“Menschenkenntnis” and Cyber

SecurityThomas George

International Business Manager - cyscon GmbH

Who are Cyscon?• Founded 2001 by Thorsten Kraft

• Cyber Security Consulting

• Founding Member of Botfrei and ACDC Project.

• Official Partner of BSI - German Federal Office for Information Security

• 2010 - Conficker Takedown

• 2013 - Check & Secure - Private User Initiative

Working Relationshipscyscon works with a variety of partners in the IT

Security world. These include:

• Internet Service Providers, including Vodafone and 1&1 Telecom

• Banks, such as Deutsche Bank and Postbank

• Law enforcement, including FBI and Europol

• NGOs, including Stop.Think.Connect - Funded by the Department of Homeland Security

Knowing your Enemy

How cyscon gets its data.

Sinkholing

• 80 Million Events per day

• 42 Different Types of Malware recognised

Honeypots and Spam Traps

• 3.5 Million Spam Emails Per Day

• Honeypots installed on real systems by our customers

• 40,000 New Malicious URLs Each Day

Web Crawling

• Systems Continually Crawling the Web

• 16 Different Settings - Chilled to Paranoia

• Analysing Behaviour and AV Detection

The Data Toilet• Gathering Data since 2006

• Enriching Data with Meta Data

• More than 20,000 Sensors

• More than 50 Partners

• WHOIS, SSH HOSTKEY, DNS details, etc.

What goes in?

Where Does it All Go?• Data is sent to ISPs

• AND / OR

• Anonymised and Sent to Law Enforcement, Research or Industry

Internet Service Providers

Sensor

Sensor

Concentrator

ConcentratorSensor

SensorSensor

SensorSensor

Sensor

Anonymisation

Law Enforcement Agencies

Research

Industry

Detection Supporting

Flushing the Toilet

• Okay…we have the data.

• Let’s Make Some Money!

Menschenkenntnis in Business

Wer keine Menschenkenntnis hat, hat als Kaufmann bereits verloren

Flexibility

• Knowing what customers want

• Using trust and Existing Relationships

• Knowing when to work for free

BanksIts All About the Money

What is Hurting?

• Losing Money

• Losing More Money

• Losing Even More Money

• Losing Reputation

How do Banks (and their customers) lose money?

• Redirection of Payment

• Identity Theft through Trojan Infection

• Direct Phishing Scams

Technical Overview - Banking Services

Threat Detection, Mitigation, Prevention

Malware Detection• Identification of infected customers

• More than 40 Trojan Families - 4000 events per second.

• JSON Format - Easy to implement and process

• Can be combined with sales of Malware Deletion Product.

Malicious Traffic Mitigation

• Access to C-SIRT Database and Cyber Threat Detection Cloud

• Database fed by Worldwide sensors of Malicious Traffic

• Eliminates Cyber Attacks against banking platforms.

Brand Protection• Fully automated takedown service

• Detection, Blocking, Blacklisting

• Normal process time, 2 hours

• Excellent contacts to ISPs for quick takedowns

Menschenkenntnis in the Community

“Love thy Neighbour”

Two Sides of the Story

• How much can experts do without end users?

• GameOver Zeus Takedown - Pointless?

• “Slipping through the net”

The Cyber Vaccination

• Appears as analysis system from AV industry.

• Protection against MITB attacks and identity theft.

• Works on 10 different browsers.

• Free to use - One time installation.

• Attack interception - Malicious code cannot be executed.

• “Panic Switch” when intruder is detected.

HitmanPro: A Second Opinion Scanner

• Behavioural analysis - not signature based.

• 10MB file, can boot from USB.

• Complement to existing AV programs

• 30 Day free trial for emergency cases.

Case Study:Cyber Alliance of

Switzerland

How can the “Check & Secure” Technology be Implemented by Banks?

Concept and Goals• Making Switzerland into the “Cleanest

Internet Country in the World

• Identification and Help for Infected End Users

• Support for the deletion of malware and securing of end user systems with Check & Secure and End User Products.

Realisation• Banking Partners: Credit Suisse, Raffeisen,

Postfinance and UBS.

• Internet Service Partners: Swisscom, Sunrise, UPC

• Creation of a shared Malware database.

• Planned Launch 1.8.2014.

Thank you for Listening• tgeorge@cyscon.de

• +491733853804