CERT-GOV-GE Activities & International Partnerships

Similar documents

CERT-GOV-GE Activities & Services

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Cyber Security and Critical Information Infrastructure

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

What legal aspects are needed to address specific ICT related issues?

Revealing Botnets Using Network Traffic Statistics

(BDT) BDT/POL/CYB/Circular

About Botnet, and the influence that Botnet gives to broadband ISP

INFORMATION SECURITY REVIEW

Security A to Z the most important terms

Current Threat Scenario and Recent Attack Trends

Korea s experience of massive DDoS attacks from Botnet

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

CYBER ESPIONAGE. Against Georgian Government. (Georbot Botnet) CERT.GOV.GE. LEPL Data Exchange Agency. Ministry of Justice of Georgia

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Security Incident Management Essentials Compiled as a service to the community by Internet2, EDUCAUSE, and REN-ISAC

Detecting peer-to-peer botnets

How To Perform A Large Scale Attack On A Large Network

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd Riga. Baltic IT&T

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Unified Security Management and Open Threat Exchange

WEB ATTACKS AND COUNTERMEASURES

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

Cybersecurity: Thailand s and ASEAN s priorities. Soranun Jiwasurat

Practical Steps To Securing Process Control Networks

Hong Kong Information Security Outlook 2015 香港資訊保安展望

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

FBI CHALLENGES IN A CYBER-BASED WORLD

Current counter-measures and responses by CERTs

Data Driven Assessment of Cyber Risk:

Cybersecurity Awareness. Part 1

Romanian National Computer Security Incident Response Team CERT-RO.

Automatic Network Protection Scenarios Using NetFlow

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Using big data analytics to identify malicious content: a case study on spam s

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

Detecting Botnets with NetFlow

Security Incidents And Trends In Croatia. Domagoj Klasić

Next Generation IPS and Reputation Services

Innovations in Network Security

Network Security Forensics

honeytarg Chapter Activities

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness

Information Security and Risk Management

Defensible Strategy To. Cyber Incident Response

How To Protect Your Online Banking From Fraud

Cyber security Indian perspective & Collaboration With EU

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Malicious Network Traffic Analysis

GEORGIA S SUCCESSFUL JOURNEY TO E-GOVERNMENT

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Lith Networking and Network Marketing Safety

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION

Incident Reporting Guidelines for Constituents (Public)

1. Exercise: Triage and Basic Incident Handling

Tunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc

Botnets: The Advanced Malware Threat in Kenya's Cyberspace

Security Analytics for Smart Grid

Incident Response Plan for PCI-DSS Compliance

Online Account Takeover. Roger Nettie

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

Security Practices for Online Collaboration and Social Media

DATA SHEET. What Darktrace Finds

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Cyber Security Strategy of Georgia

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

KEY STEPS FOLLOWING A DATA BREACH

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Transcription:

CERT-GOV-GE Activities & International Partnerships Zurich, Switzerland 2014 CERT-GOV-GE Manager David Kvatadze www.dea.gov.ge

CERT-GOV-GE - Structural unit was formed within the Information Security and Policy division of LEPL Data Exchange Agency under the Ministry of Justice of Georgia, which processes, analyses and solves information security incidents.

CERT-GOV-GE Constituency Hosting Providers Critical Information systems subject Banks Pvt. Sector International CERT s Govt. Sector CERT-GOV-GE Internet service providers Military Secret

CERT-GOV-GE Services Services: IP address monitoring service portal; Incident Handling; Penetration test Netflow Sensors (Nfdump & Nfsen); Web-Site Intrusion Detection (Threat Factor); Safe DNS Georgia; Training on Cyber Incident Handling; Check My IP; Other activities: Georgian Information Security Forum (Abuse Forum); Information Security Awareness:

CERT-GOV-GE We are members of the following organizations: The Cyber security Executing Arm Of The UNITED NATIONS SPECIALISED AGENCY of The International Telecommunication Union (ITU) We are full members of FIRST. FIRST is the Forum of Incident Response and Security Teams. The Trusted Introducer - a.k.a. TI - is the trusted backbone of the Security and Incident Response Team community in Europe. Certifications: All Our Team members are Certified by SANS GIAC

CERT-GOV-GE (Computer Emergency Response Team) Our Partners: www.impact-alliance.org www.trusted-introducer.org www.nato.int www.shadowserver.org www.team-cymru.org www.arbornetworks.com www.arakis.pl www.eset.com www.microsoft.com www.symantec.com http://www.cert.pl/ www.cert.at CERT-EE www.cert.ee/ www.quarantainenet.nl

Infected 10 000 IP Addresses Infected 5 000 IP Addresses Infected 1 500 IP Addresses Infected 500 IP Addresses Infected 100 IP Addresses 15-20 Phishings 25-30 Deface Web-Sites

http://thehackernews.com/2012/03/albania-is-most-malware-infected-nation.html

CERT-GOV-GE Services IP address monitoring service portal Since 2012

Check My IP Your IP address is: 146.255.225.150 Infection type: ZeuS Detailed Information

Check My IP Your IP address is: 146.255.225.150 Infection type: ZeuS Short description of infection type: Zeus is a Trojan horse that steals banking information by Man-in-the-browser keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Command & Control: 89.232.125.112 Date: 27 მაისი 2013 11:23:15 PM

Check My IP Your IP address is: 146.255.225.150 Infection type: not found

CERT-GOV-GE Services Incident Handling Since 2011

CERT-GOV-GE Services Penetration test Since 2012 Top 10 commercial tools

CERT-GOV-GE Services NetFlow Sensors (NfDump & NfSen) Analyze NetFlow Data For Security. Detects: SSH Brute Force Attacks. Botnets. ddos Attacks.

CERT-GOV-GE Services Website Intrusion Detection (ThreatFactor) Open Source Project. Monitors Web Pages for Intrusions (Exploits, Hacker Signatures, Information Leakage). Custom Rule Based Detection.

CERT-GOV-GE Services Safe DNS Georgia Integrated with Collective Intelligence Framework. Blocks malware domains and redirecting to warning page. First DNSSEC Enabled Resolver In Georgia.

CERT.GOV.GE Services Training on Cyber Incident Handling Since 2012

CERT-GOV-GE other activities Georgian Information Security Forum (Abuse Forum) Since 2012

Information Security Awareness:

www.facebook.com/certgovge

We are receiving and analyzing information about 12000 infected Georgian IP addresses from our international partner organizations on a daily basis. We shut down approximately 20 phishing sites that are located in Georgian web space on monthly basis. Hackers deface approximately 25 sites in Georgian cyber space on monthly basis. We receive information about 35 infected web sites which are located in Georgian web space on monthly basis.

GOV.GE 100 90 80 70 60 50 40 GOV.GE 30 20 10 0 2011 2012 2013

E-mail: cert@dea.gov.ge Tel: +995 32 291 51 40 Fax: +995 32 291 51 40 Web-page: www.cert.gov.ge www.facebook.com/certgovge

Thank You! Questions? saqartvelo, Tbilisi 0102, wminda nikolozos/n. CxeiZis 2 Mtel.: (+995 32)14 39 81 www.dea.gov.ge www.cert.gov.ge www.e-government.ge