMBD (Server Message Block Daemon).
Further information related to IP addresses trying to make connections and doing attacks, top malware found, top vulnerabilities exploited and top protocol / services exploited is given below.
The IP Addresses from countries doing the most probing and connection attempts are shown in Figure 5. Probing is done to find services running on targeted systems and their corresponding vulnerabilities in the target machines which can be exploited.
Most Probing Countries
Figure 5 - Country Based Conection Distribution
-
7 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
The Figure 6 shows the countries hosting the highest number of unique IP addresses that are found to be making connections and doing probing.
Most Probing Countries Unique IP Addresses
The Figure 7 shows the list of individual IP addresses that are found to be making connections and doing probing.
Most Probing IP Addresses
IP Addresses Connection Attempts Country
89.40.31.192 38,444 Romania
117.239.228.134 33,135 India
103.24.97.190 16,326 Pakistan
196.29.120.73 15,661 Ghana
94.248.197.73 10,788 Hungary
46.241.224.234 7,181 Armenia
78.106.81.248 6,639 Russian Federation
89.179.28.158 6,271 Russian Federation
128.75.169.45 4,830 Russian Federation
128.74.198.210 4,781 Russian Federation
Table 1 - IP Address Based Connection Distribution
Table 1, shows a list of Top 10 unique IP addresses that established highest number of connection attempts.
Figure 7 - IP Based Conection Distribution
Figure 6 - Country Based Unique IP Distribution
-
8 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Figure 8 gives the list of individual IP addresses that initiated most number of malware attacks by successfully exploiting vulnerabilities.
Most Attacking IP Addresses
IP Addresses Successful Attacks Country
89.40.31.192 12357 Romania
117.239.228.134 10680 India
196.29.120.73 7266 Ghana
46.241.224.234 3576 Armenia
94.248.197.73 3402 Hungary
78.106.81.248 2175 Russian Federation
89.179.28.158 2053 Russian Federation
93.81.179.136 1384 Russian Federation
37.145.174.57 1228 Russian Federation
95.29.232.52 1101 Russian Federation
Table 2 below shows the list of Top 10 IP Addresses that launched highest number of attacks.
Table 2 - IP Address Based Distribution
Figure 8 - IP Address Based Distribution
-
9 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
IP Addresses Successful Attacks Country
89.40.31.192 12357 Romania
117.239.228.134 10680 India
196.29.120.73 7266 Ghana
46.241.224.234 3576 Armenia
94.248.197.73 3403 Hungary
78.106.81.248 2175 Russian Federation
89.179.28.158 2053 Russian Federation
93.81.179.136 1384 Russian Federation
37.145.174.57 1228 Russian Federation
95.29.232.52 1101 Russian Federation
37.146.102.200 1000 Russian Federation
78.106.128.120 995 Russian Federation
37.145.177.90 934 Russian Federation
89.179.191.88 641 Russian Federation
95.29.208.177 495 Russian Federation
95.29.218.25 364 Russian Federation
59.103.197.121 362 Pakistan
2.94.120.46 358 Russian Federation
128.75.187.7 300 Russian Federation
93.80.248.154 267 Russian Federation
93.80.189.33 259 Russian Federation
189.4.133.231 243 Brazil
93.80.239.232 229 Russian Federation
128.74.221.216 220 Russian Federation
93.81.184.86 220 Russian Federation
187.21.245.55 206 Brazil
37.145.178.237 188 Russian Federation
189.4.134.2 160 Brazil
187.21.246.10 157 Brazil
46.241.229.78 126 Armenia
Attacking IP Addresses - 10 Attacks
Table 3, provides the list of IP addresses that initiated minimum of 10 malware based attacks on Pakistan cyberspace. It is advised to block these IP addresses on your gateways. Please contact us if you would like to have full list of suspicious IP addresses.
-
10 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
IP Addresses Successful Attacks Country
88.158.45.194 120 Romania
128.74.208.154 111 Russian Federation
93.81.170.38 110 Russian Federation
119.154.250.73 100 Pakistan
46.241.232.20 91 Armenia
37.146.72.76 80 Russian Federation
88.158.42.124 78 Romania
187.21.245.175 69 Brazil
46.241.234.236 60 Armenia
213.191.165.250 51 Bulgaria
46.241.234.241 50 Armenia
81.181.81.94 50 Romania
117.214.192.50 48 India
62.221.159.186 47 Bulgaria
37.145.168.50 46 Russian Federation
88.158.43.53 41 Romania
159.224.159.200 39 Ukraine
95.29.237.152 36 Russian Federation
46.241.232.90 35 Armenia
79.121.38.197 35 Hungary
117.220.141.170 24 India
176.63.146.35 24 Hungary
37.144.248.0 23 Russian Federation
176.73.36.100 21 Georgia
59.103.195.49 20 Pakistan
117.220.136.36 19 India
88.158.45.192 19 Romania
93.80.161.229 19 Russian Federation
92.87.135.28 16 Romania
46.241.243.195 14 Armenia
79.46.167.207 12 Italy
37.145.184.205 11 Russian Federation
37.145.148.107 10 Russian Federation
Table 3 - IP Address Based Distribution - 10 Attacks
-
11 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Top 10 Vulnerabilities
Below is the list and details of vulnerabilities that were exploited the most for malware based injection. It is strongly recommended to fully patch all of the known vulnerabilities related to OS and third-party programs installed in your network. You can contact us to perform security assessment of your IT infrastructure for any potential loopholes and vulnerabilities.
VUlneRABIlIty nAme
Unknown ClosePrinter
MS08-67 Net Path Canonicalize
MS06-66 Nw Change Password
MS07-065 QM Create Object Internals
MS05-39 PNP Query Res Conf List
MS05-017 QM Delete Object
MS04-12 Remote Create Instance
MS04-11 DS Roler Upgrade DownLevel
MS04-031 NDdeSetTrustedShareW
MS03-39 Net Add Alternative Computer
MS08-67Vulnerability in Server service that could allow remote code
execution.
http://support.microsoft.com/kb/958644
MS06-66Vulnerabilities in Client Service for NetWare Could Allow Re-
mote Code Execution.
https://technet.microsoft.com/en-us/library/security/ms06-066.
aspx
MS05-39Vulnerability in Plug and Play Could Allow Remote Code Ex-
ecution and Elevation of Privilege.
https://technet.microsoft.com/en-us/library/security/ms05-039.
aspx
MS05-017Vulnerability in Message Queuing Could Allow Code Execu-
tion.
https://technet.microsoft.com/en-us/library/security/ms05-017.
aspx
MS04-12Cumulative Update for Microsoft RPC/DCOM.
https://technet.microsoft.com/en-us/library/security/ms05-017.
aspx
MS04-11Security Update for Microsoft Windows.
https://technet.microsoft.com/en-us/library/security/ms04-011.
aspx
MS08-67Vulnerability in Server service that could allow remote code
execution.
http://support.microsoft.com/kb/958644
MS04-031Vulnerability in NetDDE Could Allow Remote Code Execution.
https://technet.microsoft.com/en-us/library/security/ms04-031.
aspx
MS03-39Buffer Overrun In RPCSS Service Could Allow Code Execution.
https://technet.microsoft.com/en-us/library/security/ms04-011.
aspx
MS07-065Vulnerability in Message Queuing Could Allow Remote Code
Execution.
https://technet.microsoft.com/en-us/library/security/ms07-065.
aspx
Table 4 - Top 10 Vulnerabilities
-
12 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Top Few Detected MalwaresTable 5 gives the list of most malwares that have been detected in Pakistan cyberspace. The naming convention used for these malwares is based on Kaspersky detection. You can find the same malware with different name which are given to them by other antivirus engines.
Name Percent
Net-Worm.Win32.Kido.ih 94.12%
Backdoor.Win32.Rbot.bni 2.28%
Net-Worm.Win32.Allaple.e 1.20%
Net-Worm.Win32.Kido.kj 1.08%
Trojan-Downloader.Win32.Kido.bu
-
13 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Following tables show the list of IP addresses and domain names that are found to be malicious and were communicating with infected machines
CnC IP Addresses & Domains
IP Addresses Country
221.8.69.25 China
204.27.59.22 India
195.22.26.231 Portugal
195.223.0.0 Italy
212.184.0.0 Germany
149.20.56.32 United States
149.20.56.33 United States
149.20.56.34 United States
221.8.69.25 China
54.235.146.190 United States
54.235.146.225 United States
216.146.38.70 United States
216.146.39.70 United States
216.146.43.70 United States
91.198.22.70 United Kingdom
128.30.52.37 United States
204.95.99.86 United States
Table 7 - CnC IP Addresses
Domains
xqpjtkqid.biz
yeigidwnrda.ws
zwvnfggq.ws
smcxq.biz
abyoqc.cn
ztcabv.cn
gwjewwqgig.cn
pdcpbbkit.cn
xiammogc.cn
checkip.dyndns.com
xdz.no-ip.orgTable 8 - CnC Domains
-
14 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Attacked Protocols
Table 9, below, shows the list of protocols which were found being exploited for most number of attacks.
PRotoCol exPloItAtIonS
SMB 87.48%
SIP 4.94%
MSSQL 3.85%
MYSQL 1.55%
HTTP 1.24%
EPMAP
-
15 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
SIP AttacksWhat is SIP
The Session Initiation Protocol (SIP) is a communication protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls, as well as instant messaging using Internet Protocol (IP) networks.
SIP Attacks divisionMost SIP attacks can be divided into two groups. First represents various types of a PBX scanning and probing. Attacker send OPTION message and wait for an answer or simply try to place a call with immediate cancellation (It means INVITE message followed by CANCEL message). The second group represents flood attacks using REGISTER message. REGISTER message is used by a user agent to register to the registrar (SIP Server). An attacker sends continuous REGISTER messages to the SIP Server in order to downgrade the Server performance and ultimately making it inaccessible for authorized users.
Register flooding attackApplication layer attack on the Session Initiation Protocol (SIP) is used in VoIP services, targeted at causing denial of service to SIP servers. A SIP register flood consists of sending a high volume of SIP register packets to SIP servers, therefore exhausting their bandwidth and resources. 96% messages type were REGISTER based in our sensors.
SIP Message No. of Distinct Connections Total Messages
Register 3862 73448
Table 10 - SIP REGISTER Message
Malicious IP Total
85.25.160.106 42037
212.129.61.222 9909
188.138.26.190 18088
195.154.39.5 3057
212.83.137.238 211
Table 11 - SIP Malicious IP Addresses
-
16 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Web AttacksAs websites and web based applications are rapidly growing so are the threats. Complex business applications are now being delivered over the web (HTTP) and paving way for attackers to exploit any kind of vulnerability.The following section presents important data relevant to the web attacks faced by Pakistan cyberspace.
The countries hosting IP Addresses performing the most attacks are shown in Figure 9:
Top Few Countries WithMost Web Attacks
IP Addresses Attacks % Countries
66.74.17.157 21.25% United States
176.99.122.190 17.70% Ukraine
176.10.99.200 13.21% Switzerland
212.83.167.175 10.45% France
118.138.9.49 10.33% Germany
176.10.99.201 9.12% Switzerland
18.239.0.155 7.95% United States
176.126.252.12 5.82% Romania
69.197.148.26 2.18% United States
109.163.234.4 1.99% Romania
Table 12 - IP Addresses Conducting Web Based Attacks
Figure 9 - Countries with Web Based Attacks
Following is the list of IP addresses which are found to be launching highest number of Web attacks. It is recommended to block these IP addresses to secure your system from such attacks.
Top Few IP Addresses -Most Web Attacks
-
17 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Figure 10 - Web Based Attacks
Among the type of attacks that we observed, SQL injection was seen the most in Pakistan cyberspace.
Top FewWeb Attacks
-
18 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Brute-Force AttacksA brute-force attack is the simplest method to gain access to an application or operating system by applying different credentials. In brute-force attack, an attacker tries different but exhaustive combinations of usernames and passwords, over and over again, until he is successfully logged-in. The following section presents the data relevant to brute-force activities performed on SSH protocol in Pakistan cyberspace.
Below table lists the most user attempts seen in Pakistan for SSH. The root username was tried the most number of times. It is strongly recommended to avoid such user names or use complex user names or two factor authentications.
Most CommonlyUsed Usernames
Username Attempts
root 119497
ubnt 251
admin 113
guest 28
test 26
support 23
tester 14
testing 14
user 12
Table 13 - Most Usernames Used
Below table lists the most attempted passwords. The admin password was tried the most number of times. It is strongly recommended to avoid these types of passwords.
Most Commonly Used Passwords
Password Attempts
admin 88
root 82
123456 70
ubnt 67
password 62
1qaz2wsx 57
passw0rd 29
1q2w3e4r 29
!qaz@wsx 28
qwerty 25
abc123 25
Table 14 - Most Passwords Used
-
19 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Below table lists the IP addresses with origin that have carried out maximum SSH attacks in Pakistan cyberspace. It is strongly recommended to block these IP address on gateway level.
Top few IP Addresses Conducting SSH Attacks
IP Address Attempts Country
58.218.199.49 1538 China
61.160.213.190 1302 China
58.218.204.245 1241 China
58.218.213.254 1175 China
221.229.166.28 1157 China
117.21.174.111 1150 China
58.218.204.226 1149 China
221.229.166.27 1138 China
58.218.204.248 1087 China
58.218.199.195 1040 China
Table 15 - IP Addresses Conducting SSH Attacks
Below is the list of tools that were used to gain access on SSH in Pakistan cyberspace.
Mostly Used Tools For SSH Based Attacks
Tools Connections
SSH-2.0-PUTTY 40138
SSH-2.0-libssh2_1.4.3 1962
SSH-2.0-libssh2_1.4.1 620
SSH-2.0-JSCH-0.1.51 90
SSH-2.0-libssh2_1.5.0 72
SSH-2.0-PuTTY_Release_0.63 34
SSH-2.0-Granados-1.0 24
SSH-2.0-PuTTY_Local:_May_14_2009_21:12:18
20
SSH-2.0-libssh2_1.4.2 12
Table 16 - Tools Used For SSH Attacks
-
20 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
list of Figures
Figure 1 - Percentage of events by source countries 4
Figure 2 - Attacks Originating from IP Addresses Hosted in China 4
Figure 3 - Attacks Originating from IP Addresses Hosted in Romania 5
Figure 4 - Attacks Originating from IP Addresses Hosted in Brazil 5
Figure 5 - Country Based Connection Distribution 6
Figure 6 - Country Unique IP Distribution 7
Figure 7 - IP Based Connection Distribution 7
Figure 8 - IP Address Based Distribution 8
Figure 9 - Countries with Web Based Attacks 16
Figure 10 - Web Based Attacks 17
list of tables
Table 1 - IP Address Based Connection Distribution 6
Table 2 - IP Address Based Distribution 7
Table 3 - IP Based Distribution 10 Attacks 8
Table 4 - Top 10 Vulnerabilities 10
Table 5 - Top Malwares Detected 12
Table 6 - Detected Malware Hashes 12
Table 7 - CnC IP Addresses 13
Table 8 - CnC Domains 13
Table 9 - Attacked Protocols 14
Table 10 - SIP REGISTER Message 15
Table 11 - SIP Malicious IP Addresses 15
Table 12 - IP Addresses Conducting Web Based Attacks 16
Table 13 - Most Usernames Used 18
Table 14 - Most Passwords Used 18
Table 15 - IP Addresses Doing SSH Attacks 19
Table 16 - Tools Used For SSH Attacks 19
-
21 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
About TRIAMWith almost a decade of experience, expertise and leadership in the information security market, Trillium Information Security Systems (Pvt) Ltd. has launched Pakistans first and only focused Managed Security Service Provider brand TRIAM.
TRIAMs portfolio of information security services is backed by the industrys leading minds. Our team has an accumulated experience of more than 150 years of delivering successful information security projects to leading enterprises from all industry verticals of Pakistan, and the region. In addition to our industry experience, TRIAM researchers have published over 45 research papers thereby enabling TRIAM to explore/study/understand niche areas of the information security domain.
TRIAM is hence launched as the one of the regions most skilled and experienced information security service provider delivering services to customers that are backed by world leading threat intelligence.
TRIAM Service Portfolio
Security monitoring Stored Data Security Analytics
Real-Time Data Security Analytics
Digital Forensics & Incident Response Services malware Analysis Digital Forensics & Investigation
Incident Handling & Reporting
Security Assessment Services Application Security Assessment
Infrastructure Security Assessment threat Intelligence Services threat Feeds Botnet tracking Threat Notifications
-
22 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
About ContributersThis research has been conducted by Trillium Information Security Systems (TISS) in collaboration with Applied Security Engineering Research Group at the COMSATS Institute of Information Technology.
We would like to thank the team members of the TRIAM Threat Intelligence Team and the TISS OPSEC Team for their attention and contribution to the publication of this report.
For more InformationTo learn more about Trillium Information Security Systems and its brand TRIAM, please visit:
infosecurity.com.pktriam.com.pk
-
23 Threat Intelligence Report
Copyrights 2015 - Trillium Information Security Systems (Pvt) Ltd.
Copyright Trillium Information Security Sys-tems (Pvt) Ltd. 2015
Trillium Information Security Systems (Pvt) Ltd.Head Office10th Floor, AWT Plaza,5-The Mall,Rawalpindi, Pakistan.46000
Produced in the Islamic Republic of Pakistan.March 2015
This document is current as of the initial date of publication and may be changed by Trillium Information Security Systems at any time.
The information contained in this guide is for ed-ucational and awareness purposes only. There is no way TISS may be responsible for any misuse of the information.
All the information contained in this document is meant for developing information security de-fense skills among the recipients of this docu-ment in order to help in preventing malicious at-tacks.
The information in this document is provided as is without any warranty, express or implied.
-
Threat Intelligence Team