Beruflich Dokumente
Kultur Dokumente
Christian Fichera
Senior Cyber Security Consultant @ wizlynx group
10+ years’ experience in secure web application development
Penetration Testing & Secure code review specialist
Web and Mobile application security assessments
Project manager
Basel, Switzerland
© 2017
About wizlynx group
HQ in Switzerland, global presence
exclusive partner for Switzerland Numerous credentials and extensive experience in:
• Pharmaceutical, banking, insurance, telecom, nutrition, and IT industries
© 2017
wizlynx Services Portfolio
wizlynx InfoSec Consulting
wizlynx Security As a Policy & Controls
Service •
•
Identification of threat profile of the organization
Plan and organize ISMS
Operate and Maintain
• 7/24 Monitoring of Security Infrastructure
•
•
Develop security architectures at organizational level
Definition of applicable Security Controls for the ISMS domains
• Analyze of security events from the various sources
• Depending on SLA: up to full management of Security
Events
• Forensic analysis support in case of security breaches
• Incident Handling
• Cyber Threat Intelligence
Security
Managemen wizlynx Design & Integration
t Design & Architecture
Lifecycle • Design & Architecture of Security Infrastructures
• Develop security architectures at an application,
wizlynx IT-Risk Assessments network and component level
• Identify solutions per architecture level
Threat/Risk Management • Pro-active reduction of vulnerabilities to reduce
the impact of possible threads
• Assessment of thread severities
• Prioritization of remediation efforts
• Managing IT-Risk on
wizlynx Security
Assessments
Assess
• Accurate identification of systems
• Accurate identification of vulnerabilities application,
© 2017 network and component level
THE DARK WEB
© 2017
The Web’s Layers
SURFACE WEB
vast, exposed, easy access
DEEP WEB
partly visible, mostly hidden, requires
special access with authentication
DARK WEB
hidden, difficult to find, need specific
access technologies
© 2017
Dark Web: a Distributed Anonymization Network
Technology
© 2017
History of the Deep/Dark Web
.
Weapon Prescription
s Drugs Drugs
© 2017
Hitman for Hire
examples
© 2017
Weapons
examples
© 2017
And more
examples
© 2017
Underground Forums
© 2017
Hacker For Hire
examples
© 2017
DARK WEB AND CYBER SECURITY ?
© 2017
Direct Threats from Dark Web?
A new channel for old attacks
© 2017
Attacks from Dark Web
How is the Dark Web used by Hacker
© 2017
NEW AGE OF CYBER SECURITY
LEVERAGING WEB(S) INTELLIGENCE
© 2017
New Age of Cyber Security
© 2017
wizlynx CTI (Cyber Threat Intelligence) powered by
© 2017
Sources
© 2017
wizlynx CTI (Cyber Threat Intelligence) powered by
High level features
Provides an organization with 5 unique capabilities – allowing to perform the following actions on cyber
threat intelligence
Available as
SaaS
full Managed Security Service
[*] YARA = open source tool with
Perl-compatible Expressions, used to
examine suspected files/directories
and match strings.
© 2017
wizlynx CTI (Cyber Threat Intelligence) powered by
Features
wizlynx CTI is divided into distinct yet at the same time integrated modules allowing companies to choose
to specific modules that suits their business needs.
Botnet and Command & Control Hacktivism
• Detect infections in critical servers, VIP users, and clients • Live threat data, which can be streamed into SIEM
• Protect by recovering stolen user IDs and passwords • Early warning of information and credentials theft or leaks
• Proactive, realtime awareness of crime servers, track and block • Vulnerability analysis specific to applied technology
• Hacktivism global overview, including active operations/geo location
Targeted Malware
• Track malware & mobile malware trends to detect targeted malware. Data leakage
• Connect internal network analysis appliances to send malicious • Detecting information leaks from third parties, such as
binaries for analysis into a cloud-based elastic sandbox outsourcing, consultants, audit, and other partners
• Early warnings of information theft or leaks due to a malware attack • Delivering a list of documents w/ information organization
• Gather “classified” documents/information publicly available
DEMO ! PHOTOS
NO
VIDEOS
ALLOWED
© 2017
Summary
Consistent blocking of attacks
and remove vulnerabilities "Knowledge is
Interrupt malware and Power”
exploits
(Sir Francis Bacon, 1597, English
Discover and protect philosopher, statesman, scientist)
endpoints
PREVENT
© 2017
Danke. Andreas Crisante
Senior Cyber Threat Intelligence Advisor
谢谢. Wizlynx AG
© 2017
BACKUP SLIDES
© 2017
Botnet Module Capabilities
Provides a high quality feed of compromised credentials
Recovered credentials can belong to customers
Recovered credentials can belong to internal users
Recovered credentials can belong to 3rd party suppliers
Recovered credentials can belong to VIP’s
Our platform is the only platform to provide a stream of credentials recovered from a diverse range of
sources
The data provided is current and will give an organization actionable intelligence
If such a service was not in place, such credentials could be used to launch APT related attacks
© 2017
Credit Card Theft Module Capabilities
Provides a high quality feed of compromised credit cards
Recovered card details are time stamped
Corporate Cards and those belonging to VIP’s can be monitored in addition to retail & business
customers
Detailed MI to track card compromises by region
The only platform to provide a stream of card data recovered from a diverse range of underground
sources & POS compromises
The data provided can be fed via API directly into any middleware fraud engines deployed to provide
card blocking functionality in real time
Any entity involved in use of credit cards will see an immediate return on investment with higher rate
of compromised card detection
© 2017
Data Leakage Module Capabilities
Searches for documents and confidential information that belongs to your organization but should not
be publicly available
This solution complements existing controls as it can identify leaks that have for one reason or
another bypassed existing controls such as DLP systems
Example of sources being monitored in real time includes, but are not limited to: P2P Networks,
Google Docs, DropBox, …etc
© 2017
Rogue Mobile App Module Capabilities
Detect illegal mobile applications that are being publicly published without your Organization's
authorization
We provide a real-time feed with following types of data:
Official Mobile App Markets
Alternative Mobile App Markets
© 2017
Hacktivism Module Capabilities
Provides a high quality stream of cyber intelligence related to Hacktivism activity targeting your
organization
Identify groups and malicious actors targeting your organization
Early warning of planned attacks
Track and preserve information from across all forms of social media including Twitter, RSS , and
underground forums
Wizlynx platform is the only platform to provide and track detailed information across a diverse range
of social media
The platform can preserve the information captured from social media allowing for a detailed forensic
investigation at a later time
Take the information captured and feed directly into your SIEM solution
© 2017
Targeted Malware Module Capabilities
Checks in real-time against emerging campaigns and known new malicious websites that are being
detected across organizations
Upload suspicious files into our solution’s for real time analysis and a complete technical report is
generated which can be viewed online. This report can be used to fingerprint the malware and aid in
the identification of infected devices on the corporate network
Static code analysis looking for suspicious behavior, obfuscated scripts, malicious code snippets, and
redirects to other malicious sites.
Dynamic analysis that sandboxes the destination, simulating a real user on a machine with a goal of
observing any changes made to the system.
© 2017
Phishing Module Capabilities
Phishing websites can cost enterprises enormously. Without robust protection, a well coordinated
attack can leave the enterprise vulnerable to:
Financial losses
Reputation damages
Phishing feed can be stand alone or fed into an existing service to enhance detection capabilities
Ability to store and view snapshot of Phishing Site and Meta data for use during investigations
Real time alerting and reports of fraudulent Phishing URLs
© 2017
Brand Abuse Module Capabilities
Detect abuse and misuse of your brand.
Prevents coordinated real-word attacks and brand dilution. Keeping abreast of brand-related issues in
community networks is now a crucial part of any brand protection strategy. Left unchecked, many
brand-related issues that start small in these social networks can quickly explode into full fledged brand
or public relation catastrophes in matter of days.
Example of sources monitored in real time includes but are not limited to: Vimeo, YouTube, Search
Engines, Google Images, Social networks
The unique stream of targeted brand abuse that is delivered will help to:
Aid legal and marketing teams to quickly move against malicious use of brand
Brand dilution and devaluation: examples include unauthorized use of brands, logos claiming
partnership affiliation or other endorsements, or on sites with objectionable content
© 2017