Role of CERT in fighting against cyber crime

Role of CERT in fighting against cyber crime Victor Ivanovsky, Global BDM

Threats landscape 2

Cyber attacks in 2016 AVG amount of stolen money per banking client: AVG amount of money stolen per financial APT: Costs of cyber attack remediation, SMB GROUP-IB. RU 5 000 USD 20000 – 60000 USD 3

Reasons of those trends Cyber criminals are acting and evolving fast • From a week to a month – average time to get attacked infrastructure under control • Testing and applying TTPs all over the world, switching targets in a short time GROUP-IB. RU 4

Reasons of those trends Cyber criminals choose any technology they like • Gozy + Nymaim = Goznym. Ransomeware + cryptolocker • Buhtrap code goes public and gets used by Lurk • Cobalt ATM attacks – they use pen test software… GROUP-IB. RU 5

Reasons of those trends Cyber criminals are working as an organized crime now… • Fast cyber heists of ATMs impossible without money mules and corresponding infrastructure • Cyber crime as a Service – from DDo. S to cash-out • Botnets for rent and source code for sale GROUP-IB. RU 6

Teamwork! 7

How to strike back? Quite obvious, but… An organized crime can be defeated with organized and collaborative efforts only GROUP-IB. RU 8

How to strike back? Three components you need to fight cyber criminals • Technology – hardware and software tools • Processes – frameworks, best practices to detect, respond, predict and prevent threats • People – incident response and digital forensics teams, analysts and even managers GROUP-IB. RU 9

CERT as a core of cyber defense Synergy of those components works best in SOC/CERT • SOC – security operations center • CERT – computer emergency response team • CSIRT - computer security incident response team GROUP-IB. RU 10

CERT as a core of cyber defense 11

CERT as a core of cyber defense CERT or SOC can be: • State-level. Requires having all three components on a lower levels • Commercial. Solves problems, gets money. 911 for the enterprise companies. • Industry-specific – ICS, Telecom, etc. GROUP-IB. RU 12

Roles of CERT • Expertise development and sharing center • Emergency response team • Skills incubation and development • Part of the global anti cyber crime community GROUP-IB. RU 13

QUESTIONS? ivanovskiy@group-ib. com