The Cyber Defense center and its services portfolio

McAfee Professional Services – Foundstone Services

Intro Threat Landscape.Services

DISCUSSION TOPICS

Threat Intelligence.

The CDC

Physical Presence CERT

Regional Support

Reactive, Proactive,

Quality Mgt

Cyber Defense Center

Incident Response

Training

Advanced Malware Analysis

Strategic Services/Ass

essments

Contextual Threat

intelligence

Mobile Forensics

Computer ForensicsWhat is it?

CERT Computer

Emergency Response Team

Reactive Proactive Security Quality Management

• Incident Handling• Vulnerability Handling• Artifact Handling

• Announcements• Technology Watch• Security Audits or

Assessments• Configuration and

Maintenance of Security Tools, Applications, and Infrastructures

• Development of Security Tools

• Intrusion Detection Services• Threat Intelligence

• Risk Analysis• Business Continuity and

Disaster Recovery Planning• Security Consulting• Awareness Building• Education/Training• Product Evaluation

Computer Emergency Response Team (CERT)

Threat Landscape.

Services.

DISCUSSION TOPICS

Threat Intelligence.

•

Spotlight Qatar

Qatar86.2% internet penetration by June 2012 [2]

Highest GDP per capita by 2012 [3]

66% higher malware rate vs. worldwide in Q2 2012 [4]

Critical infrastructure directly tied to largest segment of economy

[1] McAfee Foundstone EMEA Cyber Defense Centre[2] InternetWorldFacts.com[3] CIA World Factbook [4] Microsoft Security Intelligence Report – Volume 13

[1]

Threat Intelligence Cyber Defense Centre – A Threat Intelligence System

Developed in ME.

Focused on E(ME)A.

Open Source Intelligence Public & Underground

Private data sources & API’s

Cryptolocker Infections Gulf Region

KSA UAE Yemen Oman Qatar Kuwait Bahrain0

50

100

150

200

250

Threat Intelligence

Threat Intelligence

Qatari Hackers

Loosely organized

Members of general Arabic hacking discussion groups

Small footprint compared to other Arab hacker communities

Threat Profile - Islamic Security

6,861 members and 55,279+ posts since May, 2012.Administrators include: aBo aLi, Mr.Dm4r, Lov3rDnsTopics Include: - Hacking Tutorials and Targets

- Tool Development and Distribution- Services and Tools for Sale- “Achievements” of Intrusions

Islamic Security – Posts Per Day

5/25/0

8

6/12/0

8

6/30/0

8

7/18/0

88/5

/08

8/23/0

8

9/10/0

8

9/28/0

8

10/16

/08

11/3/

08

11/21

/08

12/9/

08

12/27

/08

1/14/0

92/1

/09

2/19/0

93/9

/09

3/27/0

9

4/14/0

95/2

/09

5/20/0

96/7

/09

6/25/0

9

7/13/0

9

7/31/0

9

8/18/0

99/5

/09

9/23/0

9

10/11

/09

10/29

/09

11/16

/09

12/4/

09

12/22

/091/9

/10

1/27/1

00

50

100

150

200

250

300

350

Islamic Security – Attachment Uploads Per Day

5/25/0

8

6/11/0

8

6/28/0

8

7/15/0

88/1

/08

8/18/0

89/4

/08

9/21/0

8

10/8/

08

10/25

/08

11/11

/08

11/28

/08

12/15

/081/1

/09

1/18/0

92/4

/09

2/21/0

9

3/10/0

9

3/27/0

9

4/13/0

9

4/30/0

9

5/17/0

96/3

/09

6/20/0

97/7

/09

7/24/0

9

8/10/0

9

8/27/0

9

9/13/0

9

9/30/0

9

10/17

/09

11/3/

09

11/20

/09

12/7/

09

12/24

/09

1/10/1

00

1

2

3

4

5

6

7

8

9

10

Islamic Security – Tool Sharing

Islamic Security – Tool Sharing

Threat Intelligence

Profile: Qatar-Attack 61 reported hackings

Methods:Defacements via SQL,file upload, XSS and DDOSusing open source tools

Attacked domains in 11+ countries on 5 continents Maintains or contributes videosand blog posts that assist others in hacking

Threat Intelligence

Profile: Qatar-AttackNames: Qatar-Attack

DB-AttackQatar-Snipern1tr0g3n / n1tr0g3n0xid3MrAboghtalOahTaNiAboqhht QahtaniNaef Alqahtani

Emails: qatar.attack@gmail.comMrAboqht@gmail.comQ.8L@hotmail.comsad-h4cker@hotmail.comsad@bsdmail.comw7s@windowslive.com

Twitter: @MrAboqhtYouTube: MrAboqhtDomains: secur1ty.org

s-war.comdb-attack.com

Affiliations: alm3r3fh Groupv4-team

Threat Intelligence

.QA Domain Hacked Locations .QA Hacked Operating Systems

90%

4%

1%4%

1%

LINUX UNIX WINDOWS BSD UNKNOWN

Hosted in Qatar84%

Hosted Offshore

16%

Threat Profile - Islamic Security

6,861 members and 55,279+ posts since May, 2012.Administrators include: aBo aLi, Mr.Dm4r, Lov3rDnsTopics Include: - Hacking Tutorials and Targets

- Tool Development and Distribution- Services and Tools for Sale- “Achievements” of Intrusions

Islamic Security – Attachment Uploads Per Day

5/25/0

8

6/11/0

8

6/28/0

8

7/15/0

88/1

/08

8/18/0

89/4

/08

9/21/0

8

10/8/

08

10/25

/08

11/11

/08

11/28

/08

12/15

/081/1

/09

1/18/0

92/4

/09

2/21/0

9

3/10/0

9

3/27/0

9

4/13/0

9

4/30/0

9

5/17/0

96/3

/09

6/20/0

97/7

/09

7/24/0

9

8/10/0

9

8/27/0

9

9/13/0

9

9/30/0

9

10/17

/09

11/3/

09

11/20

/09

12/7/

09

12/24

/09

1/10/1

00

1

2

3

4

5

6

7

8

9

10

Trends in attacks

RAM Scrapers

Malware targeting phone and computer

ATM attacks

Dexter

Dec 2012

Vskimmer

Jan 2013

BlackPOS

March 2013

Alina

Oct 2012

The rise of the RAM Scrapers

Example: VSKIMMER

Example: VSKIMMER

Where is the CCArd data?

Example: VSKIMMER

What is the name of the USB stick?

Writing the dumpfile to USB-stick

Example: BlackPOS

DEMO

Latest in the world of POS

You swipe and pay,Meanwhile track-data of your card is send by SMS to criminal….

Shukran!

EMERGENCY?

Hacked999@Foundstone.com

HACKED911@MCAFEE.COM

T H A N KY O U !