The group Login arranged a presentation by NSM/NorCERT this Friday. They were basically talking about what they are doing, what kind of attacks they see the most and it was naturally followed by free pizza :)
Being a CERT the main goal is to be a contact point both internally within the country and externally. This as a response to the difficulty of handling cyber crime due to the lack of geographic boundaries. Their primary focus is attacks on large websites within Norway helping them to solve situations utilizing the combined intelligence they collect. They had a few sensors of their own, but mostly relied on input from organizations and other countries.
One of the main problems they discussed was the compromising of advertising systems (openx) on huge websites like news papers as a mean to spread botnets and other malware onto as many machines as possible. The bad guys can buy advertising allocation or hack the often insecure and commonly used systems. They also talked about bank trojans like Torpig.
A few interesting tools and resources were mentioned:
- The Tangled Web: A Guide to Securing Modern Web Applications (book)
- OWASP: the Open Web Application Security Project
- mod_security for Apache web server
- URLquery
- JSDetox
- Thug python honeyclient
- VirusTotal
- Malwr (Cuckoo sandbox)