Slide 1 - Iktissad Events
Download
Report
Transcript Slide 1 - Iktissad Events
The Cyber Defense center and its
services portfolio
McAfee Professional Services – Foundstone Services
DISCUSSION TOPICS
Intro
Services
Threat Landscape.
Threat Intelligence.
The CDC
Physical
Presence
Regional
Support
Reactive,
Proactive,
Quality
Mgt
CERT
Incident
Response
Reactive
What is it?
CERT
• Incident
Handling
Computer
• Vulnerability
Handling
Emergency
Response
Team
• Artifact
Handling
Computer
Forensics
Security Quality
Management
Training
Proactive
• Announcements
• Technology Watch
• Security Audits or
Assessments
• Configuration and
Maintenance of Security
Tools, Applications, and
Infrastructures
Mobile
Forensics• Development of Security Tools
• Intrusion Detection Services
• Threat Intelligence
Cyber
Defense
Center
• Risk Analysis
• Business Continuity and
Disaster Recovery Planning
• Security Consulting
• Awareness Building
• Education/Training
• Product Evaluation
Advanced
Malware
Analysis
Computer Emergency Response Team (CERT)
Contextual
Threat
intelligence
Strategic
Services/Ass
essments
DISCUSSION TOPICS
Threat Landscape.
Services.
Threat Intelligence.
•
Spotlight Qatar
[1]
Qatar
86.2% internet penetration by June 2012 [2]
Highest GDP per capita by 2012 [3]
66% higher malware rate vs. worldwide in
Q2 2012 [4]
Critical infrastructure directly tied to largest
segment of economy
[1]
McAfee Foundstone EMEA Cyber Defense Centre
[2] InternetWorldFacts.com
[3] CIA
World Factbook
Security Intelligence Report – Volume 13
[4] Microsoft
Threat Intelligence
Cyber Defense Centre – A Threat Intelligence System
Developed in ME.
Focused on E(ME)A.
Open Source Intelligence
Public & Underground
Private data sources & API’s
Cryptolocker Infections Gulf Region
250
200
150
100
50
0
KSA
UAE
Yemen
Oman
Qatar
Kuwait
Bahrain
Threat Intelligence
Threat Intelligence
Qatari Hackers
Loosely organized
Members of general Arabic hacking discussion groups
Small footprint compared to other Arab hacker communities
Threat Profile - Islamic Security
6,861 members and 55,279+ posts since May, 2012.
Administrators include: aBo aLi, Mr.Dm4r, Lov3rDns
Topics Include: - Hacking Tutorials and Targets
- Tool Development and Distribution
- Services and Tools for Sale
- “Achievements” of Intrusions
Islamic Security – Posts Per Day
350
300
250
200
150
100
50
0
Islamic Security – Attachment Uploads Per
Day
10
9
8
7
6
5
4
3
2
1
0
Islamic Security – Tool Sharing
Islamic Security – Tool Sharing
Threat Intelligence
Profile: Qatar-Attack
61 reported hackings
Methods:
Defacements via SQL,
file upload, XSS and DDOS
using open source tools
Attacked domains in 11+
countries on 5 continents
Maintains or contributes videos
and blog posts that assist others
in hacking
Threat Intelligence
Profile: Qatar-Attack
Names:
Emails:
Twitter:
YouTube:
Domains:
Affiliations:
Qatar-Attack
DB-Attack
Qatar-Sniper
n1tr0g3n / n1tr0g3n0xid3
MrAboght
alOahTaNi
Aboqhht Qahtani
Naef Alqahtani
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
@MrAboqht
MrAboqht
secur1ty.org
s-war.com
db-attack.com
alm3r3fh Group
v4-team
Threat Intelligence
.QA Domain Hacked Locations
Hosted
Offshore
16%
.QA Hacked
OperatingBSD
Systems
UNIX
WINDOWS
UNKNOWN
LINUX
1%
4%
1%
4%
Hosted in
Qatar
84%
90%
Threat Profile - Islamic Security
6,861 members and 55,279+ posts since May, 2012.
Administrators include: aBo aLi, Mr.Dm4r, Lov3rDns
Topics Include: - Hacking Tutorials and Targets
- Tool Development and Distribution
- Services and Tools for Sale
- “Achievements” of Intrusions
Islamic Security – Attachment Uploads Per
Day
10
9
8
7
6
5
4
3
2
1
0
Trends in attacks
The rise of the RAM Scrapers
Dec 2012
Jan 2013
March 2013
Oct 2012
Example: VSKIMMER
Example: VSKIMMER
Where is the CCArd data?
Example: VSKIMMER
What is the name of the USB stick?
Writing the dumpfile to USB-stick
Example: BlackPOS
Latest in the world of POS
You swipe and pay,
Meanwhile track-data of
your card is send by
SMS to criminal….
Shukran!
EMERGENCY?