Top Banner
1 FIRST TC / TF-CSIRT Las Palmas, January 27th 2015 Javier Berciano INTECO-CERT team update
18

INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

Aug 21, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

1

FIRST TC / TF-CSIRT Las Palmas, January 27th 2015

Javier Berciano

INTECO-CERT team update

Page 2: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

2

INTECO INCIBE

Page 3: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

3

Coordination SETSI-SES

SETSI-SESagreement

CRITICAL INFRAESTRUCTURE

PROTECTION

FIGHT AGAINST CYBERCRIME AND CYBERTERRORISM

AWARENESS AND TRAINING

Page 4: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

4

INTECO-CERT CERTSI

+

Page 5: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

5

Services

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

Enterprises and [email protected]

Critical [email protected]

24x7x365

Page 6: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

6

Services

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

MICS

C&C

SPAM

Samples

FastFlux

Open Resolver

Threats

URLs

bots

Page 7: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

7

Services

0day vulnerabilities reports

General software

SCADA software

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

Page 8: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

8

Services

Design: APT behaviour scenario with 3 phases

• Phase 1: Social engineering

• Phase 2: Internal pentest

• Phase 3: Incident handling scenario

15 critical infrastructures operators involved

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

Page 9: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

9

Services

Learn for protect

OSINT reports

Cheatsheets

Best practices

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

Page 10: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

10

AntiBotnet service

Facts:

5,8 millions botnet related evidences daily

Close to 74.000 unique Spanish IP addresses infected

Information from 570 sinkholes with 83 different botnets

Page 11: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

11

Goals:

Botnet mitigation and disinfection

Realtime IP check service

End user reporting

AntiBotnet service

Page 12: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

12

Analysis and information processing

End-user identification and

notifications generation

Feed (bots)

CyberSecurity Intelligence Engine

BOTNET EVIDENCES DATABASE

TRUSTED SOURCES

DETECTION

Analysis of Threats

Metrics

END USER

ANTIBOTNET SERVICE URL + Botnet Ticket

Threat Information and disinfection Tools

Awareness and Prevention

AntiBotnet service

Page 13: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

13

Online IP check

AntiBotnet service

Page 14: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

14

Chrome extension

AntiBotnet service

Page 15: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

15

Detailed information about threat

AntiBotnet service

Disinfection tools (AV cleaners)

Page 16: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

16

GFzo

torpig

28/10/14

xxx

1.1.1

AntiBotnet service

Page 17: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

17

AntiBotnet service

Page 18: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

18

Thank you!Javier Berciano

[email protected]

Questions?


Related Documents
Folleto de Normalización INTECO

Folleto de Normalización INTECO

Category: Documents
How does a 0day work? - DefCamp 2012

How does a 0day work? - DefCamp 2012

Category: Documents
(12)Seguridad Dispositivos Moviles Inteco

(12)Seguridad Dispositivos Moviles Inteco

Category: Documents
Guía INTECO para tuenti

Guía INTECO para tuenti

Category: Education
Inteco and NIST Cooperation

Inteco and NIST Cooperation

Category: Documents
Inteco Profile

Inteco Profile

Category: Documents
Qué Es Inteco

Qué Es Inteco

Category: Documents
Guia inteco facebook-2

Guia inteco facebook-2

Category: Documents
Manual sobre ciberbullying para padres (Inteco)

Manual sobre ciberbullying para padres (Inteco)

Category: Education
Industrial machinery Inteco

Industrial machinery Inteco

Category: Documents
Guia rfid lopd inteco

Guia rfid lopd inteco

Category: Documents
From 0 to 0day on Sybian

From 0 to 0day on Sybian

Category: Documents