Hi [[ session.user.profile.firstName ]]

Game Over for Gameover Zeus: Disrupting a Global Cybercriminal Operation

On June 2, 2014, Operation Tovar was announced, a multi-national initiative to disrupt the Gameover Zeus botnet and seize infrastructure supporting Cryptolocker ransomware. This initiative was, in part aided by security experts from the Dell SecureWorks Counter Threat Unit (CTU). Gameover Zeus and Cryptolocker were part of a larger cybercriminal ecosystem representative of threats faced by many organizations today.

During this interactive webcast, Ben Feinstein, Director of CTU Operations and Development, will discuss details of the adversary’s operations and tradecraft behind Gameover Zeus and Operation Tovar. Ben will also share clear guidance on how to defend against similar threats in the future. As a result, security professionals can draw lessons on how to better defend against and respond to this broader class of threats. The webcast will answer key questions such as:

- How did the Gameover Zeus botnet operate and deliver its malware payloads to thousands of systems worldwide?
- How was the Gameover Zeus threat group monetizing their botnet?
- What was Operation Tovar and how did it work?
- Why do these threats matter to your organization?
- What concrete actions should your organization be taking to address this class of threats?
Recorded Jul 31 2014 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ben Feinstein, Dell SecureWorks Director of Counter Threat Unit (CTU) Operations & Development
Presentation preview: Game Over for Gameover Zeus: Disrupting a Global Cybercriminal Operation

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The PowerShell Risk: Understanding and Avoiding PowerShell Attacks May 23 2017 6:00 pm UTC 60 mins
    Lee Lawson, Special Operation Resercher, SecureWorks Counter Threat Unit
    In a recent SecureWorks engagement, 98.5% of the 3,477 commands executed by threat actors were native to the Windows operating system.

    PowerShell is a popular tool that Microsoft has been including with the Windows OS since 2009, but malicious PowerShell use is rivaling ransomware in popularity with threat actors. Security products focused on preventing endpoint threats are often not enough to differentiate legitimate from malicious PowerShell use. Join us for a discussion of why PowerShell is so risky, how SecureWorks researchers identify PowerShell threats, and how you can defend your organization.

    SecureWorks Counter Threat Unit - Special Operations Researcher, Lee Lawson, will discuss how security leaders and practitioners can leverage his experience to reduce the risk and understand how to defend against PowerShell threats in your organizations.

    You Will Learn:
    • What PowerShell is and how it is used in “living off the land” attacks
    • Why built-in tools like PowerShell are so attractive to threat actors
    • Examples of malicious PowerShell use
    • How to defend your organization against common methods to evade prevention and detection
  • Modernizing Security Operations: Preparing to Better Secure Your Organization May 2 2017 6:00 pm UTC 60 mins
    Travis Wiggins, Principal Cyber Security Operations Consultant, SecureWorks
    According to a recent SANS report, more than 60 percent of large-company CISOs brief the board at least annually and by the end of 2018, 70 percent of all boards will require CISOs to brief them quarterly.^

    Deciding to what degree your security operations should be in-house vs outsourced is a major decision with significant cost and resource ramifications. Currently organizations globally face persistent security challenges, which collectively require people, process, technology, and strategy to address. This collection of challenges are further complicated by evolving business needs; expanding toolsets and platform options; and staffing retention and attrition. Join us to learn how a modern approach to security operations can help address these challenges.

    SecureWorks Principal Cyber Security Operations Consultant and former Security Operations Center (SOC) manager, Travis Wiggins, will discuss how security leaders and practitioners can leverage his experience to more clearly define the requirements and make informed decisions about protecting your organization.

    You Will Learn:
    • Why making the right security operations decisions is critical to reduce business risk
    • What to consider when planning a SOC and how to position the plan to leaders
    • How to address talent retention, accountability, and scalability
    • Why strategy and proper tools are key components in a successful SOC implementation

    ^ Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017 - https://www.sans.org/reading-room/whitepapers/analyst/cyber-security-trends-aiming-target-increase-security-2017-37702
  • New York’s New Cybersecurity Regulations: Explained! Apr 27 2017 6:00 pm UTC 60 mins
    Mihir Mistry, Senior Security Manager
    The nation's first state-mandated cybersecurity regulations regarding banking and financial services companies went into effect in New York state on March 1st. However, many businesses subject to the regulations are asking, what are these rules and how will they affect my business operations.

    SecureWorks invites you to join us on April 27th for a webcast designed to help you understand these new mandates and develop an approach to ensure that your organization has a mature and effective security program in place that will not only help you achieve compliance but will improve your overall information security posture.

    What you will learn:
    • Which entities are covered by the mandate and what type of data needs protecting.
    • The five core elements needed to establish a comprehensive cybersecurity program.
    • Critical questions you should be asking your security program partner.
  • 2017 Ransomware Defense Survey Report: The Enterprise Strikes Back Recorded: Apr 18 2017 42 mins
    Keith Jarvis, Senior Security Researcher
    Fifty-two percent of security leaders rate their organizations at above average or superior when it comes to detecting or blocking ransomware before it locks or encrypts data in their systems. Yet, 36 percent also say their organizations were victims of ransomware in the past year. And 57 percent say they are more likely to be a ransomware target in 2017.

    These are among the results of the 2017 Ransomware Defense Survey. Aimed at determining the true impact of ransomware on organizations across industries, the survey uncovers some stark contrasts.

    ISMG Vice President of Editorial, Tom Field and SecureWorks Senior Security Researcher, Keith Jarvis, will analyze the Ransomware Defense Survey results and will discuss how security leaders can put these findings to work in their organizations.

    You Will Learn About:
    • The true impact of ransomware on organizations across industries
    • What works and doesn't work when it comes to detecting and remediating ransomware
    • Key investments enterprises are making in 2017 to shore up their ransomware defenses
    • How to prevent and detect ransomware before it takes root and cripples your operations
  • 2017 Cybersecurity Threat Insights Report for Leaders Recorded: Feb 23 2017 63 mins
    Chris Yule, David Puzas
    In our "2017 Cybersecurity Threat Insights Report for Leaders" report, we shared several key findings and observations from our client engagements and about the security industry. This webcast covers our findings and observations but will also provide you with clear direction on where you need to focus your resources to evoke positive action in your security program.

    During this webcast one of our lead Counter Threat Unit™ researchers, Chris Yule, who helped develop the report, gives his perspective, observations and guidance through responses to a series of questions led by our Product Marketing Director, David Puzas.

    You Will Learn About:
    • Our observations from our engagements and findings
    • How you need to rethink core security processes and operations
    • Whether the current nature and behaviors of the threat are evolving or staying constant
    • What the common attack vectors are and how to protect your organization against the fundamentals of cyber-attacks
    • How to focus your resources from a tactical and strategic perspective
  • Lessons from the Field: How Are Skilled Technical Testers Infiltrating? Recorded: Jan 30 2017 44 mins
    Nate Drier (Sr. Security Analysis Consultant), Trenton Ivey (Security Analysis Consultant)
    While many organizations have technical testing performed a couple of times a year for a number of reasons: such as identifying network vulnerabilities or satisfying industry compliance requirements, the results and lessons learned are typically limited.

    However, wouldn’t it be nice to see what tactics and techniques some of the most skilled testers out there are utilizing across all industries in all different levels of scope? Think of it as opportunity to learn from the good guys simulating the bad guys without having to have it done to your organization.

    Watch this webcast and hear from some of SecureWorks most skilled technical testers, Nate Drier and Trenton Ivey, talk about lessons learned from some of their most challenging engagements and the trends they are seeing with clients and their defense practices.

    Key topics covered include:

    - Examples of real-world engagements
    - Tactics and techniques commonly used to achieve their objectives
    - Trends and weaknesses they are seeing in defenses
    - Lessons learned
  • Defending Against Ransomware Attacks in Healthcare Organizations Recorded: Jan 19 2017 60 mins
    Clifford Kittle - Principal, SecureWorks Healthcare Information Security
    There has been a proliferation of ransomware attacks against healthcare organizations that has ushered in a new wave of extortionware and a new generation of malware attacks. While these types of attacks are not new, they have become more insidious, sophisticated and are growing in popularity.

    In order to defend against such attacks, healthcare organizations need to develop an enterprise information security strategy that not only provides visibility into networks and endpoints but also outlines comprehensive response plans in the event of an attack.

    Attend this webinar to learn the truth behind ransomware attacks and also how to better prepare your organization to think beyond HIPAA compliance and think holistically about its information security program. SecureWorks Healthcare Information Security Principal, Cliff Kittle, will answer vital questions about the nature of ransomware and provide actionable recommendations to meet the challenges of today's threat environment. You will learn valuable insights about how your organization can best adopt the right strategies, tools and skills needed for a stronger information security position.

    In this webinar, you will learn:
    - What is the motivation behind the proliferation of Ransomware attacks? What are the projections for 2017?
    - How does my organization prepare to detect and block ransomware?
    - What information security strategies do healthcare organizations need to be protected?
    - How does my organization respond if attacked by ransomware?
    - How do I ensure that I don't become a victim (again)?
  • 7 Key Cloud Security Trends Shaping 2017 and Beyond Recorded: Dec 15 2016 48 mins
    Ashley Ferguson - Director, SecureWorks Governance, Risk & Compliance
    Tips for executives and technology leaders

    Cloud computing is enabling business transformation as organizations accelerate time to market and business agility.

    Evolving cloud technologies and approaches, however, can create security gaps and human errors. Data protection rests with you and your organization and not the cloud provider.

    Attend this webinar and you will:

    - Discover key cloud security trends and insights for 2017 and beyond
    - Understand the state of public cloud security today
    - Find out how you can exceed Board expectations around the cloud
    - Learn why no cloud organization is too small or too remote to be targeted
    - Get steps you can take to ensure that your security meets evolving business demands
  • Cloud agility and security: Misperceptions dispelled Recorded: Oct 18 2016 61 mins
    Ross Kinder, Senior Security Researcher, SecureWorks
    Real world strategies for migrating to the cloud securely

    When companies move their IT assets to the cloud, they have an opportunity to realize cost savings, accelerate innovation and improve IT performance. Unfortunately, the utility of the cloud is constrained by perceptions and misperceptions about security and control. And even without appropriate controls in place, organizations are moving to the cloud at a very fast pace.

    For those of us responsible for security, this is a terrifying proposition--our most precious assets are seemingly moving outside of our control. However, perhaps, the cloud is more secure than you realize. Perhaps the cloud is a chance for a restart for how your organization looks at security of its data and applications. In this webcast, we’ll dispel some of the misperceptions that exist and jump right into both “lift and shift” and cloud native strategies for migrating to the cloud securely. Knowledge is power and this is an opportunity to advance your team’s understanding of the cloud and how to accelerate the transition.

    You will learn how to:
    - Develop an organization-wide cloud strategy
    - Assess your risk as you adopt cloud solutions
    - Identify common practices and frameworks for cloud migrations
    - Determine which cloud migration architecture meets your business objectives
  • 2016 Underground Hacker Marketplace Recorded: Oct 12 2016 58 mins
    James Bettke, Counter Threat Unit researcher, Sean O'Connor & Shawn Cozzolino, Senior Intelligence Analysts - CISO Team
    It’s a Good Time to Be a Bad Guy

    Imagine a marketplace where illegal vendors offer hackers a wide range of goods, tools, and training to enable them to exploit or breach unsuspecting individuals, groups or organizations. Now imagine the walls of this marketplace lined with advertisements offering services and information. The point is, the underground marketplace is booming and only getting bigger, more sophisticated, and competitive.

    Register to take a journey with James Bettke, SecureWorks Counter Threat Unit (CTU) researcher, Sean O’Connor and Shawn Cozzolino from the SecureWorks CISO Intel team as they walk you through their time spent in the Underground, tracking hackers in numerous forums and marketplaces all over the world.

    When you attend this interactive webinar, you will walk away with:
    - Notable trends occurring year over year in the underground hacker market
    - Real examples of goods and services for sale to enable cyber-crime
    - Tips on how to protect data and additional security advice
  • Seeing the Unseen – Detecting the Advanced Persistent Threat Recorded: Sep 14 2016 63 mins
    Justin Turner, Director of the Targeted Threat Hunting & Response Team, SecureWorks
    Learn how Threat Hunting delivers high certainty in detecting compromise

    Many organizations have information security protections in place that still fail to answer with high a level of certainty, "Have we already been compromised?" A cyber threat such as malware or even a large scale Advanced Persistent Threat could be hiding in areas of your network and go unnoticed by the untrained eye.

    That’s where Threat Hunting comes in.

    During this interactive webinar, Justin Turner, Director of the Targeted Threat Hunting & Response Team, will share what Hunting is, what it should tell you, and cut through industry noise. He will share experiences and insights from actual hunting engagements and will also provide recommendations for security leaders and practitioners on how to identify indicators of attacker presence leveraging threat intelligence for context to determine how to engage and resist the adversary.

    In addition, you will:
    - Learn what Targeted Threat Hunting must do for you
    - Hear real-world examples of previous incidents and how targeted threat hunting was used to remove entrenched adversaries
    - Get recommendations on strategies and tactics to aid you in your hunting
  • Security in the Boardroom Series: Keeping Your Seat at the Table Recorded: Aug 24 2016 49 mins
    Ashley Ferguson, Director, SecureWorks Governance, Risk & Compliance
    This webinar will explore another aspect of the CISO’s role as an essential business leader: guiding the organization through the crisis of a breach.

    Featuring insights from CISOs and C-suite leaders who have been there and done that, the program will address incident response planning, setting C-suite and board expectations, and tips for providing the right information in a breach crisis situation to aid decision-making and public disclosures. Learn how to establish your role as part of the solution team, and how to avoid a reactionary response that too often leads to finger-pointing at the security team. You’ll take away actionable insights to apply to your own journey as an essential business leader.
  • Security in the Boardroom Series: Earning and Using Your Seat at the Table Recorded: Jul 21 2016 60 mins
    Ashley Ferguson, Director, SecureWorks Governance, Risk & Compliance
    This webinar will provide tips for successfully navigating the expanding role of the Chief Information Security Officer as an essential business leader. Explore leading practices for managing cybersecurity risk as a people, process and IT leader. Get tips for building a working relationship with other executive stakeholders in audit, compliance and enterprise risk. And hear how other CISOs are establishing more productive reporting relationships with the board of directors. Whether you’d like to expand your role as a risk and security professional, gain more executive support for key initiatives, or improve your relationship with the board, you’ll take away actionable insights to apply to your own journey as an essential business leader.
  • Risk Based Security in a Hyper-Connected World Recorded: Jul 13 2016 49 mins
    Hadi Hosn, Head of Security Strategy & GRC Consulting, SecureWorks
    For many organizations, investments in new processes and technologies is on top of the priorities list. From behavioral analytics, big data solutions, and “one touch” processes that require no manual intervention, companies are always on the lookout for technology innovations that can achieve a considerable return on investment. When companies consider Cyber Security in such a technology dependent world, most ask, “How can we secure our business and comply with the changing legal and regulatory standards?” instead of “How do we make business focused, intelligent investments given the cyber security risks we face?”

    In this webcast, Hadi Hosn, Head of Security Strategy & GRC Consulting at Dell SecureWorks, will discuss the risk based Cyber Security operating model to help companies identify and protect their most critical information assets and business processes. Hadi will focus on the most critical actions for any organization building a risk based security program.

    Key topics covered include:

    - Prioritizing information assets based on value to the organization
    - Identifying and prioritizing risks to the assets
    - Reduce risks with quick wins
    - Build and deliver a security plan that aligns business and technology
    - Ensure continuous business engagement on the topic of cyber security
  • The Dangerous Misperception of Ransomware Recorded: May 5 2016 61 mins
    Harlan Carvey, Security Analysis Senior Consultant, SecureWorks Counter Threat Unit Research Team
    The proliferation of Ransomware has ushered in a new wave of extortionware and a new generation of malware attacks. While these types of attacks are not new, they have become more insidious and sophisticated, growing in popularity in concert with the expansion of electronic payment systems such as bitcoin. In April, the US and Canada both issued formal warnings and suggestions, but how much that is reported about this new malware is true? Are we being naïve in our efforts to block these Ransomware attacks?

    Attend this webcast to learn not only the truth behind Ransomware attacks, but also how to protect your organization utilizing a holistic and unifying visibility into your network and endpoints. Secureworks Security Analysis Senior Consultant, Harlan Carvey will answer vital questions about the nature of Ransomware and provide more insight into the actors, their methods, and their motivations:

    - What is Ransomware?
    - How does it proliferate?
    - How do I detect and block it?
    - How do I know what systems are compromised or how the attacker got in?
    - Do I pay the ransom if I am attacked?
    - How do I ensure that I don’t become a victim (again)?
  • From RAM to Reality Recorded: Mar 8 2016 55 mins
    Tom Finney and Matthew Webster, Counter Threat Unit security researchers at Dell SecureWorks
    Observations of Geopolitical Conflicts Transitioning to Cyberattacks

    Geopolitical conflicts are more publicly transitioning into the cyber realm. With current conflicts, a cyber-component is almost always included – and the outcome can be observed in the physical world. What is the impact of these events? Can it expose trade secrets? Shut down financial markets? Or worse?

    During this interactive webinar, Tom Finney and Matthew Webster, Counter Threat UnitTM security researchers at Dell SecureWorks, will cover known events, discuss the actors behind them and generally talk about the potential impacts from these threats.

    In addition you will:

    - Understand the relationship between specific geopolitical events and cyberattacks
    - Learn about the actors behind these cyberattacks and the impact to your businesses
    - Get insight into the latest attack trends
    - Receive recommendations on security solutions and threat intelligence to help protect your network
  • Measuring Your Plan with a Tabletop Exercise Recorded: Feb 16 2016 56 mins
    Tony Kirtley, Senior Incident Response Consultant at Dell SecureWorks
    Ensuring your CIRP is a plan for disaster – not a disaster waiting to happen.

    Most organizations establish Cybersecurity Incident Response Plans (CIRP) with great intentions of leveraging them during security breaches. The reality is, many times once a CIRP is established it gets filed away to collect dust on a shelf until a breach occurs, leaving it out of date and out of mind. If a breach occurred tomorrow, would your organization know the proper steps and procedures to eradicate the threat... who the key stake holders are and the communications flow... when and how to reach out to a third-party for support?

    All of these are included as a part of your CIRP, but using a dusty CIRP as a guide for the first time during a breach is not a plan – it’s a disaster waiting to happen. Testing your plan prior to an incident is the key to minimize the duration, impact and cost of a breach to your organization.

    During this interactive webinar, Tony Kirtley, Senior Incident Response Consultant at Dell SecureWorks, will share the importance of testing your CIRP plan through regular tabletop exercises to help identify your organization's strengths and weaknesses, and further the development of your proactive security capabilities.

    In addition you will learn:

    - What makes an effective tabletop exercise?
    - Real stories of how organizations benefited from tabletop exercises.
    - The benefit of bringing in an objective third party to facilitate your table top exercise.
  • Advanced Incident Investigation: Lessons Learned From APT Victims Recorded: Dec 17 2015 50 mins
    Don Smith, Technology Director, Dell SecureWorks
    The increased complexity and frequency of attacks, combined with reduced effectiveness of detective or preventative control frameworks, elevate the need for organizations to roll out enterprise wide incident response initiatives to ensure rapid containment and eradication of threats.

    In this webcast, Don Smith, Technology Director at Dell SecureWorks, describes three organization’s experience with “APT” actors, examining techniques deployed for intrusion, persistence, lateral expansion and exfiltration.

    Don will highlight where changes to the detective or preventative control frameworks could have prevented the attackers from achieving their objectives and outline key steps to building a robust incident response plan.

    Webcast takeaways include:

    · Real-world examples of APT attacks
    · The latest tools and techniques that advanced threat actors are using
    · Recommendations for preventing and responding to APTs
  • Effective Security for the Public Sector Recorded: Dec 9 2015 55 mins
    Michael Musick, Solutions Architect - Public Sector, Dell SecureWorks
    Today’s threat actors are more persistent and creative than ever. While anti-virus and firewalls are a good start, an effective information security program needs to be more sophisticated to protect your organization from threat actors intent on stealing sensitive data, causing disruption of services or hacktivism.

    Attend this live and interactive webcast to hear Michael Musick, Solutions Architect for Dell SecureWorks, discuss how a strong cybersecurity program can protect the confidentiality, integrity and availability of sensitive data from theft, respond to ever –changing compliance regulations, and why an incident response plan is critical to risk management.

    Click on the Attend button below to register for this webcast!
  • Red Team - Train How You Fight Recorded: Oct 29 2015 54 mins
    Chris Carlis, Principal Consultant, Dell SecureWorks Red Team
    Every day your organization is under attack. External adversaries are probing your defenses, malicious insiders are looking to exploit their trusted positions and users are fighting to correctly identify the latest phishing attack.

    Your adversaries are not going to play by the rules. They will use whatever methods are available to compromise your security and hit you where it hurts the most. Red Team testing can identify gaps in your defenses, show how minor vulnerabilities can result in large compromises and demonstrate the need for solid planning and preparation.

    Red Team testing simulates a real-world attack by combining intelligence gathering, network and physical testing with social engineering to target your organization’s critical assets. This goal-based testing provides a depth of findings that vulnerability scanning and conventional penetration testing can’t achieve.

    Attendees will:
    1.Learn How Red Team testing complements your existing security program.
    2.Hear real-world examples of Red Team engagements.
    3.Find out if a Red Team test is right for your organization.
Information Secuirty Thought Leadership
SecureWorks is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyberattacks. SecureWorks’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Game Over for Gameover Zeus: Disrupting a Global Cybercriminal Operation
  • Live at: Jul 31 2014 6:00 pm
  • Presented by: Ben Feinstein, Dell SecureWorks Director of Counter Threat Unit (CTU) Operations & Development
  • From:
Your email has been sent.
or close