Protecting from cyber-threats…Is that possible to fight alone?Roman SologubGeneral ManagerISSP Ukraine

ISSP Information Systems Security Partners

ISSP Information Systems Security Partners

Data for sale Attack as a service Botnet services Malware / Trojans Accounts for sale

$ 2,1 TRILLION in 2019

ISSP Information Systems Security Partners

AssumeCompromise

Detect & Respond Faster

Not just IT –OT, IOT, Physical

IncreasedRegulation

ISSP Information Systems Security Partners

> Advanced Persistent Threat

a set of stealthy and continuous computer hackingprocesses, often orchestrated by human targeting a specific entity.

ISSP Information Systems Security Partners

1. Preparation:social networks, internet, deep web, documents, metadata

2. Intrusion:Mass mail, targeted mail, candy drop, social engineering

3. Active Breach:Keyloggers, cryptolockers, password crackers, backdoors, etc…

Cyber Kill Chain

ISSP Information Systems Security Partners

ISSP Information Systems Security Partners

14 min

6 month from intrusion to blackout

ISSP Information Systems Security Partners

DELIVERY

EXPLOTIATION

INSTALLATIONACTION

ON OBJECTIVES

ISSP Information Systems Security Partners

Hackers Spend 200+ Days Inside

Before Discovery

ISSP Information Systems Security Partners

> Ukraine 14/07/16

APT-scenarioDelivery stage

ISSP Information Systems Security Partners

# 14 / 07 / 20161000+ emails were released to various organizations in Ukraine

ISSP Information Systems Security Partners

MS Word has embedded macroIOC`s:HTTP 62.210.102.80elfaroconsultants.comelfaroconsultants.com/elfaroconsultants.com//r_uploadelfaroconsultants.com//wp-admin/post.phpelfaroconsultants.com/bug/pic.gif?siteidelfaroconsultants.com/din.aspx?s=0000000elfaroconsultants.com/p?c1=2&c2=13765216elfaroconsultants.com/pagestat/PageStatEelfaroconsultants.com/safari/content.binelfaroconsultants.com/t51.2885-15/e35/p2elfaroconsultants.com/tracker?js=13;id=1elfaroconsultants.com/wpad.datwtfismyip.com:443shougunj.com:8069.30.217.90:44352.23.245.170:80

Sandbox Evasion

ISSP Information Systems Security Partners

ISSP Information Systems Security Partners

Actions on Objectives

Command & ControlInstallationExploitationDeliveryWeaponizeRecon

1000 email addresses with personal data

OSINT+

Composite macro-code obfuscation -sandbox evasion

Predictions

Payload download 14/07/16

1. Exploitation stage - October2. Final stage performance – Spring `17

ISSP Information Systems Security Partners

The User – is the Weakest Link…

ISSP Information Systems Security Partners

The User – is the Weakest Link…

ISSP Information Systems Security Partners

Attackers know more about us than ever..

ISSP Information Systems Security Partners

The lines between Insiders and Outsiders are blurred.

Everyone is an Insider...

ISSP Information Systems Security Partners

Isolated securitysimply don`t work !

ISSP Information Systems Security Partners

ISSP - Information Systems Security Partners -

is a Group of Companies, specialized in cybersecurity, managedsecurity services, state of the art professional training, andcutting edge research in the area of information systems security.

ISSP Information Systems Security Partners

Vendors and Partners: SOC Technical Sites:USA, Israel, EU Kyiv (+Lab), Vilnius, Tbilisi, Almaty (2017).

Offices: Training Facilities:Kyiv, Tbilisi, Baku, Moscow, Kyiv, TbilisiBratislava, Almaty

ISSP – cybersecurity integrator,professional and managed cybersecurityservices provider.

ISSP SOC – provides around the clockmanaged cybersecurity services.

ISSP Labs – specializes on analysis ofcyber threats, challenging tasks ofcomputer forensics.

ISSP Training Center – conductsprofessional trainings, including but notlimited to certified product-basedtrainings and professional certificationprograms.

ISSPbusiness profile

ISSP Information Systems Security Partners

Not just IT –OT, IOT, Physical

AssumeCompromise

Detect & Respond Faster

IncreasedRegulation

ISSP LABS

InspectionAuditOSINT

TI+

ISSP SOC

MonitoringDetectionResponse

Remediation

ISSP Services

Counter-FraudSCADA Security

Pentests

ISSP TC

TrainingsCompliance AuditCompliance as a

Service

ISSP Information Systems Security Partners

Monitoring Breach

Detection

AuditProspective

analysis

InspectionRetrospective

analysis

3 Steps to start

ISSP Information Systems Security Partners

ISSP Information Systems Security Partners

ISSP Information Systems Security Partners

People

Technologies

Processes

Business

SecurityOperationsCenter

ISSP Information Systems Security Partners

Users

Con-xt

DB`s

DOC`s

Email

Assets

Netwk

Forums

Commercial streams

Social Media

Blogs

Open Communities

News

Vendors

Companies

API`s

Cloud Data

Apps

Actors

Mapping

Correlating

Qualifying

Cleaning

Conversion

Clustering

Indexing

EventsAquisition

DataExtraction

E-L-T > Process > Store > Update

ISSP Information Systems Security Partners

ISSP Information Systems Security Partners

ISSP Information Systems Security Partners

Agenda 2017Invest in ISSP`s Cybersecurity Services

Developing SOC-services, R&D, Professional Expertize.

Invest in Collective DefenseCultivating relations with Labs, Research Institutions, Communities.

Invest in Cybersecurity KnowledgeCyber Academy, Training Center, Universities collaboration programs.

www.isspgroup.com