CERT-GOV-GE Activities & Services

Similar documents

CERT-GOV-GE Activities & International Partnerships

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Cyber Security and Critical Information Infrastructure

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

CYBER ESPIONAGE. Against Georgian Government. (Georbot Botnet) CERT.GOV.GE. LEPL Data Exchange Agency. Ministry of Justice of Georgia

Romanian National Computer Security Incident Response Team CERT-RO.

What legal aspects are needed to address specific ICT related issues?

Revealing Botnets Using Network Traffic Statistics

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

GEORGIA S SUCCESSFUL JOURNEY TO E-GOVERNMENT

(BDT) BDT/POL/CYB/Circular

Hong Kong Information Security Outlook 2015 香港資訊保安展望

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

E - G O V E R N M E N T. G E

Security Incident Management Essentials Compiled as a service to the community by Internet2, EDUCAUSE, and REN-ISAC

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Current Threat Scenario and Recent Attack Trends

About Botnet, and the influence that Botnet gives to broadband ISP

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

How To Perform A Large Scale Attack On A Large Network

Detecting peer-to-peer botnets

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

INFORMATION SECURITY REVIEW

Cybersecurity: Thailand s and ASEAN s priorities. Soranun Jiwasurat

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

Security A to Z the most important terms

WEB ATTACKS AND COUNTERMEASURES

Data Centers Protection from DoS attacks. Trends and solutions. Michael Soukonnik, Radware Ltd Riga. Baltic IT&T

Korea s experience of massive DDoS attacks from Botnet

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Lith Networking and Network Marketing Safety

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Internet Security Awareness Program in Georgia funded by ISOC Community Grants Programme

Practical Steps To Securing Process Control Networks

Cyber Security Strategy of Georgia

How To Protect Your Online Banking From Fraud

Automatic Network Protection Scenarios Using NetFlow

Network Security Forensics

FBI CHALLENGES IN A CYBER-BASED WORLD

Innovations in Network Security

ReadySpace Limited Unit J, 16/F Reason Group Tower, Castle PeakRoad, Kwai Chung, N.T.

Cybersecurity and Incident Response Initiatives: Brazil and Americas

SUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012

Next Generation IPS and Reputation Services

Unified Security Management and Open Threat Exchange

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

Detecting Botnets with NetFlow

Cyber security Indian perspective & Collaboration With EU

WHITE PAPER: Cyber Crime and the Critical Need for Endpoint Security

Capacity Building to Strengthen Cybersecurity: Thailand Update

Current counter-measures and responses by CERTs

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness

DDoS Attacks Can Take Down Your Online Services

Data Driven Assessment of Cyber Risk:

Protecting critical infrastructure from Cyber-attack

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Incident Reporting Guidelines for Constituents (Public)

Cybersecurity Awareness. Part 1

We Know It Before You Do: Predicting Malicious Domains

Security Analytics for Smart Grid

Botnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic

ACCEPTABLE USE AND TAKEDOWN POLICY

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Marble & MobileIron Mobile App Risk Mitigation

The Key to Secure Online Financial Transactions

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Botnets: The Advanced Malware Threat in Kenya's Cyberspace

Using big data analytics to identify malicious content: a case study on spam s

Unknown threats in Sweden. Study publication August 27, 2014

Cyber Security ( Lao PDR )

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Internet Security and Resiliency: A Collaborative Effort

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

IBM Protocol Analysis Module

NEW ZEALAND S CYBER SECURITY STRATEGY

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

honeytarg Chapter Activities

Transcription:

CERT-GOV-GE Activities & Services Tbilisi, Georgia 2014 CERT-GOV-GE Manager David Kvatadze www.dea.gov.ge

CERT-GOV-GE - Structural unit was formed within the Information Security and Policy division of LEPL Data Exchange Agency under the Ministry of Justice of Georgia, which processes, analyses and solves information security incidents.

CERT-GOV-GE Constituency Hosting Providers Critical Information systems subject Banks Pvt. Sector International CERT s Govt. Sector CERT-GOV-GE Internet service providers Military Secret

CERT-GOV-GE Services Services: IP address monitoring service portal; Incident Handling; Penetration test Netflow Sensors (Nfdump & Nfsen); Web-Site Intrusion Detection (Threat Factor); Blacklist sevice; Safe DNS Georgia; Training on Cyber Incident Handling; Check My IP; Other activities: Georgian Information Security Forum (Abuse Forum); Information Security Awareness:

CERT-GOV-GE We are members of the following organizations: The Cyber security Executing Arm Of The UNITED NATIONS SPECIALISED AGENCY of The International Telecommunication Union (ITU) We are full member of FIRST. FIRST is the Forum of Incident Response and Security Teams. The Trusted Introducer - a.k.a. TI - is the trusted backbone of the Security and Incident Response Team community in Europe. CERT-GOV-GE is Autorized To Use CERT Trademark.

CERT-GOV-GE Certifications: All Our Team members are Certified by SANS GIAC. Plans: All Our Team members have plan to pass SANS GSNA exam.

Plans for the 2015 year : CERT.gov.ge is planning to become a member of European Government CERTs (EGC) group. CERT.gov.ge is planning to become a certified member of Trusted Introducer. It is also planned to become a member of APCERT.

CERT-GOV-GE (Computer Emergency Response Team) Our Partners: www.impact-alliance.org www.trusted-introducer.org www.nato.int www.shadowserver.org www.team-cymru.org www.arbornetworks.com www.arakis.pl www.eset.com www.microsoft.com www.symantec.com http://www.cert.pl/ www.cert.at CERT-EE www.cert.ee/ www.quarantainenet.nl

Infected 10 000 IP Addresses Infected 20 000 IP Addresses Infected 1 500 IP Addresses Infected 500 IP Addresses Infected 100 IP Addresses 15-20 Phishings 25-30 Deface Web-Sites

http://thehackernews.com/2012/03/albania-is-most-malware-infected-nation.html

CERT-GOV-GE Services IP address monitoring portal

CERT-GOV-GE Services IP address monitoring portal

CERT-GOV-GE Services IP address monitoring portal

CERT-GOV-GE Services IP address monitoring portal

CERT-GOV-GE Services IP address monitoring portal

CERT-GOV-GE Services IP address monitoring portal 12 Million Infected IP,s 200 thousand unique IP s

Check My IP Your IP address is: 146.255.225.150 Infection type: ZeuS Detailed Information

Check My IP Your IP address is: 146.255.225.150 Infection type: ZeuS Short description of infection type: Zeus is a Trojan horse that steals banking information by Man-in-the-browser keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Command & Control: 89.232.125.112 Date: 27 მაისი 2013 11:23:15 PM

Check My IP Your IP address is: 146.255.225.150 Infection type: not found

CERT-GOV-GE Services Incident Handling Contact: incidents@dea.gov.ge

CERT-GOV-GE Services Penetration test Top 10 commercial tools

CERT-GOV-GE Services NetFlow Sensors (NfDump & NfSen) Analyze NetFlow Data For Security. Detects: SSH Brute Force Attacks. Botnets. ddos Attacks.

CERT-GOV-GE Services Website Intrusion Detection (ThreatFactor) Open Source Project. Monitors Web Pages for Intrusions (Exploits, Hacker Signatures, Information Leakage). Custom Rule Based Detection.

CERT-GOV-GE Services Blacklist Service IP and Domain blacklist. Different formats for different software. Available for Organization's. http://blacklists.cert.gov.ge

CERT-GOV-GE Services Safe DNS Georgia Integrated with Collective Intelligence Framework. Blocks malware domains and redirecting to warning page. First DNSSEC Enabled Resolver In Georgia. 5.159.16.16 5.159.20.20

CERT.GOV.GE Services Training on Cyber Incident Handling

NATO SPS Programme Cyber Defence Training for IT Professionals Afghanistan Moldova Macedonia Montenegro Azerbaijan

CERT-GOV-GE other activities Georgian Information Security Forum (Abuse Forum)

2014 FIRST Regional Symposium Tbilisi, Georgia October 13-16, 2014

24 September,2014

CERT-GOV-GE other activities Georgian Information Security Forum (Abuse Forum)

CERT-GOV-GE other activities Georgian Information Security Forum (Abuse Forum) Red Team CERT-GOV-GE COMCERT.pl

CERT-GOV-GE other activities Georgian Information Security Forum (Abuse Forum) Red Team CERT-GOV-GE COMCERT.pl Blue Team Education Management Information System National Public Registry Ministry of Labour Health and Social Affairs of Georgia MagtiCom Bank of Georgia Georgian Research and Educational Network Association Grena Ministry of Internal Affairs National Bank of Georgia Cyber Security Bureau Smart Logic state chancelary Geocell VTB Bank Ministry of Finance of Georgia Public Service Development Agency Free University of Tbilisi

Information Security Awareness:

www.facebook.com/certgovge

We are receiving and analyzing information about 20000 infected Georgian IP addresses from our international partner organizations on a daily basis. We shut down approximately 20 phishing sites that are located in Georgian web space on monthly basis. Hackers deface approximately 25 sites in Georgian cyber space on monthly basis. We receive information about 35 infected web sites which are located in Georgian web space on monthly basis.

GOV.GE 120 100 80 60 40 GOV.GE 20 0 2011 2012 2013 2014

E-mail: cert@dea.gov.ge Tel: +995 32 291 51 40 Fax: +995 32 291 51 40 Web-page: www.cert.gov.ge www.facebook.com/certgovge

Thank You! Questions? saqartvelo, Tbilisi 0102, wminda nikolozos/n. CxeiZis 2 Mtel.: (+995 32)14 39 81 www.dea.gov.ge www.cert.gov.ge www.e-government.ge