Presentation is loading. Please wait.

Presentation is loading. Please wait.

CERT-GIB IN 2018 DNS FORUM 2018 Alexander Kalinin Head of CERT-GIB.

Published bySebastian Bjørnstad Modified over 6 years ago

Similar presentations

Presentation on theme: "CERT-GIB IN 2018 DNS FORUM 2018 Alexander Kalinin Head of CERT-GIB."— Presentation transcript:

1 CERT-GIB IN DNS FORUM 2018 Alexander Kalinin Head of CERT-GIB

2 15 specialists 27 average age 45 000 combined hours of response
CERT-GIB CERT-GIB is established in 2011. Competent organization also for next zones: .SU .TATAR/.ДЕТИ .MOSCOW/.МОСКВА CERT-GIB — a 24/7/365 computer security incident response team Incident monitoring, including distribution of malicious software, phishing Professional assistance from specialists with vast experience in response to cyber crime Close cooperation with CERT teams, domain registrars and hosting providers from all over the world Collection, analysis and preservation of digital evidences from IDS/IPS (include Group-IB’s solution TDS) and Intelligence systems 15 specialists 27 average age Partner of IMPACT — International Multilateral Partnership Against Cyber Threats combined hours of response Accredited member of FIRST and Trusted Introducer 200+ active clients from finance, retail, telecom, blockchain, etc Officially authorized by Carnegie Mellon University and licensed to use the “CERT” trademark in its name Recognized as a competent organization of the CCTLD RU from 2011

3 Detected and blocked malicious resources by CERT-GIB in 2018
1 750 Detected and blocked malicious domains in .RU zone for this year 13 HOURS Average take-down time in .RU zone for this year 5 174 Detected and blocked phishing domains in other zones

4 Detected and blocked phishing resources by CERT-GIB in 2018
TOP-5 of bulletproof registrars: GoDaddy Todaynic OVH Tucows Google Registrar Average take-down of domain after first contact with any of these registrars more than 1 WEEK

5 Global Data Exchange Group-IB Intelligence
Unique data and intelligence collected from over 40+ organizations: Virustotal Yandex Safe Browsing Netoscope Facebook AVs Antiphishing MISP Law enforcement agencies by request And other organizations/clients Other sources: Domain monitoring Passive DNS TLS certificates Advertisement Logs from clients Mobile markets Other Intelligence data Our system and analysts checks every resource and only after verification we send this data to others

6 Interrelated Malicious Resources –– whois data
Cybercriminals also can use already known s when they register the domain names. It also can help to detect new malicious domains, but only if whois data is open. In most cases this data is actually fake.

7 Interrelated Malicious Resources –– IP and TLS
New domains can use already known IPs, that was previously detected. Also some of domains can change IP and that can help to detect more potential malicious resources that related with the new IP. The same thing with known TLS, that already been used in malicious activity. We can also build the relationships with help of all this data.

8 Group-IB — one of the global leaders  in providing high‑fidelity Threat Intelligence  and anti‑fraud solutions Alexander Kalinin Head of CERT-GIB , ext. 012

Download ppt "CERT-GIB IN 2018 DNS FORUM 2018 Alexander Kalinin Head of CERT-GIB."

Similar presentations

International partnership of law companies Customs & Corporate Lawyers, based on the principles of observance of high professional standards, mutual trust,

International partnership of law companies Customs & Corporate Lawyers, based on the principles of observance of high professional standards, mutual trust,
‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, 2012 1 Industry and the fight against cybercrime.

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
CONTACT US +91-22-40044861 / +91-9930577889.

CONTACT US /
DNSSEC & Email Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Association of Threat Assessment Professionals Great Plains Chapter November 19, 2010.

Association of Threat Assessment Professionals Great Plains Chapter November 19, 2010.
SESSION ID: #RSAC Chaz Lever Characterizing Malicious Traffic on Cellular Networks A Retrospective MBS-W01 Researcher Damballa,

SESSION ID: #RSAC Chaz Lever Characterizing Malicious Traffic on Cellular Networks A Retrospective MBS-W01 Researcher Damballa,
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.

1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Prepare + Prevent + Respond + Recover + Mitigate START WITH PREVENTION Governor’s Office of Homeland Security & Emergency Preparedness (GOHSEP) Louisiana-State.

Prepare + Prevent + Respond + Recover + Mitigate START WITH PREVENTION Governor’s Office of Homeland Security & Emergency Preparedness (GOHSEP) Louisiana-State.
GPS 2011 Slide - 1 COMPETITIVE STRATEGIES APAC Discussion.

GPS 2011 Slide - 1 COMPETITIVE STRATEGIES APAC Discussion.
EXCELLENCE AND SUSTAINABILITY BUILDING COMMUNITY CONNECTIONS.

EXCELLENCE AND SUSTAINABILITY BUILDING COMMUNITY CONNECTIONS.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak

Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak
Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.

Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Similar presentations

Ads by Google