INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services...

18
1 FIRST TC / TF-CSIRT Las Palmas, January 27th 2015 Javier Berciano INTECO-CERT team update

Transcript of INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services...

Page 1: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

1

FIRST TC / TF-CSIRT Las Palmas, January 27th 2015

Javier Berciano

INTECO-CERT team update

Page 2: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

2

INTECO INCIBE

Page 3: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

3

Coordination SETSI-SES

SETSI-SESagreement

CRITICAL INFRAESTRUCTURE

PROTECTION

FIGHT AGAINST CYBERCRIME AND CYBERTERRORISM

AWARENESS AND TRAINING

Page 4: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

4

INTECO-CERT CERTSI

+

Page 5: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

5

Services

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

Enterprises and [email protected]

Critical [email protected]

24x7x365

Page 6: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

6

Services

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

MICS

C&C

SPAM

Samples

FastFlux

Open Resolver

Threats

URLs

bots

Page 7: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

7

Services

0day vulnerabilities reports

General software

SCADA software

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

Page 8: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

8

Services

Design: APT behaviour scenario with 3 phases

• Phase 1: Social engineering

• Phase 2: Internal pentest

• Phase 3: Incident handling scenario

15 critical infrastructures operators involved

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

Page 9: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

9

Services

Learn for protect

OSINT reports

Cheatsheets

Best practices

Incidenthandling

Proactivedetection

Earlywarning

CyberExercises

Awarenessraising

Page 10: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

10

AntiBotnet service

Facts:

5,8 millions botnet related evidences daily

Close to 74.000 unique Spanish IP addresses infected

Information from 570 sinkholes with 83 different botnets

Page 11: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

11

Goals:

Botnet mitigation and disinfection

Realtime IP check service

End user reporting

AntiBotnet service

Page 12: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

12

Analysis and information processing

End-user identification and

notifications generation

Feed (bots)

CyberSecurity Intelligence Engine

BOTNET EVIDENCES DATABASE

TRUSTED SOURCES

DETECTION

Analysis of Threats

Metrics

END USER

ANTIBOTNET SERVICE URL + Botnet Ticket

Threat Information and disinfection Tools

Awareness and Prevention

AntiBotnet service

Page 13: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

13

Online IP check

AntiBotnet service

Page 14: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

14

Chrome extension

AntiBotnet service

Page 15: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

15

Detailed information about threat

AntiBotnet service

Disinfection tools (AV cleaners)

Page 16: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

16

GFzo

torpig

28/10/14

xxx

1.1.1

AntiBotnet service

Page 17: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

17

AntiBotnet service

Page 18: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive

18

Thank you!Javier Berciano

[email protected]

Questions?


Parental Guide for Safe Children Usage on Video Games. By INTECO

Parental Guide for Safe Children Usage on Video Games. By INTECO

Www.salima.eu 17–20/2/2016, Brno Exhibition Centre SALIMA / VINEX - MBK - INTECO International Food Fairs.

Www.salima.eu 17–20/2/2016, Brno Exhibition Centre SALIMA / VINEX - MBK - INTECO International Food Fairs.

Practical Guide for Secure Use of the Electronic Dni On the Internet - English Version. By INTECO

Practical Guide for Secure Use of the Electronic Dni On the Internet - English Version. By INTECO

HIGH PERFORMANCE, LARGE STORAGE - Inteco Diagnostics UK · INTECO DIAGNOSTICS UK CELLDIFF-5+ INTECO Celldiff-5 + 5 part-diff Haematology Analyser PRODUCT CODE: CELLDIF5 High-end 5

HIGH PERFORMANCE, LARGE STORAGE - Inteco Diagnostics UK · INTECO DIAGNOSTICS UK CELLDIFF-5+ INTECO Celldiff-5 + 5 part-diff Haematology Analyser PRODUCT CODE: CELLDIF5 High-end 5

How does a 0day work? - DefCamp 2012

How does a 0day work? - DefCamp 2012

Embryo development Day 0Day 1Day 2Day 3Day 5Day 6Day 4.

Embryo development Day 0Day 1Day 2Day 3Day 5Day 6Day 4.

INTECO EPH TECHNOLOGY · our core activities. INTECO is able to design and build single units as well as whole production plants for the metallurgical industry from one hand ensuring

INTECO EPH TECHNOLOGY · our core activities. INTECO is able to design and build single units as well as whole production plants for the metallurgical industry from one hand ensuring

INTECO-CERT - TERENA...INTECO-CERT Collaboration Projects ü Collects information from a PC suspected of being modified by malicious code in order to determinate whether the PC is

INTECO-CERT - TERENA...INTECO-CERT Collaboration Projects ü Collects information from a PC suspected of being modified by malicious code in order to determinate whether the PC is

Guide to the Security and Privacy of Rfid Technology - English Version. By INTECO

Guide to the Security and Privacy of Rfid Technology - English Version. By INTECO

Cooperación Inteco - NIST Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance.

Cooperación Inteco - NIST Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance.

IHM Inteco Hotelmanagement Company (Brochure en)

IHM Inteco Hotelmanagement Company (Brochure en)

INTECO – Joint Research Unit in Economic Integration · 2019-11-21 · INTECO Workshop on Economic Integration O 28-29 November 2019 UNIVERSITAT JAUME l, CASTELLÓ Faculty of Law

INTECO – Joint Research Unit in Economic Integration · 2019-11-21 · INTECO Workshop on Economic Integration O 28-29 November 2019 UNIVERSITAT JAUME l, CASTELLÓ Faculty of Law

Inteco Profile

Inteco Profile

External imbalances and growth - UV · External imbalances and growth Mariam Camarero University Jaume I and INTECO Jesús Peiró-Palomino University Jaume I and INTECO Cecilio Tamarit

External imbalances and growth - UV · External imbalances and growth Mariam Camarero University Jaume I and INTECO Jesús Peiró-Palomino University Jaume I and INTECO Cecilio Tamarit

A Simpler Way of Finding 0day - Exploit Database · A Simpler Way of Finding 0day . Robert Graham . David Maynor . Errata Security . Abstract: Instead of reverse engineering vulnerabilities

A Simpler Way of Finding 0day - Exploit Database · A Simpler Way of Finding 0day . Robert Graham . David Maynor . Errata Security . Abstract: Instead of reverse engineering vulnerabilities

The IPO of the 0day - Immunity Inc · 6 Welcome to the New World of 0day Agenda: – Trading and financial analysis systems are proprietary and have very limited distribution –

The IPO of the 0day - Immunity Inc · 6 Welcome to the New World of 0day Agenda: – Trading and financial analysis systems are proprietary and have very limited distribution –

NATIONAL NETWORK FOR SPAM MONITORING · 20th Annual FIRST Conference on Computer Security Incident Handling. 2 Summary 1. INTECO and INTECO-CERT 2. Spam Monitoring Network 1. Sensors

NATIONAL NETWORK FOR SPAM MONITORING · 20th Annual FIRST Conference on Computer Security Incident Handling. 2 Summary 1. INTECO and INTECO-CERT 2. Spam Monitoring Network 1. Sensors

A Simpler Way of Finding 0day - Black Hat Briefings

A Simpler Way of Finding 0day - Black Hat Briefings

Study on the Security and Etrust in the Small Micro and Spanish Companies - English Version. By INTECO

Study on the Security and Etrust in the Small Micro and Spanish Companies - English Version. By INTECO

The IPO of the 0day - Immunity IncFuel the ego (require 0day discovery) Open the ports (they need IRC like a fish needs water) Encourage normal working hours by demonstrating all the

The IPO of the 0day - Immunity IncFuel the ego (require 0day discovery) Open the ports (they need IRC like a fish needs water) Encourage normal working hours by demonstrating all the