![Page 1: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/1.jpg)
1
FIRST TC / TF-CSIRT Las Palmas, January 27th 2015
Javier Berciano
INTECO-CERT team update
![Page 2: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/2.jpg)
2
INTECO INCIBE
![Page 3: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/3.jpg)
3
Coordination SETSI-SES
SETSI-SESagreement
CRITICAL INFRAESTRUCTURE
PROTECTION
FIGHT AGAINST CYBERCRIME AND CYBERTERRORISM
AWARENESS AND TRAINING
![Page 4: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/4.jpg)
4
INTECO-CERT CERTSI
+
![Page 5: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/5.jpg)
5
Services
Incidenthandling
Proactivedetection
Earlywarning
CyberExercises
Awarenessraising
Enterprises and [email protected]
Critical [email protected]
24x7x365
![Page 6: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/6.jpg)
6
Services
Incidenthandling
Proactivedetection
Earlywarning
CyberExercises
Awarenessraising
MICS
C&C
SPAM
Samples
FastFlux
Open Resolver
Threats
URLs
bots
![Page 7: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/7.jpg)
7
Services
0day vulnerabilities reports
General software
SCADA software
Incidenthandling
Proactivedetection
Earlywarning
CyberExercises
Awarenessraising
![Page 8: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/8.jpg)
8
Services
Design: APT behaviour scenario with 3 phases
• Phase 1: Social engineering
• Phase 2: Internal pentest
• Phase 3: Incident handling scenario
15 critical infrastructures operators involved
Incidenthandling
Proactivedetection
Earlywarning
CyberExercises
Awarenessraising
![Page 9: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/9.jpg)
9
Services
Learn for protect
OSINT reports
Cheatsheets
Best practices
Incidenthandling
Proactivedetection
Earlywarning
CyberExercises
Awarenessraising
![Page 10: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/10.jpg)
10
AntiBotnet service
Facts:
5,8 millions botnet related evidences daily
Close to 74.000 unique Spanish IP addresses infected
Information from 570 sinkholes with 83 different botnets
![Page 11: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/11.jpg)
11
Goals:
Botnet mitigation and disinfection
Realtime IP check service
End user reporting
AntiBotnet service
![Page 12: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/12.jpg)
12
Analysis and information processing
End-user identification and
notifications generation
Feed (bots)
CyberSecurity Intelligence Engine
BOTNET EVIDENCES DATABASE
TRUSTED SOURCES
DETECTION
Analysis of Threats
Metrics
END USER
ANTIBOTNET SERVICE URL + Botnet Ticket
Threat Information and disinfection Tools
Awareness and Prevention
AntiBotnet service
![Page 13: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/13.jpg)
13
Online IP check
AntiBotnet service
![Page 14: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/14.jpg)
14
Chrome extension
AntiBotnet service
![Page 15: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/15.jpg)
15
Detailed information about threat
AntiBotnet service
Disinfection tools (AV cleaners)
![Page 16: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/16.jpg)
16
GFzo
torpig
28/10/14
xxx
1.1.1
AntiBotnet service
![Page 17: INTECO-CERT team update - FIRST · Samples FastFlux Open Resolver Threats URLs bots. 7 Services 0day vulnerabilities reports General software SCADA software Incident handling Proactive](https://reader035.vdocument.in/reader035/viewer/2022071012/5fca9f8aa67bcd62ed6a37f8/html5/thumbnails/17.jpg)
17
AntiBotnet service