Webinar takeaway: Deutsches Cyber Threat Briefing mit Anomali, RiskIQ und CrowdStrike

My key takeaways

Anomali

• it takes up to 200+ days on average before a breach might be detected
• one challenge in many SOCs is to find relevant information in a growing "data lake"; this is where tools are needed
• wannacry example: blocking the kill switch domain as suspicious would have helped the worm spread; getting the information about the purpose of this domain as fast as possible was mission critical
• cross combining information from different sources and perspectives may increase the amount of data, but also make the neccesary data available to detect threads and breaches earlier

RISKIQ

• Skimmer are collecting credit card data online like their equivalent in RL on ATMs
• A common way to place them, is infiltrating javascript that is not self hosted but imported into websites
• loading assets from third party websites on critical pages like a checkout-page is a big no-no
• A full functioning skimmer can be bought on the darkweb with a shared revenue model so very low entry barriers for criminals
• A lot of esp. smaller websites are still infected

Crowdstrike

• 2019 crowdstrike identified 35.000 potential intrusions, in Q1 and Q2 2020 already 41.000
• The most part of it, are conducted by cyber crime organisations followed by nation state actors
• Panda, Bear, Kitten, Chollima, Tiger and Buffalo are code names for APTs

Env

• Provided by Anomali
• Supported by
  • RISKIQ
  • Crowdstrike
• Presenter:
  • Frank Lange (Anomali)
  • Fabian Libeau (RISKIQ)
  • Jörg Schauff (Crowdstrike)