Hi [[ session.user.profile.firstName ]]

Incident Response service: Numbers, challenges and tactics

Incident Response service: Numbers, challenges and tactics

Kaspersky’s Incident Response Team faces daily challenges as it handles information security incidents as a third-party service provider, constantly using its experience and expertise to offer complete analysis and quick recovery successfully. To completely eliminate threats, the team covers the entire incident investigation cycle, getting involved in containment, digital forensics investigation and malware analysis, as well as helping to improve security processes after incidents.

In this talk, Digital Forensics and Incident Response Manager of Kaspersky Global Emergency Response Team (GERT), Ayman Shaaban, will share his knowledge of the latest incident trends based on his day-to-day experiences. He will also present statistical analysis of recent incidents aimed at financial organizations, government agencies, industrial bodies and more.
This webinar session will discuss:
•The GERT team and IR services
•The most frequent reasons our incident response service was requested
•Attack vectors
•How different types of attack effect different types of businesses
•Attack scenarios and the details of some of the most noteworthy cases
•What can help in reducing the risk of getting compromised
Recorded Feb 25 2020 72 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ayman Shaaban, Digital Forensics and Response Manager of Kaspersky Global Emergency Response Team
Presentation preview: Incident Response service: Numbers, challenges and tactics

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Social engineering during the pandemic and beyond Jun 30 2021 2:00 pm UTC 30 mins
    Claire Hatcher, Head of Business Development for Kaspersky Fraud Prevention
    Adapting to a new normal: 2020 was an unprecedented year. As large swathes of the world’s population were forced into one form of lockdown or another, our lives changed forever. In this presentation Kaspersky looks back at 2020 to see how social engineering evolved during the pandemic and how it’s developing in 2021.
  • Enabling easy and secure elections with Polys voting system on blockchain Jun 28 2021 8:00 am UTC 30 mins
    Kate Semekhina, Business Development Manager, Polys (Kaspersky Innovation Hub project)
    Lockdown measures have moved many aspects of people’s daily routines online, including work, shopping, and social interactions. Now, digital voting can be applied so that balloting is not delayed. And the blockchain-based voting system is the perfect tool for this, as it guarantees that voting is secure, immutable, and anonymous.

    However, there are lots of fears and biases. Organizers might think that arranging such sessions will take ages. They are afraid that voters will be confused with all technical details or simply miss the session, that a malicious person will vote instead of legitimate participants, or someone will vote twice, or other voter fraud will occur.

    We will debunk all these doubts in our short webinar and show you how to create and launch a voting session quickly and conveniently.
  • Fast Forward Episode 1 - Clouds of Personal Data: Welcome to the Labyrinth Recorded: Jun 9 2021 22 mins
    Ken Hollings
    Listen to Fast Forward: A new audio documentary series about the past, present and future of network technologies around us.

    Episode 1: Welcome to the Labyrinth, takes a fresh look at data access in the age of The Cloud. With so many thoughts, images and memories digitally logged and uploaded, is it only a matter of time before our past catches up with us? Are there better ways to store our information? Our data has been forming its own infrastructure of billions of blogs, documents and emails we no longer use.

    Ken Hollings talks with data engineer and University of Michigan Associate Professor of English Tung-Hui Hu about ideas in his book A Prehistory of the Cloud: How digital infrastructure is built on top of defunct physical infrastructure. Tanya Basu, senior reporter at MIT Technology, shares a way of curating information that might do us more favors, digital gardening, and Kaspersky Security Researcher David Emm offers ideas for safer data storage.

    Fast Forward is an audio series from Tomorrow Unlocked, the cyberculture channel from Kaspersky. More interviews and stories from the series:

    Tell us what you think at fastforward@kaspersky.com

    To secure your business so you can focus on new technologies, explore enterprise cybersecurity solutions from Kaspersky:
  • How Kaspersky Fraud Prevention helped Indacoin halt fraud with cryptocurrency Recorded: May 31 2021 44 mins
    Claire Hatcher - Head of Business Development for Kaspersky Fraud Prevention; Guilherme Jovanovic - Indacoin CBDO
    For Indacoin, as a leading fiat-to-crypto exchange, it is important to maintain fast transaction speed, simplicity of the identity verification process, and functionality that is understandable to both an experienced crypto enthusiast and a newcomer to the industry. High-level support of all these aspects was offered by a unique project Kaspersky Fraud Prevention more than a year ago. Tune in to learn about the partnership between Indacoin Limited and Kaspersky Fraud Prevention.
  • EDR for MSPs: how to empower service and cut overhead Recorded: May 27 2021 58 mins
    Ilia Repkin, MSP Solution Manager; Nikita Zaychikov, Senior Product Marketing Manager
    In this webinar, we will discuss Endpoint Detection and Response (EDR) technologies in regards to MSP business. The technology itself has been on the market for a while, but there are still questions for MSPs to answer:
    • Do they need EDR as a part of their security service?
    • If so, how much inhouse resources it will take to deliver?

    These and some more points will be discussed during the session:
    • EDR technology positioning – determine value on top of EPP
    • How many MSP customers really need it and why
    • Cornerstones in providing EDR-service with resource limit
    • How to streamline incident response with Kaspersky
    • Demonstration of technology
  • How you can use AI to keep your plant going Recorded: May 26 2021 52 mins
    Maxim Mamaev, Senior Solution Architect; Andrey Lavrentyev, Head of Technology Research
    The early detection of industrial machinery breakdowns can decrease downtime costs. Equipment malfunctions, misconfigurations, hacker attacks — whatever causes the problem — do not wreak havoc immediately. They start small and then develop over time. But the problem is that, at an early stage, they are undetectable by SCADA monitoring tools that fail to notice unusual but subtle changes in a machine’s behavior.

    This is where AI can help and detect these small anomalies, just in time.
    In this webinar you’ll learn:
    • How Kaspersky Machine Learning for Anomaly Detection (MLAD) uses artificial intelligence to help plant operators recognize that something is going wrong and sort out the problem before it affects production.
    • How to deploy Kaspersky MLAD at a plant and ensure its smooth integration into a plant’s operation.
    • Why a machine’s telemetry is a treasure and how to get the most out of it.
  • Device updates: what’s stopping people from making the change? Recorded: May 24 2021 42 mins
    David Jacoby Deputy Head of Research Centre, Europe
    To update or not to update? This is an eternal question which is key for data security. While some organizations continue to work with outdated technology, many users refuse to use new or updated versions on their devices. It begs the question as to why some people are reluctant to have the most recent version of technology on their devices. At first glance, this may seem like an individual’s prerogative but given that each patch (small adjustments to the software code to address software bugs and security issues) or update is designed to not just enhance, but secure a device, the repercussions of choosing not to, could be severe.
    Kaspersky decided to delve into this rationale of ‘update avoidance’ and asked more than 15,000 employees from 23 countries about why people are not upgrading, what aspects of an update they find most off-putting, and to what extent they understand the need for patches in the first place.
    In this webinar you will learn:
    • How people feel about upgrading their devices and why they choose to delay instead of installing updates immediately
    • Which well-known cyberattacks happened because of un-patched devices
    • What consumers want update installations to look like in the future
    • How to encourage yourself or your employees to install updates in a timely way
  • How Kaspersky Fraud Prevention helped Indacoin halt fraud with cryptocurrency Recorded: May 19 2021 44 mins
    Claire Hatcher - Head of Business Development for Kaspersky Fraud Prevention; Guilherme Jovanovic - Indacoin CBDO
    For Indacoin, as a leading fiat-to-crypto exchange, it is important to maintain fast transaction speed, simplicity of the identity verification process, and functionality that is understandable to both an experienced crypto enthusiast and a newcomer to the industry. High-level support of all these aspects was offered by a unique project Kaspersky Fraud Prevention more than a year ago. Tune in to learn about the partnership between Indacoin Limited and Kaspersky Fraud Prevention.
  • Darknet and cybergangs: a deep dive into the ransomware ecosystem Recorded: May 12 2021 65 mins
    Ivan Kwiatkowski and Dmitry Galov, security researchers at Kaspersky
    In the past couple of years, ransomware has become a plague, with targeted ransomware attacks continuously prominent on the media’s front pages. Being effective and highly profitable, ransomware attacks on organizations are multiplying day by day. We witness ransomware operators becoming more creative with their extortion methods, building their ‘names’ and sometimes even resorting to the doxing and extortion of users whose data has been stolen, in a pursuit to force companies to pay up.

    In essence, ransomware is a business, albeit illegal, and the processes behind it resemble the ones behind other businesses. To understand it, we must ask: how do ransomware operators work? What are the processes behind the attacks? Who are the people that carry them out and how do they select their targets?

    In this webinar, Ivan Kwiatkowski and Dmitry Galov, security researchers at Kaspersky’s Global Research and Analysis Team, will answer these questions and many more, while explaining the inner workings of the ransomware ecosystem.

    In this webcast you will learn:
    • What does the ransomware market look like on the darknet?
    • What kind of roles exist in this ecosystem?
    • How do ransomware operators select their victims?
    • What new ransomware gangs should organizations be wary of?
    • How can you protect against ransomware?
  • How to get trusted data for Industrial IoT Recorded: May 5 2021 45 mins
    Andrey Suvorov, CEO at Adaptive Production Technology (Kaspersky’s daughter company)
    It is valuable to find out the efficiency of connected machines in industrial settings and predict their failures. This can also create a new business model of client-orientated production. However, a digital twin approach requires the secure connection of industrial equipment, such as conveyers, pumps, presses, CNCs and many other machines, with enterprise applications and IIoT platforms.

    In this webinar, Andrey Suvorov, CEO at Adaptive Production Technology (Kaspersky’s daughter IIoT company) will explain how to overcome existing challenges with OT and IT interoperability and cybersecurity. He will also introduce the first Cyber Immune solution (IIoT gateway), and present practical use cases from different industries for business owners.

    You will learn:
    - Why the gateway is Cyber Immune and what it means for businesses
    - What classes as trusted industrial data (“one ration lifecycle in an era of 4.0”)
    - How to transform industrial monitoring to a new business model
  • How and why should small companies investigate cybersecurity incidents? Recorded: Apr 29 2021 29 mins
    Andrey Dankevich, Senior Product Marketing Manager; Eric Payne, Senior Enterprise Pre-sales Manager
    Attack kill chain, route cause analysis, malware file parameters – are all these features only a prerogative for cool tech guys in big enterprises? The answer should definitely be ‘no’, as information about cyberthreats targeting business is no less relevant for smaller companies. The analysis of security incidents shows what happens inside this anti-malware black box, as well as where the threats come from and what an IT admin can do about it to strengthen the protection of the company.

    During the webinar, we will show what data can be used for analysis and what small businesses can learn from it, as well as how to try it now.
  • Securing those hard to reach areas – First Choice and Second Opinion Recorded: Apr 29 2021 47 mins
    Lee Rendell - Kaspersky Presales Manager and Kevin Bailey - Principal Analyst, Synergy Six Degrees
    In the latter part of 2020, some 88% of the threats delivered via email took nearly nine days on average for scanning (AV) engines to recognize their hash.

    Your business cannot afford for criminals to be active in your infrastructure for nearly two weeks. Consideration should always be an option to [technically] collaborate by adding a “second opinion” for identifying cyber activity alongside your current protection tools to mitigate cyber-criminal outlier opportunities, increasing your capability to secure all business, partner and customer entry points.

    In the webinar, we’ll take you through some of the key use cases for Kaspersky Scan Engine and what attacks vectors it can help prevent.
  • Targeted Malware Reverse Engineering Workshop Recorded: Apr 8 2021 125 mins
    Ivan Kwiatkowski and Denis Legezo, Senior Security Researchers with GReAT, and Igor Skochinsky from Hex-Rays.
    Are you into reverse engineering? Interested in staying on top of the latest threat landscape? Then take your seat at Kaspersky’s workshop to learn reverse engineering best practices from our experts and watch them analyze recent targeted malware samples.

    In this webinar, Senior Security Researchers from Kaspersky’s Global Research&Analysis Team (GReAT), Ivan Kwiatkowski and Denis Legezo, will give live workshops on practical disassembling, decrypting and deobfuscating authentic malware cases in both Hex-Rays decompiler and IDA Pro. GReAT’s own Dan Demeter will be moderating.

    Ivan will demonstrate how to strip the obfuscation from a recently discovered Cycldek-related tool, while Denis will present an exercise on reversing the steganography algorithm of MontysThree’s malware.

    As a bonus, the experts will interview our guest Igor Skochinsky of Hex-Rays, a software developer behind the reversing must-have IDA Pro and author of weekly tips on the Hex-Rays Blog.

    Ivan and Denis will introduce the new Targeted Malware Reverse Engineering online course, into which the researchers have squeezed their 10-year experience in cybersecurity. This self-study, intermediate-level training is designed for those seeking confidence and practical experience in malware analysis. It includes in-depth analysis of 10 fresh, real-life targeted malware cases like MontysThree, LuckyMouse and Lazarus, hands-on learning with an array of reverse engineering tools including IDA Pro, Hex-Rays decompiler, Hiew, 010Editor, and 100 hours of practice in our virtual lab.

    Participants of the webinar will have an opportunity to win free access to this new online course.

    Attendees’ requirements:
    - Medium technical level
    - Knowledge of basic programming languages and a basic understanding of Intel assembly language, alongside a basic understanding of reverse engineering and targeted malware
    - No need for pre-installed software

    Learn more about Kaspersky trainings at https://xtraining.kaspersky.com
  • Financial Threat Landscape: A Look Back at 2020 and What to Be Ready for in 2021 Recorded: Mar 31 2021 59 mins
    Dmitry Bestuzhev, Head of Kaspersky's Latin America GReAT Team, and Fabio Assolini, Senior Security Researcher with GReAT
    2020 was a year of changes for businesses everywhere, but what’s one thing that hasn’t changed? Cybercriminals are after your money—and you need to know how to protect your business and your financial assets.

    Join this webinar with Head of Kaspersky's Latin America Global Research and Analysis Team (GReAT) Dmitry Bestuzhev and Fabio Assolini, Senior Security Researcher with GReAT, for an analysis of the biggest trends and developments in the financial threat landscape they’ve witnessed over the past year, including:
    • The techniques and tactics most often used by cybercriminals
    • The most common mobile malware and banking Trojan threats
    • How the growth in e-commerce has changed the threat landscape
    • Strategies to safeguard your organization

    Register today and guarantee a secure 2021.
  • Enabling effective alert triage and analysis with Kaspersky Threat Data Feeds Recorded: Mar 25 2021 25 mins
    Mikhail Moskvin, Global Technology Account Manager
    The number of security alerts processed by information security analysts every day is growing exponentially. With this amount of data being analyzed, effective alert prioritization and validation is nearly impossible. There are too many blinking lights coming from numerous security products, leading to important alerts getting buried in the noise, and the strong chance of analyst burnout. By integrating up-to-the-minute threat intelligence feeds into existing security controls, like SIEM systems, security teams can automate the initial alert triage process. Simultaneously, they can then provide their security analysts with enough context to immediately identify alerts that need to be investigated or escalated to incident response teams for further investigation and response.

    Join our webinar to see how Kaspersky Threat Data Feeds enhance your existing security controls and improve forensic capabilities with 100% vetted and context-rich cyberthreat data. Our experts will guide you through the complete investigation process from the initial alert to further response, while also demonstrating how to:

    • Effectively distill and prioritize security alerts
    • Reduce analyst workload and prevent burnout
    • Immediately identify critical alerts and make more informed decisions about what should be escalated to incident response teams
    • Build a proactive and intelligence-driven defense
  • Gamification under the spotlight: top 5 techniques for Security Awareness Recorded: Mar 17 2021 48 mins
    Nadya Ilina - Senior product manager Kaspersky Security Awareness, adult education expert, master-trainer
    Not everybody finds cybersecurity interesting, but without employee engagement and motivation to learn, creating a cybersafe environment in your organization will be an uphill battle. What’s the solution? Gamification!

    Gamification is a great tool to encourage employee engagement and motivation. But when and how should it be used to achieve the best results?

    In our webinar we’ll put gamification under the spotlight and discuss:
    · Teaching Security Awareness can be a challenge - but it doesn't have to be a battlefield
    · A ‘hero’s journey’ through the education cycle
    · The top 5 gamification techniques we use with great success
    · The lessons learned after 5 years of continuous development – and new horizons ahead
  • Stalkerware: at the intersection of intimate partner violence and cybercrime Recorded: Mar 2 2021 70 mins
    UNODC, UN Women, F-Secure, European Network for the Work with Perpetrators of Domestic Violence, Kaspersky
    Please join representatives from the Coalition Against Stalkerware, the UN Office on Drugs and Crime, and UN Women for a discussion about how stalkerware, a form of tech-facilitated abuse, can act as a tool for intimate partner violence and different forms of cybercrime. Stalkerware is commercially available software that an abuser can use to remotely record a person’s calls, log text messages, monitor social media activity, and track location data without notifying that person and without their consent. This type of software can enable acts of intimate partner violence, both digitally and offline. Stalkerware can also facilitate cybercrime, given the fact that this type of software can access personally-identifiable information stored on a device. We all have a role to play in recognizing the insidious nature of these technologies, the harmful impact that they have, and the need for collective action to support and assist individuals targeted by stalkerware.

    Presenters’ Names and Titles:
    • Live Brenna, Cybercrime Officer, UNODC
    • Sachiko Hasumi, Manager, Information Security & Compliance, UN Women
    • Anthony Melgarejo, Threat Prevention Service Owner, F-Secure
    • Alessandra Pauncz, PhD, Executive Director, European Network for the Work with Perpetrators of Domestic Violence
    • Tara Hairston, Head of Government Relations, North America, Kaspersky
  • Workshop: fuzzing - automated discovery of memory corruption vulnerabilities Recorded: Mar 1 2021 61 mins
    Pavel Cheremushkin, vulnerability researcher, Kaspersky’s ICS CERT
    Identifying security weaknesses in the system is important – knowing what is wrong helps us fix those flaws and avoid security breaches in the future. One of the methods to assess the system is fuzzing, which helps to do just that, as well as identify memory use issues.

    Understanding fuzzing is essential for any security specialist as it an effective method to discover security bugs in software. In the past few years, thousands of vulnerabilities have been detected using this method as it often reveals things that can be missed by static program analysis or manual code inspection.

    Pavel Cheremushkin, a vulnerability researcher in Kaspersky's Industrial Control Systems Cyber Emergency Response Team will share his fuzzing know-how, explores the modern state of this technique and how to optimize the process of fuzzing.

    In this workshop you will:
    • Understand modern techniques on how to automate the discovery of memory corruption vulnerabilities
    • Learn how to use popular fuzzing tools and optimize the process
    • Understand how to discover a zero-day vulnerability in modern software by applying processes discussed in this session

    Who is this workshop for?

    • Vulnerability researchers, who will learn to find vulnerabilities faster and more effectively using new instruments. This will lead to the release of better software and a decrease of cyberrisks.
    • Developers, who will be able to create safer apps, for their employers to decrease reputation risks.
    • Independent security researchers who will increase their chances of finding zero-days in bug-bounty programs.
  • 2021 predictions, episode 3: ICS cyberthreats Recorded: Feb 11 2021 54 mins
    Evgeny Goncharov, Head of Industrial Control Systems Cyber Emergency Response Team, Kaspersky
    As 2020 is behind us, let’s take a look at what’s to come this year and how to face the threats we in cybersecurity may anticipate. No industry remained unaffected by the swift changes and challenges of 2020 and industrial systems have been no exception.

    In this webinar, Evgeny Goncharov, head of Industrial Control Systems Cyber Emergency Response Team, Kaspersky, will present his expert vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.

    In this webinar you will learn:
    • How ransomware and cyberespionage are attacking industrial objects
    • What to anticipate from advanced persistent threat (APT) activity against ICS
    • What major COVID-19 consequences there are for industrial control systems and what can be done to tackle them

    This webcast is part of a 2021 predictions webinar series. Click below to join the other webinars of the series:
    Episode 1: financial threats, https://www.brighttalk.com/webcast/15591/459407
    Episode 2: healthcare threats, https://www.brighttalk.com/webcast/15591/463864
  • Are we en route to losing the fight to ensure stability in cyberspace? Recorded: Feb 4 2021 70 mins
    French Ministry for Europe and Foreign Affairs, INTERPOL, Kaspersky
    Some would say that – yes, finally, this strange year of 2020 year is nearing its end and hopefully next year will be less stressful for all of us (and we’re certainly among those saying it ). But still, this year was an important one for those who work to ensure that all things cyber are stable, secure and safe.

    Just before the holiday season starts, we gathered for the first in a series of multi-stakeholder Community Talks on Cyber Diplomacy to review 2020 and, particularly, discuss if we as a global community might be heading toward losing the fight against cyberthreats.

    Are we a step closer to reaching stability in cyberspace or not? Should we close the 2020 chapter on a pessimistic or optimistic note? Are we losing or winning the fight to ensure stability in cyberspace?

    We gathered cyberdiplomats, cybersecurity researchers, the technical community, academia, and law enforcement professionals, who all help fight cyberthreats but from different angles.

    We discussed three questions:

    What we do well and what are the best practices;
    Where we failed or are failing; and
    What, accordingly, should the priorities be for further work.
    We shared what we know, asked about what we don’t know, and talked and discussed to learn from each other as to how to best keep cyberspace a comfortable and secure place for all of us.

    Speakers of this community talk were:
    Camille Morfouace-de Broucker, French diplomat and policy advisor on cyber issues at the Ministry for Europe and Foreign Affairs (@CMorfouace);
    Craig Jones, Director of Cybercrime, INTERPOL (@INTERPOL_Cyber); and
    Pierre Delcher, Senior Security Researcher of the Global Research and Analysis Team (GReAT), Kaspersky (@securechicken).

    Watch the recording of the session here.
Latest on cyberthreats and protection technologies
Top-notch cybersecurity and protection technology experts share their knowledge on how to mitigate the most dangerous cyberthreats that any organization may face. Contact us at https://www.kaspersky.com/about/contact

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Incident Response service: Numbers, challenges and tactics
  • Live at: Feb 25 2020 2:00 pm
  • Presented by: Ayman Shaaban, Digital Forensics and Response Manager of Kaspersky Global Emergency Response Team
  • From:
Your email has been sent.
or close