Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Quarterly Report

No description
by

Faham Usman

on 15 January 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Quarterly Report

Information Security
Quarter 1 Report
Awareness Campaign
aeCERT
Salim (aeCERT)
@salim_aecert
For more information
www.aecert.ae
info@aecert.ae
Questions
aeCERT provides Vulnerability Assessment and Penetration Testing service for its constituent’s IT infrastructure and generates reports listing the vulnerabilities found and the recommendations to overcome any future exploitation to the disovered vulnerabilities.
Security Assurance
Intelligence Services
aeCERT provides incident handling to support selected constituents. This service includes information and evidence gathering to internationally acceptable evidentiary standards.
Incident Response
Attendees
The graph below displays the top vulnerabilities detected during vulnerability assessment & penetration testing exercises.
Top Detected Vulnerabilities
Attack sources captured by UAE Honeynet
Following map shows sources of attacks towards UAE’s internet space captured by UAE Honeynet.
Following is a breakdown of top malware infections in UAE’s internet space captured by UAE Honeynet.
The objective of aeCERT’s Honeynet is to analyze attacks targeting the UAE cyber infrastructure. With the use of Honeynets, our team gathers and studies different sources of infection, purpose, and attack methodologies.
UAE Honeynet Analysis
Following map shows distribution of malware infections in UAE’s internet space captured through various threat intelligence sources.
Infection Per Emirate
aeCERT gathers information about vulnerabilities and attacks through various sources such as threat intelligence data, honeynet and sensors, to enable the provision of early warning and notification of threats, vulnerabilities and exploits to eligible constituents.
aeCERT provides support and advice during remediation and recovery from security incidents. Following is a breakdown of incidents grouped by categories that aeCERT team handled and responded.
Top Incidents
Following is a breakdown of incidents grouped by impact that aeCERT team handled and responded at various and constituents sectors.
Impact of Incidents
Following is a breakdown of incidents grouped by types that aeCERT team handled and responded at various and constituents sectors.
ATTACK VECTORS
The workshops under the information security awareness campaign cover a wide range of topics. The graph below displays the number of sessions conducted for each topic.

Sessions Breakdown
The graph below showcases the industry verticals where our team performed VA & PT exercises.

The graph below showcases the industry verticals where our team performed VA & PT exercises.
(Category: Trojan) Serves as a backdoor which can be controlled remotely.
(Category: Trojan) Trojan designed specifically to steal information such as banking details, system information and online credentials.
(Category: Virus) A file infecting viruse that spreads by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable or discoverable drive.

“Command and Control” (C&C) servers are centralized machines that are able to send commands and receive outputs of machines part of a botnet. Anytime attackers who wish to launch an attack can send special commands to their botnet’s C&C servers with instructions to perform an attack on a particular target, and any infected machines communicating with the contacted C&C server will comply by launching a coordinated attack.
Top Countries with Command and Control (C&C)
Top Disseminated Alerts
aeCERT provides proactive services in the form of preliminary alerts and advisories to constituents to improve their infrastructure and related security processes before any incident or event occurs or is detected. The following graph shows the information about alerts and advisories, grouped by incident type.
aeCERT relies on data, gathered from its constituents and other sources to develop actionable intelligence from the analysis of threat, incident and vulnerability data. This information enables aeCERT to deliver short-term, reactive information, as well as recommendations that pertain to longer-term security issues.
Threat Intelligence
Security Awareness Programs – Demographics
aeCERT conducts number of workshops under the advisory, education and awareness services. These workshops emphasizes on aeCERT role in spreading information security awareness across the corporate level and the role of the employees in protecting their organization.
Advisory, Education and Awareness
(Category: Trojan) A sophisticated downloader trojan sent as an attachment in email with an aim to download and install malicious software.

Category: Trojan) A Trojan horse that uses an advanced rootkit to hide itself. It can also create a hidden file system, downloads more malware, and opens a back door on the compromised computer.
Following is a breakdown of top malware infections in UAE’s internet space captured through various threat intelligence sources.
Malware Analysis
Industry Vertical
aeCERT conducts workshops at various industry verticals. Breakdown of top 3 is shown below.
Here is a breakdown of the audience from various industry sectors where workshops were conducted.

Audience
Top malware Infections
ZeroAccess:
pushdo:
Glupteba:
Sality_Virus:
Zeus:
Malware infections captured by UAE Honeynet
Industry verticals assessed
Vulnerabilities Criticality Breakdown
Full transcript