Protecting from cyber-threats… Is that possible to fight alone? Roman Sologub General Manager ISSP Ukraine
Protecting from cyber-threats…Is that possible to fight alone?Roman SologubGeneral ManagerISSP Ukraine
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
Data for sale Attack as a service Botnet services Malware / Trojans Accounts for sale
$ 2,1 TRILLION in 2019
ISSP Information Systems Security Partners
AssumeCompromise
Detect & Respond Faster
Not just IT –OT, IOT, Physical
IncreasedRegulation
ISSP Information Systems Security Partners
> Advanced Persistent Threat
a set of stealthy and continuous computer hackingprocesses, often orchestrated by human targeting a specific entity.
ISSP Information Systems Security Partners
1. Preparation:social networks, internet, deep web, documents, metadata
2. Intrusion:Mass mail, targeted mail, candy drop, social engineering
3. Active Breach:Keyloggers, cryptolockers, password crackers, backdoors, etc…
Cyber Kill Chain
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
14 min
6 month from intrusion to blackout
ISSP Information Systems Security Partners
DELIVERY
EXPLOTIATION
INSTALLATIONACTION
ON OBJECTIVES
ISSP Information Systems Security Partners
Hackers Spend 200+ Days Inside
Before Discovery
ISSP Information Systems Security Partners
> Ukraine 14/07/16
APT-scenarioDelivery stage
ISSP Information Systems Security Partners
# 14 / 07 / 20161000+ emails were released to various organizations in Ukraine
ISSP Information Systems Security Partners
MS Word has embedded macroIOC`s:HTTP 62.210.102.80elfaroconsultants.comelfaroconsultants.com/elfaroconsultants.com//r_uploadelfaroconsultants.com//wp-admin/post.phpelfaroconsultants.com/bug/pic.gif?siteidelfaroconsultants.com/din.aspx?s=0000000elfaroconsultants.com/p?c1=2&c2=13765216elfaroconsultants.com/pagestat/PageStatEelfaroconsultants.com/safari/content.binelfaroconsultants.com/t51.2885-15/e35/p2elfaroconsultants.com/tracker?js=13;id=1elfaroconsultants.com/wpad.datwtfismyip.com:443shougunj.com:8069.30.217.90:44352.23.245.170:80
Sandbox Evasion
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
Actions on Objectives
Command & ControlInstallationExploitationDeliveryWeaponizeRecon
1000 email addresses with personal data
OSINT+
Composite macro-code obfuscation -sandbox evasion
Predictions
Payload download 14/07/16
1. Exploitation stage - October2. Final stage performance – Spring `17
ISSP Information Systems Security Partners
The User – is the Weakest Link…
ISSP Information Systems Security Partners
The User – is the Weakest Link…
ISSP Information Systems Security Partners
Attackers know more about us than ever..
ISSP Information Systems Security Partners
The lines between Insiders and Outsiders are blurred.
Everyone is an Insider...
ISSP Information Systems Security Partners
Isolated securitysimply don`t work !
ISSP Information Systems Security Partners
ISSP - Information Systems Security Partners -
is a Group of Companies, specialized in cybersecurity, managedsecurity services, state of the art professional training, andcutting edge research in the area of information systems security.
ISSP Information Systems Security Partners
Vendors and Partners: SOC Technical Sites:USA, Israel, EU Kyiv (+Lab), Vilnius, Tbilisi, Almaty (2017).
Offices: Training Facilities:Kyiv, Tbilisi, Baku, Moscow, Kyiv, TbilisiBratislava, Almaty
ISSP – cybersecurity integrator,professional and managed cybersecurityservices provider.
ISSP SOC – provides around the clockmanaged cybersecurity services.
ISSP Labs – specializes on analysis ofcyber threats, challenging tasks ofcomputer forensics.
ISSP Training Center – conductsprofessional trainings, including but notlimited to certified product-basedtrainings and professional certificationprograms.
ISSPbusiness profile
ISSP Information Systems Security Partners
Not just IT –OT, IOT, Physical
AssumeCompromise
Detect & Respond Faster
IncreasedRegulation
ISSP LABS
InspectionAuditOSINT
TI+
ISSP SOC
MonitoringDetectionResponse
Remediation
ISSP Services
Counter-FraudSCADA Security
Pentests
ISSP TC
TrainingsCompliance AuditCompliance as a
Service
ISSP Information Systems Security Partners
Monitoring Breach
Detection
AuditProspective
analysis
InspectionRetrospective
analysis
3 Steps to start
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
People
Technologies
Processes
Business
SecurityOperationsCenter
ISSP Information Systems Security Partners
Users
Con-xt
DB`s
DOC`s
Assets
Netwk
Forums
Commercial streams
Social Media
Blogs
Open Communities
News
Vendors
Companies
API`s
Cloud Data
Apps
Actors
Mapping
Correlating
Qualifying
Cleaning
Conversion
Clustering
Indexing
EventsAquisition
DataExtraction
E-L-T > Process > Store > Update
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
ISSP Information Systems Security Partners
Agenda 2017Invest in ISSP`s Cybersecurity Services
Developing SOC-services, R&D, Professional Expertize.
Invest in Collective DefenseCultivating relations with Labs, Research Institutions, Communities.
Invest in Cybersecurity KnowledgeCyber Academy, Training Center, Universities collaboration programs.
www.isspgroup.com