Launch of the « Attack and IOC Monitoring » service

Date : June 07, 2016

On July 1st 2016, Cert-IST has started a new service focused on attack detection and based on IOCs (Indicators Of Comprise: these are technical arte-facts such as IP addresses or MD5 hashes which, when found, reveal that an attack probably occurred).

This service provides two main resources:

  • A Monthly Bulletin, to stay aware of the major events about cyber-attacks.
  • A database which lists and describes known attacks. This database contains the “Attack description forms” filled-out by Cert-IST to describe each attack, and points to a MISP instance managed by Cert-IST which contains all the IOC for these attacks. MISP is an “open-source” solution to store and share IOCs (see the www.misp-project.org website).

At the moment, the service is primarily concerned with two kinds of attacks:

  • The APT attacks (e.g. industrial espionage attacks),
  • And the “malware outbreaks”; this is the term we chosen to name the abrupt attack waves that hit companies (such as the “Dridex” infection waves).

Note: this service require a specific subscription.

It was designed based on Cert-IST Members needs, which were discussed during several Members meetings in 2015 and 2016. For example, the service primary objective is not to produce new IOCs, but rather to enrich existing IOC to make them more usable for Members.

 

Previous Previous Next Next Print Print