CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150...
Transcript of CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150...
![Page 1: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/1.jpg)
www.dea.gov.ge
CERT-GOV-GE Activities & Services
Tbilisi, Georgia 2014
CERT-GOV-GE Manager David Kvatadze
![Page 2: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/2.jpg)
CERT-GOV-GE - Structural unit was formed within the Information Security and Policy
division of LEPL Data Exchange Agency under the Ministry of Justice of Georgia, which
processes, analyses and solves information security incidents.
![Page 3: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/3.jpg)
CERT-GOV-GE Constituency
CERT-GOV-GE
Critical Information
systems subject Banks
Internet service
providers
International CERT’s
Govt. Sector
Pvt. Sector
Hosting Providers
Military Secret
![Page 4: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/4.jpg)
CERT-GOV-GE Services
Services: IP address monitoring service portal; Incident Handling; Penetration test Netflow Sensors (Nfdump & Nfsen); Web-Site Intrusion Detection (Threat Factor); Blacklist sevice; Safe DNS Georgia; Training on Cyber Incident Handling; Check My IP;
Other activities: Georgian Information Security Forum (Abuse Forum); Information Security Awareness:
![Page 5: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/5.jpg)
CERT-GOV-GE
We are members of the following organizations:
The Cyber security Executing Arm Of The UNITED NATIONS SPECIALISED AGENCY of The International Telecommunication Union (ITU)
We are full member of FIRST. FIRST is the Forum of Incident
Response and Security Teams.
The Trusted Introducer - a.k.a. TI - is the trusted backbone of the
Security and Incident Response Team community in Europe.
CERT-GOV-GE is Autorized To Use CERT Trademark.
![Page 6: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/6.jpg)
CERT-GOV-GE
Certifications:
All Our Team members are Certified by SANS GIAC.
Plans:
All Our Team members have plan to pass SANS GSNA exam.
![Page 7: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/7.jpg)
Plans for the 2015 year :
CERT.gov.ge is planning to become a member of European Government CERTs (EGC) group.
CERT.gov.ge is planning to become a certified member of Trusted Introducer.
It is also planned to become a member of APCERT.
![Page 8: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/8.jpg)
CERT-GOV-GE (Computer Emergency Response Team)
Our Partners:
www.arbornetworks.com
www.impact-alliance.org www.trusted-introducer.org www.nato.int
www.shadowserver.org www.team-cymru.org www.arakis.pl
www.eset.com www.symantec.com www.microsoft.com
http://www.cert.pl/
CERT-EE www.cert.ee/
www.cert.at www.quarantainenet.nl
![Page 9: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/9.jpg)
Infected 10 000 IP Addresses
Infected 20 000 IP Addresses
Infected 500 IP Addresses
Infected 1 500 IP Addresses
15-20 Phishings 25-30 Deface Web-Sites 15-20 Malware Sites
Infected 100 IP Addresses
![Page 10: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/10.jpg)
http://thehackernews.com/2012/03/albania-is-most-malware-infected-nation.html
![Page 11: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/11.jpg)
IP address monitoring portal
CERT-GOV-GE Services
![Page 12: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/12.jpg)
IP address monitoring portal
CERT-GOV-GE Services
![Page 13: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/13.jpg)
IP address monitoring portal
CERT-GOV-GE Services
![Page 14: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/14.jpg)
IP address monitoring portal
CERT-GOV-GE Services
![Page 15: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/15.jpg)
IP address monitoring portal
CERT-GOV-GE Services
![Page 16: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/16.jpg)
IP address monitoring portal
CERT-GOV-GE Services
12 Million Infected IP,s 200 thousand unique IP’s
![Page 17: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/17.jpg)
Check My IP
Your IP address is: 146.255.225.150
Infection type: ZeuS
Detailed Information
![Page 18: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/18.jpg)
Check My IP
• Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan horse that steals banking
information by Man-in-the-browser keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek.
• Command & Control: 89.232.125.112 • Date: 27 მაისი 2013 11:23:15 PM
![Page 19: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/19.jpg)
Check My IP
Your IP address is: 146.255.225.150
Infection type: not found
![Page 21: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/21.jpg)
Penetration test
CERT-GOV-GE Services
Top 10 commercial tools
![Page 22: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/22.jpg)
NetFlow Sensors (NfDump & NfSen)
CERT-GOV-GE Services
Analyze NetFlow Data For Security.
Detects: • SSH Brute Force Attacks. • Botnets. • dDoS Attacks.
![Page 23: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/23.jpg)
Website Intrusion Detection (ThreatFactor)
CERT-GOV-GE Services
Open Source Project.
Monitors Web Pages for Intrusions (Exploits, Hacker
Signatures, Information Leakage).
Custom Rule Based Detection.
![Page 24: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/24.jpg)
Blacklist Service
CERT-GOV-GE Services
IP and Domain blacklist.
Different formats for different software. Available for Organization's. http://blacklists.cert.gov.ge
![Page 25: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/25.jpg)
Safe DNS Georgia
CERT-GOV-GE Services
Integrated with Collective Intelligence Framework. Blocks malware domains and redirecting to warning page. First DNSSEC Enabled Resolver In Georgia.
5.159.16.16 5.159.20.20
![Page 26: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/26.jpg)
Training on Cyber Incident Handling
CERT.GOV.GE Services
![Page 27: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/27.jpg)
NATO SPS Programme
Afghanistan Moldova Macedonia Montenegro
Azerbaijan
Cyber Defence Training for IT Professionals
![Page 28: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/28.jpg)
Georgian Information Security Forum (Abuse Forum)
CERT-GOV-GE other activities
![Page 29: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/29.jpg)
2014 FIRST
Regional Symposium
Tbilisi, Georgia October 13-16, 2014
![Page 30: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/30.jpg)
24 September,2014
![Page 31: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/31.jpg)
Georgian Information Security Forum (Abuse Forum)
CERT-GOV-GE other activities
![Page 32: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/32.jpg)
Georgian Information Security Forum (Abuse Forum)
CERT-GOV-GE other activities
Red Team • CERT-GOV-GE • COMCERT.pl
![Page 33: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/33.jpg)
Georgian Information Security Forum (Abuse Forum)
CERT-GOV-GE other activities
Red Team • CERT-GOV-GE • COMCERT.pl
Blue Team • Education Management Information System • National Public Registry • Ministry of Labour Health and Social Affairs of Georgia • MagtiCom • Bank of Georgia • Georgian Research and Educational Network Association Grena • Ministry of Internal Affairs • National Bank of Georgia • Cyber Security Bureau • Smart Logic • state chancelary • Geocell • VTB Bank • Ministry of Finance of Georgia • Public Service Development Agency • Free University of Tbilisi
![Page 34: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/34.jpg)
Information Security Awareness:
![Page 35: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/35.jpg)
www.facebook.com/certgovge
![Page 36: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/36.jpg)
• We are receiving and analyzing information about 20000 infected Georgian IP addresses from our international partner organizations on a daily basis. • We shut down approximately 20 phishing sites that are located in Georgian web space on monthly basis. • Hackers deface approximately 25 sites in Georgian cyber space on monthly basis. • We receive information about 35 infected web sites which are located in Georgian web space on monthly basis.
![Page 37: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/37.jpg)
0
20
40
60
80
100
120
20112012
20132014
GOV.GE
GOV.GE
![Page 38: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/38.jpg)
E-mail: [email protected] Tel: +995 32 291 51 40 Fax: +995 32 291 51 40 Web-page: www.cert.gov.ge www.facebook.com/certgovge
![Page 39: CERT-GOV-GE Activities & Services - FIRST · Check My IP • Your IP address is: 146.255.225.150 • Infection type: ZeuS • Short description of infection type: Zeus is a Trojan](https://reader033.fdocuments.net/reader033/viewer/2022042812/5fb0eafeda170435820d1f1d/html5/thumbnails/39.jpg)
saqarTvelo, Tbilisi 0102,
wminda nikolozos/n. CxeiZis 2
Mtel.: (+995 32)14 39 81
www.dea.gov.ge
www.cert.gov.ge
www.e-government.ge
Thank You!
Questions?