Quarterly Tech Talk Double Feature

ONG-ISAC Quarterly “Tech Talks” focus on tools and techniques shared by your ONG-ISAC peers to increase efficiency and effectiveness in protecting your environments.

Presentation I: “Providing Threat Intel SIEMlessly”

Abstract: While many free and low-cost open source intelligence feeds may be utilized by an analyst, it can be slow and cumbersome to visit multiple sites while researching an IP or URL.  By leveraging API access and browser based tools, this process can be streamlined to give an analyst or IT staff person feedback from multiple source in less time than it takes to copy and paste the indicator. We will briefly review browser-based tools for API integrations that work without an enterprise SIEM solution and are extensible for custom data sources.

Presentation II: “Netwalker”

Abstract: The Cybercriminal Group behind NetWalker has gained significant notoriety recently with their unique strain of malware paired with data exfiltration and extortion techniques to force businesses to pay their ransom. Who are they? What are their tactics and targets? Most importantly, how do we stop them?

This deep dive will shine a light into the history of NetWalker Ransomware, their evolution into Ransomware-as-a-Service (RaaS), recent targeting of Oil & Gas businesses, and why prevention is so critical. We hope to leave the audience with the tools and insight needed to confidently protect themselves in this rapidly changing defensive landscape.