![Page 1: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/1.jpg)
Protecting from cyber-threats…Is that possible to fight alone?Roman SologubGeneral ManagerISSP Ukraine
![Page 2: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/2.jpg)
ISSP Information Systems Security Partners
![Page 3: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/3.jpg)
ISSP Information Systems Security Partners
Data for sale Attack as a service Botnet services Malware / Trojans Accounts for sale
$ 2,1 TRILLION in 2019
![Page 4: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/4.jpg)
ISSP Information Systems Security Partners
AssumeCompromise
Detect & Respond Faster
Not just IT –OT, IOT, Physical
IncreasedRegulation
![Page 5: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/5.jpg)
ISSP Information Systems Security Partners
> Advanced Persistent Threat
a set of stealthy and continuous computer hackingprocesses, often orchestrated by human targeting a specific entity.
![Page 6: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/6.jpg)
ISSP Information Systems Security Partners
1. Preparation:social networks, internet, deep web, documents, metadata
2. Intrusion:Mass mail, targeted mail, candy drop, social engineering
3. Active Breach:Keyloggers, cryptolockers, password crackers, backdoors, etc…
Cyber Kill Chain
![Page 7: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/7.jpg)
ISSP Information Systems Security Partners
![Page 8: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/8.jpg)
ISSP Information Systems Security Partners
14 min
6 month from intrusion to blackout
![Page 9: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/9.jpg)
ISSP Information Systems Security Partners
DELIVERY
EXPLOTIATION
INSTALLATIONACTION
ON OBJECTIVES
![Page 10: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/10.jpg)
ISSP Information Systems Security Partners
Hackers Spend 200+ Days Inside
Before Discovery
![Page 11: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/11.jpg)
ISSP Information Systems Security Partners
> Ukraine 14/07/16
APT-scenarioDelivery stage
![Page 12: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/12.jpg)
ISSP Information Systems Security Partners
# 14 / 07 / 20161000+ emails were released to various organizations in Ukraine
![Page 13: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/13.jpg)
ISSP Information Systems Security Partners
MS Word has embedded macroIOC`s:HTTP 62.210.102.80elfaroconsultants.comelfaroconsultants.com/elfaroconsultants.com//r_uploadelfaroconsultants.com//wp-admin/post.phpelfaroconsultants.com/bug/pic.gif?siteidelfaroconsultants.com/din.aspx?s=0000000elfaroconsultants.com/p?c1=2&c2=13765216elfaroconsultants.com/pagestat/PageStatEelfaroconsultants.com/safari/content.binelfaroconsultants.com/t51.2885-15/e35/p2elfaroconsultants.com/tracker?js=13;id=1elfaroconsultants.com/wpad.datwtfismyip.com:443shougunj.com:8069.30.217.90:44352.23.245.170:80
Sandbox Evasion
![Page 14: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/14.jpg)
ISSP Information Systems Security Partners
![Page 15: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/15.jpg)
ISSP Information Systems Security Partners
Actions on Objectives
Command & ControlInstallationExploitationDeliveryWeaponizeRecon
1000 email addresses with personal data
OSINT+
Composite macro-code obfuscation -sandbox evasion
Predictions
Payload download 14/07/16
1. Exploitation stage - October2. Final stage performance – Spring `17
![Page 16: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/16.jpg)
ISSP Information Systems Security Partners
The User – is the Weakest Link…
![Page 17: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/17.jpg)
ISSP Information Systems Security Partners
The User – is the Weakest Link…
![Page 18: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/18.jpg)
ISSP Information Systems Security Partners
Attackers know more about us than ever..
![Page 19: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/19.jpg)
ISSP Information Systems Security Partners
The lines between Insiders and Outsiders are blurred.
Everyone is an Insider...
![Page 20: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/20.jpg)
ISSP Information Systems Security Partners
Isolated securitysimply don`t work !
![Page 21: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/21.jpg)
ISSP Information Systems Security Partners
ISSP - Information Systems Security Partners -
is a Group of Companies, specialized in cybersecurity, managedsecurity services, state of the art professional training, andcutting edge research in the area of information systems security.
![Page 22: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/22.jpg)
ISSP Information Systems Security Partners
Vendors and Partners: SOC Technical Sites:USA, Israel, EU Kyiv (+Lab), Vilnius, Tbilisi, Almaty (2017).
Offices: Training Facilities:Kyiv, Tbilisi, Baku, Moscow, Kyiv, TbilisiBratislava, Almaty
ISSP – cybersecurity integrator,professional and managed cybersecurityservices provider.
ISSP SOC – provides around the clockmanaged cybersecurity services.
ISSP Labs – specializes on analysis ofcyber threats, challenging tasks ofcomputer forensics.
ISSP Training Center – conductsprofessional trainings, including but notlimited to certified product-basedtrainings and professional certificationprograms.
ISSPbusiness profile
![Page 23: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/23.jpg)
ISSP Information Systems Security Partners
Not just IT –OT, IOT, Physical
AssumeCompromise
Detect & Respond Faster
IncreasedRegulation
ISSP LABS
InspectionAuditOSINT
TI+
ISSP SOC
MonitoringDetectionResponse
Remediation
ISSP Services
Counter-FraudSCADA Security
Pentests
ISSP TC
TrainingsCompliance AuditCompliance as a
Service
![Page 24: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/24.jpg)
ISSP Information Systems Security Partners
Monitoring Breach
Detection
AuditProspective
analysis
InspectionRetrospective
analysis
3 Steps to start
![Page 25: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/25.jpg)
ISSP Information Systems Security Partners
![Page 26: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/26.jpg)
ISSP Information Systems Security Partners
![Page 27: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/27.jpg)
ISSP Information Systems Security Partners
People
Technologies
Processes
Business
SecurityOperationsCenter
![Page 28: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/28.jpg)
ISSP Information Systems Security Partners
Users
Con-xt
DB`s
DOC`s
Assets
Netwk
Forums
Commercial streams
Social Media
Blogs
Open Communities
News
Vendors
Companies
API`s
Cloud Data
Apps
Actors
Mapping
Correlating
Qualifying
Cleaning
Conversion
Clustering
Indexing
EventsAquisition
DataExtraction
E-L-T > Process > Store > Update
![Page 29: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/29.jpg)
ISSP Information Systems Security Partners
![Page 30: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/30.jpg)
ISSP Information Systems Security Partners
![Page 31: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/31.jpg)
ISSP Information Systems Security Partners
Agenda 2017Invest in ISSP`s Cybersecurity Services
Developing SOC-services, R&D, Professional Expertize.
Invest in Collective DefenseCultivating relations with Labs, Research Institutions, Communities.
Invest in Cybersecurity KnowledgeCyber Academy, Training Center, Universities collaboration programs.
![Page 32: Protecting from cyber-threats… Is that possible to fight alone · 2020-04-04 · ISSP Information Systems Security Partners Data for sale Attack as a service Botnet services Malware](https://reader035.vdocuments.site/reader035/viewer/2022070720/5ee0a91aad6a402d666bcfe9/html5/thumbnails/32.jpg)
www.isspgroup.com