|| Security Operation Center (SOC) ||

📡SOC will become a single point of contact for cyber security incident reporting & coordination in the state.

📡SOC is a centralized location (s) where key IT systems of an organization are monitored, assessed and defended from 

cyber-attacks.

📡Why SOC is needed 🔐

SOC is needed:

👉For continuous prevention against malicious attack

👉Easy detection of threat

👉Response capabilities against real time incidents in the network

👉Incident response including coordination, resolution, recovery & subsequent prevention of attack.

👉Threat Intelligence which includes threat information aggregation, correlation and dissemination of actionable intelligence for its constituents

👉Security advisory services including advisories on threats in the software and hardware in use by the constituents to minimize impact due to existing and zero day vulnerabilities & exploits) and coordination with CERT-IN and other public and private entities

👉Coordination with CERT-IN and other public and private entities including OEMs

📡The SOC is a cross-functional virtual center providing situational awareness through the detection, containment, and remediation of IT threats. Overview of the processes involved are mentioned below: 

📡Security Operations Centre’s process involve collection of logs and events from multiple sources, analysing and correlating with internal and external infrastructure components and generating alerts providing insights of overall security posture. Particular response activities can include:

👉Infrastructure Security

👉Endpoint Protection

👉Internal Vulnerability Assessment & Penetration Test

👉Internal Threat Management Program

👉Data Protection & Classification

👉Tool Engineering and Deployment

BY,

RAJU MAHTO

CCIO-ISAC INDIA, CNSS (U.K), ISO/IEC 27001-ISA

|| Four plead guilty to providing ‘bulletproof’ hosting services for cybercriminals ||

Four people have pleaded guilty to providing ‘bulletproof’ hosting services used by cybercriminals to distribute malware and launch other cyber-attacks.

The individuals – Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia – maintained the services from 2008 to 2015, according to the US Department of Justice (DoJ).

In a statement issued on Friday (May 7), the DoJ detailed how the group allegedly rented out IP addresses, servers, and domains to cybercriminals enabling them to launch malware attacks, gain access to victims’ computers, form botnets, and steal banking credentials for use in frauds across the US.

Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, claims the DoJ, which “rampantly attacked” US-based companies and financial institutions between 2009 and 2015.

The DoJ also stated that the defendants helped criminals to evade detection by monitoring sites used to blocklist technical infrastructure used for crime, moving “flagged” content to new infrastructure, and registering all such infrastructure under false or stolen identities.

Stassi, Skorodumov, Skvortsov, and Grichishkin all pleaded guilty to one count of Racketeer Influenced Corrupt Organization (RICO) conspiracy.

All four defendants face a maximum prison sentence of 20 years.

Held to account

Acting assistant attorney general Nicholas McQuaid, of the Justice Department’s Criminal Division, commented: “The criminal organizations that purposefully aid these actors – the so-called bulletproof hosters, money launderers, purveyors of stolen identity information, and the like – are no less responsible for the harms these malware campaigns cause, and we are committed to holding them accountable.

“Prosecutions like this one increase the costs and risks to cybercriminals and ensure that they cannot evade responsibility for the enormous injuries they cause to victims.”

Safe haven

So-called bulletproof hosting services are known as a “safe haven” for criminal hackers since they can make it easier for malicious actors to conceal their wrongdoings and minimize the downtime of their cybercrime campaigns.

In recent years, authorities have looked to crack down on these operations which, among other services, provide illegal VPN networks.

The internet industry group i2Coalition also threw its weight behind a clampdown on illegal VPNs, calling for providers to adhere to a minimum standard of ethics.

Jessica Haworth, Journalist

BY,

RAJU MAHTO

CCIO-ISAC INDIA, CNSS (U.K), ISO/IEC 27001-ISA