320 likes | 338 Views
Explore the threat landscape with McAfee's Cyber Defense Center and its services portfolio, including threat intelligence and CERT services.
E N D
The Cyber Defense center and its services portfolio McAfee Professional Services – Foundstone Services
DISCUSSION TOPICS Threat Landscape. Intro Services Threat Intelligence.
What is it? CERTComputer Emergency Response Team
DISCUSSION TOPICS Threat Landscape. Threat Intelligence. Services.
Spotlight Qatar [1] Qatar 86.2% internet penetration by June 2012 [2] Highest GDP per capita by 2012 [3] 66% higher malware rate vs. worldwide in Q2 2012 [4] Critical infrastructure directly tied to largest segment of economy [1] McAfee Foundstone EMEA Cyber Defense Centre [2] InternetWorldFacts.com [3] CIA World Factbook [4] Microsoft Security Intelligence Report – Volume 13
Threat Intelligence Cyber Defense Centre – A Threat Intelligence System • Developed in ME. • Focused on E(ME)A. • Open Source Intelligence • Public & Underground • Private data sources & API’s
Threat Intelligence Qatari Hackers • Loosely organized • Members of general Arabic hacking discussion groups • Small footprint compared to other Arab hacker communities
Threat Profile - Islamic Security 6,861 members and 55,279+ posts since May, 2012. Administrators include: aBoaLi, Mr.Dm4r, Lov3rDns Topics Include: - Hacking Tutorials and Targets - Tool Development and Distribution - Services and Tools for Sale - “Achievements” of Intrusions
Threat Intelligence Profile: Qatar-Attack • 61 reported hackings • Methods:Defacements via SQL,file upload, XSS and DDOSusing open source tools • Attacked domains in 11+ countries on 5 continents • Maintains or contributes videos and blog posts that assist others in hacking
Threat Intelligence Profile: Qatar-Attack Names: Qatar-Attack DB-Attack Qatar-Sniper n1tr0g3n / n1tr0g3n0xid3 MrAboght alOahTaNi AboqhhtQahtani NaefAlqahtani Emails: qatar.attack@gmail.com MrAboqht@gmail.com Q.8L@hotmail.com sad-h4cker@hotmail.com sad@bsdmail.com w7s@windowslive.com Twitter: @MrAboqht YouTube:MrAboqht Domains: secur1ty.org s-war.comdb-attack.comAffiliations: alm3r3fh Group v4-team
Threat Intelligence .QA Domain HackedLocations .QA Hacked Operating Systems
Threat Profile - Islamic Security 6,861 members and 55,279+ posts since May, 2012. Administrators include: aBoaLi, Mr.Dm4r, Lov3rDns Topics Include: - Hacking Tutorials and Targets - Tool Development and Distribution - Services and Tools for Sale - “Achievements” of Intrusions
The rise of the RAM Scrapers BlackPOS Vskimmer Alina Dexter Dec 2012 Jan 2013 March 2013 Oct 2012
Example: VSKIMMER Where is the CCArd data?
Example: VSKIMMER What is the name of the USB stick? Writing the dumpfile to USB-stick
Example: BlackPOS DEMO
Latest in the world of POS You swipe and pay, Meanwhile track-data of your card is send by SMS to criminal…. Shukran!
EMERGENCY? Hacked999@Foundstone.com Hacked911@McAfee.com