November 19

Webinar takeaway: Deutsches Cyber Threat Briefing mit Anomali, RiskIQ und CrowdStrike

0  comments

file

My key takeaways

Anomali

  • it takes up to 200+ days on average before a breach might be detected
  • one challenge in many SOCs is to find relevant information in a growing "data lake"; this is where tools are needed
  • wannacry example: blocking the kill switch domain as suspicious would have helped the worm spread; getting the information about the purpose of this domain as fast as possible was mission critical
  • cross combining information from different sources and perspectives may increase the amount of data, but also make the neccesary data available to detect threads and breaches earlier

RISKIQ

  • Skimmer are collecting credit card data online like their equivalent in RL on ATMs
  • A common way to place them, is infiltrating javascript that is not self hosted but imported into websites
  • loading assets from third party websites on critical pages like a checkout-page is a big no-no
  • A full functioning skimmer can be bought on the darkweb with a shared revenue model so very low entry barriers for criminals
  • A lot of esp. smaller websites are still infected

Crowdstrike

  • 2019 crowdstrike identified 35.000 potential intrusions, in Q1 and Q2 2020 already 41.000
  • The most part of it, are conducted by cyber crime organisations followed by nation state actors
  • Panda, Bear, Kitten, Chollima, Tiger and Buffalo are code names for APTs

Env

  • Provided by Anomali
  • Supported by
  • Presenter:
    • Frank Lange (Anomali)
    • Fabian Libeau (RISKIQ)
    • Jörg Schauff (Crowdstrike)

Tags

threathunting, webinar takeaway


You may also like

Webinar takeaway – Applying The Threat Hunter’s Runbook

Webinar takeaway – Applying The Threat Hunter’s Runbook

Webinar takeaway – The Ins and Outs of RITA

Webinar takeaway – The Ins and Outs of RITA
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}