CERT-GOV-GE Activities & International Partnerships

Similar documents

CERT-GOV-GE Activities & Services

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Cyber Security and Critical Information Infrastructure

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

What legal aspects are needed to address specific ICT related issues?

Revealing Botnets Using Network Traffic Statistics

(BDT) BDT/POL/CYB/Circular

About Botnet, and the influence that Botnet gives to broadband ISP

INFORMATION SECURITY REVIEW

Security A to Z the most important terms

Current Threat Scenario and Recent Attack Trends

Korea s experience of massive DDoS attacks from Botnet

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

CYBER ESPIONAGE. Against Georgian Government. (Georbot Botnet) CERT.GOV.GE. LEPL Data Exchange Agency. Ministry of Justice of Georgia

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Security Incident Management Essentials Compiled as a service to the community by Internet2, EDUCAUSE, and REN-ISAC

Detecting peer-to-peer botnets

Perspectives on Cyber Security Strategies & Tactics

How To Perform A Large Scale Attack On A Large Network

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd Riga. Baltic IT&T

How To Perform A Large Scale Attack On A Large Computer System

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

TECHNICAL REPORT. An Analysis of Domain Silver, Inc..pl Domains

CERT's role in national Cyber Security: policy suggestions

Unified Security Management and Open Threat Exchange

WEB ATTACKS AND COUNTERMEASURES

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

Phishing Activity Trends

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

Cybersecurity: Thailand s and ASEAN s priorities. Soranun Jiwasurat

Challenges and Best Practices in Fighting Financial Fraud in Brazil

DNS Firewall Overview Speaker Name. Date

Practical Steps To Securing Process Control Networks

Hong Kong Information Security Outlook 2015 香港資訊保安展望

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

FBI CHALLENGES IN A CYBER-BASED WORLD

Current counter-measures and responses by CERTs

Data Driven Assessment of Cyber Risk:

Cybersecurity Awareness. Part 1

Romanian National Computer Security Incident Response Team CERT-RO.

Automatic Network Protection Scenarios Using NetFlow

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Before the DEPARTMENT OF COMMERCE Internet Policy Task Force

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Using big data analytics to identify malicious content: a case study on spam s

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

Detecting Botnets with NetFlow

Security Incidents And Trends In Croatia. Domagoj Klasić

Next Generation IPS and Reputation Services

Innovations in Network Security

Network Security Forensics

honeytarg Chapter Activities

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness

CERT- EE report: DDoS attacks, e- mail messages with forged sender address and defacements on 1-7 November 2013, aka #OpIndependence

Information Security and Risk Management

Defensible Strategy To. Cyber Incident Response

How To Protect Your Online Banking From Fraud

Cyber security Indian perspective & Collaboration With EU

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Malicious Network Traffic Analysis

GEORGIA S SUCCESSFUL JOURNEY TO E-GOVERNMENT

Tespok Kenya icsirt: Enterprise Cyber Threat Attack Report. Quarter 3 July - September 2013

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Some Perspectives On Cybersecurity. Shernon Osepa Manager Regional Affairs Latin America & Caribbean

Lith Networking and Network Marketing Safety

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION

Incident Reporting Guidelines for Constituents (Public)

NUIT Tech Talk. Peeking Behind the Curtain of Security. Jeff Holland Security Vulnerability Analyst Information & Systems Security/Compliance

1. Exercise: Triage and Basic Incident Handling

Description: Course Details:

Tunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc

Botnets: The Advanced Malware Threat in Kenya's Cyberspace

Security Analytics for Smart Grid

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Security from the Cloud

30 Independent Study. 60 (e.g. lectures, seminars and supervised group activity)

FORTHcert. Internet-Sicherheit fördern kritische Infrastrukturen schützen. Foundation for Research and Technology Hellas Institute of Computer Science

Phishing Activity Trends Report June, 2006

Incident Response Plan for PCI-DSS Compliance

Online Account Takeover. Roger Nettie

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Securing Your Business with DNS Servers That Protect Themselves

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

Security Practices for Online Collaboration and Social Media

DATA SHEET. What Darktrace Finds

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Cyber Security Strategy of Georgia

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

KEY STEPS FOLLOWING A DATA BREACH

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Threat Intelligence UPDATE: Cymru EIS Report. cymru.com

Transcription:

CERT-GOV-GE Activities & International Partnerships Zurich, Switzerland 2014 CERT-GOV-GE Manager David Kvatadze www.dea.gov.ge

CERT-GOV-GE - Structural unit was formed within the Information Security and Policy division of LEPL Data Exchange Agency under the Ministry of Justice of Georgia, which processes, analyses and solves information security incidents.

CERT-GOV-GE Constituency Hosting Providers Critical Information systems subject Banks Pvt. Sector International CERT s Govt. Sector CERT-GOV-GE Internet service providers Military Secret

CERT-GOV-GE Services Services: IP address monitoring service portal; Incident Handling; Penetration test Netflow Sensors (Nfdump & Nfsen); Web-Site Intrusion Detection (Threat Factor); Safe DNS Georgia; Training on Cyber Incident Handling; Check My IP; Other activities: Georgian Information Security Forum (Abuse Forum); Information Security Awareness:

CERT-GOV-GE We are members of the following organizations: The Cyber security Executing Arm Of The UNITED NATIONS SPECIALISED AGENCY of The International Telecommunication Union (ITU) We are full members of FIRST. FIRST is the Forum of Incident Response and Security Teams. The Trusted Introducer - a.k.a. TI - is the trusted backbone of the Security and Incident Response Team community in Europe. Certifications: All Our Team members are Certified by SANS GIAC

CERT-GOV-GE (Computer Emergency Response Team) Our Partners: www.impact-alliance.org www.trusted-introducer.org www.nato.int www.shadowserver.org www.team-cymru.org www.arbornetworks.com www.arakis.pl www.eset.com www.microsoft.com www.symantec.com http://www.cert.pl/ www.cert.at CERT-EE www.cert.ee/ www.quarantainenet.nl

Infected 10 000 IP Addresses Infected 5 000 IP Addresses Infected 1 500 IP Addresses Infected 500 IP Addresses Infected 100 IP Addresses 15-20 Phishings 25-30 Deface Web-Sites

http://thehackernews.com/2012/03/albania-is-most-malware-infected-nation.html

CERT-GOV-GE Services IP address monitoring service portal Since 2012

Check My IP Your IP address is: 146.255.225.150 Infection type: ZeuS Detailed Information

Check My IP Your IP address is: 146.255.225.150 Infection type: ZeuS Short description of infection type: Zeus is a Trojan horse that steals banking information by Man-in-the-browser keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Command & Control: 89.232.125.112 Date: 27 მაისი 2013 11:23:15 PM

Check My IP Your IP address is: 146.255.225.150 Infection type: not found

CERT-GOV-GE Services Incident Handling Since 2011

CERT-GOV-GE Services Penetration test Since 2012 Top 10 commercial tools

CERT-GOV-GE Services NetFlow Sensors (NfDump & NfSen) Analyze NetFlow Data For Security. Detects: SSH Brute Force Attacks. Botnets. ddos Attacks.

CERT-GOV-GE Services Website Intrusion Detection (ThreatFactor) Open Source Project. Monitors Web Pages for Intrusions (Exploits, Hacker Signatures, Information Leakage). Custom Rule Based Detection.

CERT-GOV-GE Services Safe DNS Georgia Integrated with Collective Intelligence Framework. Blocks malware domains and redirecting to warning page. First DNSSEC Enabled Resolver In Georgia.

CERT.GOV.GE Services Training on Cyber Incident Handling Since 2012

CERT-GOV-GE other activities Georgian Information Security Forum (Abuse Forum) Since 2012

Information Security Awareness:

www.facebook.com/certgovge

We are receiving and analyzing information about 12000 infected Georgian IP addresses from our international partner organizations on a daily basis. We shut down approximately 20 phishing sites that are located in Georgian web space on monthly basis. Hackers deface approximately 25 sites in Georgian cyber space on monthly basis. We receive information about 35 infected web sites which are located in Georgian web space on monthly basis.

GOV.GE 100 90 80 70 60 50 40 GOV.GE 30 20 10 0 2011 2012 2013

E-mail: cert@dea.gov.ge Tel: +995 32 291 51 40 Fax: +995 32 291 51 40 Web-page: www.cert.gov.ge www.facebook.com/certgovge

Thank You! Questions? saqartvelo, Tbilisi 0102, wminda nikolozos/n. CxeiZis 2 Mtel.: (+995 32)14 39 81 www.dea.gov.ge www.cert.gov.ge www.e-government.ge