SlideShare a Scribd company logo

AlienVault Open Threat Exchange: Threat Report

AlienVault
AlienVault

Tracking the Internet Explorer zero-day using the AlienVault Open Threat Exchange. AV-OTX enables the AV-USM to perform collaborative defense. Users of the platform can opt-in to this program to share anonymous information related to detected attack patterns and malicious actors. The AlienVault Labs research team refines this data and provides all participants a global reputation feed, sharing intelligence on who is attacking and how, in order to improve our defenses. Learn more: www.alienvault.com

Technology
1 of 14
Open Threat Exchange: Threat Report Internet Explorer Zero-Day Exploit
AlienVault Open Threat Exchange Quick Overview
Open Threat Exchange (OTX™) Allows for collaboration across the OSSIM open-source community to enhance threat assessment and response
OTX™ Contributors 77 Countries
Open Threat Exchange: Reputation Alert • One installation in the world’s largest SIEM deployment detects a new threat • AlienVault Labs reacts to the emerging threat and publishes new correlation rules • Every AlienVault SIEM installation receives the Threat Exchange update OTX facilitates secure collaboration to identify and protects against the emerging threats and prevent compromise. Providing threat the broadest based Reputation Feed in the world.
Collaborative Defense - Open Threat Exchange Social Threat sharing Global threat trending Allow analysts to share comments on I.P. Reputation / Attacks Malware extraction Malware behavioral id with post- correlation
Open Minds Exchange Centralized Open Threat Exchange Data & Threat Reports
Open Your Minds to Ours… http://alienvault.com/company/news/resource-center/open_minds_exchange.html
Open Minds Exchange: Threat Reports
Internet Explorer Zero-Day At-A-Glance Tracking of the Internet Explorer zero-day began on September 16, 2012 Security blogger Eric Romang broke the news that a new zero-day, very similar to the one we had seen earlier attacking Java, had been exploited in the wild Now… targeting Microsoft’s Internet Explorer. The #2 most pervasive web browser.
Specific Findings Took three days to uncover capabilities and roots of new threat. Most likely, same folks behind Java zero- day exploit (and PlugX RAT). Targets Versions 7 & 8 of IE as well as Windows XP Industry focus: seems to be targeting defense and industrial market segments
Tracking them down… Used OSINT – take the WHOIS mail address + source IP addresses to find fake domains registered by them These entries contain specific names of companies related with: US aircraft and weapons delivery systems US defense decoy countermeasures US aerospace and defense technology US supplier for repairs of tactical fighters Laboratory for energetic systems and materials UK defense contractor Also found a fake domain of a company that builds turbines and power sources used in applications including utilities and power plants. The official website of the company was also compromised and serving up the exploit to website visitors.
Key Takeaways Targeting specific industries is a new tactic for cybercriminals attempting to take advantage of common application vulnerabilities. Zero day exploits like the IE Zero-Day highlight the need for global security intelligence such as IP Reputation-based profiling, such as that offered by AlienVault's Open Threat Exchange (OTX). It’s essential to keep software up to date and implement responsive patch management procedures. Helps shrink the window of vulnerability once discovered However, defensive measures such as blocking the offending source IP addresses are essential as a first step.
Resources Visit AlienVault’s Open Minds Exchange. Download OSSIM or participate in the OSSIM Community. Learn more about AlienVault’s Unified Security Management platform. Follow us on twitter @alienvault

Recommended

Otx introduction sw
Otx introduction swOtx introduction sw
Otx introduction swAlienVault
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceAlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Jovenes en el mundo digital
Jovenes en el mundo digitalJovenes en el mundo digital
Jovenes en el mundo digitalRene Cotto Strems
 
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksHow to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksAlienVault
 
AlienVault Threat Alerts in Spiceworks
AlienVault Threat Alerts in SpiceworksAlienVault Threat Alerts in Spiceworks
AlienVault Threat Alerts in SpiceworksAlienVault
 
Worldwide User Group & Summit 2016 Highlights | Final day
Worldwide User Group & Summit 2016 Highlights | Final dayWorldwide User Group & Summit 2016 Highlights | Final day
Worldwide User Group & Summit 2016 Highlights | Final dayWeDo Technologies
 
Project Loon - Final PPT
Project Loon - Final PPTProject Loon - Final PPT
Project Loon - Final PPTShreya Chakrabarti
 

Recommended

Otx introduction sw
Otx introduction swOtx introduction sw
Otx introduction swAlienVault
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceAlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Jovenes en el mundo digital
Jovenes en el mundo digitalJovenes en el mundo digital
Jovenes en el mundo digitalRene Cotto Strems
 
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksHow to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksAlienVault
 
AlienVault Threat Alerts in Spiceworks
AlienVault Threat Alerts in SpiceworksAlienVault Threat Alerts in Spiceworks
AlienVault Threat Alerts in SpiceworksAlienVault
 
Worldwide User Group & Summit 2016 Highlights | Final day
Worldwide User Group & Summit 2016 Highlights | Final dayWorldwide User Group & Summit 2016 Highlights | Final day
Worldwide User Group & Summit 2016 Highlights | Final dayWeDo Technologies
 
Project Loon - Final PPT
Project Loon - Final PPTProject Loon - Final PPT
Project Loon - Final PPTShreya Chakrabarti
 
The Attackers Advantage
The Attackers AdvantageThe Attackers Advantage
The Attackers AdvantageShiv Shivakumar
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault
 
Aviation Analytics Presentation
Aviation Analytics PresentationAviation Analytics Presentation
Aviation Analytics PresentationJon Soars
 
G. amaya tema i ii y iii
G. amaya tema i ii y iiiG. amaya tema i ii y iii
G. amaya tema i ii y iiigilberto_amaya
 
Papa.fancisco añofe,32..la iglesia el templo
Papa.fancisco añofe,32..la iglesia el temploPapa.fancisco añofe,32..la iglesia el templo
Papa.fancisco añofe,32..la iglesia el temploemilioperucha
 
Folleto produccion documental
Folleto produccion documentalFolleto produccion documental
Folleto produccion documentalHostingyWeb
 
Catálogo bodegas Elfesu
Catálogo bodegas Elfesu Catálogo bodegas Elfesu
Catálogo bodegas Elfesu Elfesu Bodegas
 
.
..
.SCREAM of Rugby
 
Leopold Pilsbacher: Kinderlebensmittel sind sicher
Leopold Pilsbacher: Kinderlebensmittel sind sicherLeopold Pilsbacher: Kinderlebensmittel sind sicher
Leopold Pilsbacher: Kinderlebensmittel sind sicherAGES - Österreichische Agentur für Gesundheit und Ernährungssicherheit
 
Compliance Day 2015 iiR
Compliance Day 2015 iiR Compliance Day 2015 iiR
Compliance Day 2015 iiR Hernan Huwyler, MBA CPA
 
Techo verde
Techo verdeTecho verde
Techo verdeJimmy Usurin Canchari
 
Cte2014 15sesionmayo-150514010555-lva1-app6892
Cte2014 15sesionmayo-150514010555-lva1-app6892Cte2014 15sesionmayo-150514010555-lva1-app6892
Cte2014 15sesionmayo-150514010555-lva1-app6892Antonio Mendoza
 
11.expression of emerging novel tumor markers in oral squamous cell carcinoma...
11.expression of emerging novel tumor markers in oral squamous cell carcinoma...11.expression of emerging novel tumor markers in oral squamous cell carcinoma...
11.expression of emerging novel tumor markers in oral squamous cell carcinoma...Alexander Decker
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?AlienVault
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 

More Related Content

Viewers also liked

AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault
 
Aviation Analytics Presentation
Aviation Analytics PresentationAviation Analytics Presentation
Aviation Analytics PresentationJon Soars
 
G. amaya tema i ii y iii
G. amaya tema i ii y iiiG. amaya tema i ii y iii
G. amaya tema i ii y iiigilberto_amaya
 
Papa.fancisco añofe,32..la iglesia el templo
Papa.fancisco añofe,32..la iglesia el temploPapa.fancisco añofe,32..la iglesia el templo
Papa.fancisco añofe,32..la iglesia el temploemilioperucha
 
Folleto produccion documental
Folleto produccion documentalFolleto produccion documental
Folleto produccion documentalHostingyWeb
 
Catálogo bodegas Elfesu
Catálogo bodegas Elfesu Catálogo bodegas Elfesu
Catálogo bodegas Elfesu Elfesu Bodegas
 
Cte2014 15sesionmayo-150514010555-lva1-app6892
Cte2014 15sesionmayo-150514010555-lva1-app6892Cte2014 15sesionmayo-150514010555-lva1-app6892
Cte2014 15sesionmayo-150514010555-lva1-app6892Antonio Mendoza
 
11.expression of emerging novel tumor markers in oral squamous cell carcinoma...
11.expression of emerging novel tumor markers in oral squamous cell carcinoma...11.expression of emerging novel tumor markers in oral squamous cell carcinoma...
11.expression of emerging novel tumor markers in oral squamous cell carcinoma...Alexander Decker
 

Viewers also liked (13)

The Attackers Advantage
The Attackers AdvantageThe Attackers Advantage
The Attackers Advantage
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
 
Aviation Analytics Presentation
Aviation Analytics PresentationAviation Analytics Presentation
Aviation Analytics Presentation
 
G. amaya tema i ii y iii
G. amaya tema i ii y iiiG. amaya tema i ii y iii
G. amaya tema i ii y iii
 
Papa.fancisco añofe,32..la iglesia el templo
Papa.fancisco añofe,32..la iglesia el temploPapa.fancisco añofe,32..la iglesia el templo
Papa.fancisco añofe,32..la iglesia el templo
 
Folleto produccion documental
Folleto produccion documentalFolleto produccion documental
Folleto produccion documental
 
Catálogo bodegas Elfesu
Catálogo bodegas Elfesu Catálogo bodegas Elfesu
Catálogo bodegas Elfesu
 
.
..
.
 
Leopold Pilsbacher: Kinderlebensmittel sind sicher
Leopold Pilsbacher: Kinderlebensmittel sind sicherLeopold Pilsbacher: Kinderlebensmittel sind sicher
Leopold Pilsbacher: Kinderlebensmittel sind sicher
 
Compliance Day 2015 iiR
Compliance Day 2015 iiR Compliance Day 2015 iiR
Compliance Day 2015 iiR
 
Techo verde
Techo verdeTecho verde
Techo verde
 
Cte2014 15sesionmayo-150514010555-lva1-app6892
Cte2014 15sesionmayo-150514010555-lva1-app6892Cte2014 15sesionmayo-150514010555-lva1-app6892
Cte2014 15sesionmayo-150514010555-lva1-app6892
 
11.expression of emerging novel tumor markers in oral squamous cell carcinoma...
11.expression of emerging novel tumor markers in oral squamous cell carcinoma...11.expression of emerging novel tumor markers in oral squamous cell carcinoma...
11.expression of emerging novel tumor markers in oral squamous cell carcinoma...
 

More from AlienVault

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?AlienVault
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICAlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
 

More from AlienVault (20)

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 
Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
 

Recently uploaded

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

AlienVault Open Threat Exchange: Threat Report

  • 1. Open Threat Exchange: Threat Report Internet Explorer Zero-Day Exploit
  • 2. AlienVault Open Threat Exchange Quick Overview
  • 3. Open Threat Exchange (OTX™) Allows for collaboration across the OSSIM open-source community to enhance threat assessment and response
  • 5. Open Threat Exchange: Reputation Alert • One installation in the world’s largest SIEM deployment detects a new threat • AlienVault Labs reacts to the emerging threat and publishes new correlation rules • Every AlienVault SIEM installation receives the Threat Exchange update OTX facilitates secure collaboration to identify and protects against the emerging threats and prevent compromise. Providing threat the broadest based Reputation Feed in the world.
  • 6. Collaborative Defense - Open Threat Exchange Social Threat sharing Global threat trending Allow analysts to share comments on I.P. Reputation / Attacks Malware extraction Malware behavioral id with post- correlation
  • 7. Open Minds Exchange Centralized Open Threat Exchange Data & Threat Reports
  • 8. Open Your Minds to Ours… http://alienvault.com/company/news/resource-center/open_minds_exchange.html
  • 9. Open Minds Exchange: Threat Reports
  • 10. Internet Explorer Zero-Day At-A-Glance Tracking of the Internet Explorer zero-day began on September 16, 2012 Security blogger Eric Romang broke the news that a new zero-day, very similar to the one we had seen earlier attacking Java, had been exploited in the wild Now… targeting Microsoft’s Internet Explorer. The #2 most pervasive web browser.
  • 11. Specific Findings Took three days to uncover capabilities and roots of new threat. Most likely, same folks behind Java zero- day exploit (and PlugX RAT). Targets Versions 7 & 8 of IE as well as Windows XP Industry focus: seems to be targeting defense and industrial market segments
  • 12. Tracking them down… Used OSINT – take the WHOIS mail address + source IP addresses to find fake domains registered by them These entries contain specific names of companies related with: US aircraft and weapons delivery systems US defense decoy countermeasures US aerospace and defense technology US supplier for repairs of tactical fighters Laboratory for energetic systems and materials UK defense contractor Also found a fake domain of a company that builds turbines and power sources used in applications including utilities and power plants. The official website of the company was also compromised and serving up the exploit to website visitors.
  • 13. Key Takeaways Targeting specific industries is a new tactic for cybercriminals attempting to take advantage of common application vulnerabilities. Zero day exploits like the IE Zero-Day highlight the need for global security intelligence such as IP Reputation-based profiling, such as that offered by AlienVault's Open Threat Exchange (OTX). It’s essential to keep software up to date and implement responsive patch management procedures. Helps shrink the window of vulnerability once discovered However, defensive measures such as blocking the offending source IP addresses are essential as a first step.
  • 14. Resources Visit AlienVault’s Open Minds Exchange. Download OSSIM or participate in the OSSIM Community. Learn more about AlienVault’s Unified Security Management platform. Follow us on twitter @alienvault

Editor's Notes

  1. Crowd-sourced?Fool
  2. OSINT, we were able to use the WHOIS mail address and the IP addresses used by the attackers to find fake domains registered by them that contain specific names of companies related with:• US aircraft and weapons delivery systems • US defense decoy countermeasures • US aerospace and defense technology • US supplier for repairs of tactical fighters• Laboratory for energetic systems and materials• UK defense contractorWe also found a fake domain of a company that builds turbines and power sources used in several applications including utilities and power plants. We were able to check that the official website of the company was compromised as well and it was serving the Internet Explorer Zero-Day to the visitors.
  3. Key Takeaways• Targeting specific industries is a new tactic for cybercriminals attempting to take advantage of common application vulnerabilities.• Zero day exploits like the IExplorer Zero-Day highlight the need for global security intelligence such as IP Reputation-based profiling, such as that offered by AlienVault's Open Threat Exchange (OTX).