Transcript Slide 1 - Iktissad Events

The Cyber Defense center and its
services portfolio
McAfee Professional Services – Foundstone Services
DISCUSSION TOPICS
Intro
Services
Threat Landscape.
Threat Intelligence.
The CDC
Physical
Presence
Regional
Support
Reactive,
Proactive,
Quality
Mgt
CERT
Incident
Response
Reactive
What is it?
CERT
• Incident
Handling
Computer
• Vulnerability
Handling
Emergency
Response
Team
• Artifact
Handling
Computer
Forensics
Security Quality
Management
Training
Proactive
• Announcements
• Technology Watch
• Security Audits or
Assessments
• Configuration and
Maintenance of Security
Tools, Applications, and
Infrastructures
Mobile
Forensics• Development of Security Tools
• Intrusion Detection Services
• Threat Intelligence
Cyber
Defense
Center
• Risk Analysis
• Business Continuity and
Disaster Recovery Planning
• Security Consulting
• Awareness Building
• Education/Training
• Product Evaluation
Advanced
Malware
Analysis
Computer Emergency Response Team (CERT)
Contextual
Threat
intelligence
Strategic
Services/Ass
essments
DISCUSSION TOPICS
Threat Landscape.
Services.
Threat Intelligence.
•
Spotlight Qatar
[1]
Qatar
86.2% internet penetration by June 2012 [2]
Highest GDP per capita by 2012 [3]
66% higher malware rate vs. worldwide in
Q2 2012 [4]
Critical infrastructure directly tied to largest
segment of economy
[1]
McAfee Foundstone EMEA Cyber Defense Centre
[2] InternetWorldFacts.com
[3] CIA
World Factbook
Security Intelligence Report – Volume 13
[4] Microsoft
Threat Intelligence
Cyber Defense Centre – A Threat Intelligence System
 Developed in ME.
 Focused on E(ME)A.
 Open Source Intelligence
 Public & Underground
 Private data sources & API’s
Cryptolocker Infections Gulf Region
250
200
150
100
50
0
KSA
UAE
Yemen
Oman
Qatar
Kuwait
Bahrain
Threat Intelligence
Threat Intelligence
Qatari Hackers
 Loosely organized
 Members of general Arabic hacking discussion groups
 Small footprint compared to other Arab hacker communities
Threat Profile - Islamic Security
6,861 members and 55,279+ posts since May, 2012.
Administrators include: aBo aLi, Mr.Dm4r, Lov3rDns
Topics Include: - Hacking Tutorials and Targets
- Tool Development and Distribution
- Services and Tools for Sale
- “Achievements” of Intrusions
Islamic Security – Posts Per Day
350
300
250
200
150
100
50
0
Islamic Security – Attachment Uploads Per
Day
10
9
8
7
6
5
4
3
2
1
0
Islamic Security – Tool Sharing
Islamic Security – Tool Sharing
Threat Intelligence
Profile: Qatar-Attack
 61 reported hackings
 Methods:
Defacements via SQL,
file upload, XSS and DDOS
using open source tools
 Attacked domains in 11+
countries on 5 continents
 Maintains or contributes videos
and blog posts that assist others
in hacking
Threat Intelligence
Profile: Qatar-Attack
Names:
Emails:
Twitter:
YouTube:
Domains:
Affiliations:
Qatar-Attack
DB-Attack
Qatar-Sniper
n1tr0g3n / n1tr0g3n0xid3
MrAboght
alOahTaNi
Aboqhht Qahtani
Naef Alqahtani
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
@MrAboqht
MrAboqht
secur1ty.org
s-war.com
db-attack.com
alm3r3fh Group
v4-team
Threat Intelligence
.QA Domain Hacked Locations
Hosted
Offshore
16%
.QA Hacked
OperatingBSD
Systems
UNIX
WINDOWS
UNKNOWN
LINUX
1%
4%
1%
4%
Hosted in
Qatar
84%
90%
Threat Profile - Islamic Security
6,861 members and 55,279+ posts since May, 2012.
Administrators include: aBo aLi, Mr.Dm4r, Lov3rDns
Topics Include: - Hacking Tutorials and Targets
- Tool Development and Distribution
- Services and Tools for Sale
- “Achievements” of Intrusions
Islamic Security – Attachment Uploads Per
Day
10
9
8
7
6
5
4
3
2
1
0
Trends in attacks
The rise of the RAM Scrapers
Dec 2012
Jan 2013
March 2013
Oct 2012
Example: VSKIMMER
Example: VSKIMMER
Where is the CCArd data?
Example: VSKIMMER
What is the name of the USB stick?
Writing the dumpfile to USB-stick
Example: BlackPOS
Latest in the world of POS
You swipe and pay,
Meanwhile track-data of
your card is send by
SMS to criminal….
Shukran!
EMERGENCY?