CERT-GIB
Computer Emergency Response Team
Experiencing a breach?
50+high-skilled analysts
55 000+hours of incident response
What is CERT-GIB
Back in 2011, we created the first 24/7 private certified emergency response service in Eastern Europe, united by a mission: to immediately contain cyber threats, regardless of when and where they take place and who is involved.
Why CERT-GIB
Human proficiency
- 55 000+ hours of emergency incident response
- strategic team with a global vision and able to adjust defence methods to different verticals
- close collaboration with Forensic Laboratory, Threat Intelligence and Investigation teams
Intelligence-
driven
- use of world-class proprietary threat intelligence
- context analysis to foresee sophisticated cyber threats behind trivial events
- development of cutting-edge solutions to improve cybersecurity practices
In-depth expertise in APTs
- attribution of targeted attacks vs. random infections
- identification of threats behind "legitimate" actions
- extensive knowledge of cybercriminals’ tools and techniques
International cooperation
- collaboration with all russian top‑level domains which helps CERT-GIB block dangerous websites in these domains
- partnership with CERTs and anti‑cybercrime associations worldwide striving to ensure safety in the digital space around the globe
24/7 incident response hotline
When it comes to real-life incidents, every minute counts. CERT-GIB is your round-the-clock first technical emergency aid to help you contain the threat and bring trusted incident responders, forensic analysts, and investigation experts on the scene if needed to eliminate costly delays.
- Network intrusions
- Malware infections
- Data leaks
- All types of phishing
- DoS/DDoS attacks
- Breaches of web resources
- Targeted attacks
- Online and mobile banking fraud
How it works
- 24/7 monitoring
- call us on +7 (495) 984-33-64
- email us at response@cert-gib.com
- fill out our incident response form
- establishing the source of the threat
- assessing the intensity of the attack
- obtaining context from Threat Intelligence
- clear instructions on how to contain the incident
- blocking pf phishing & dangerous websites
- proactive monitoring to prevent future threats
- containment of severe attacks
- digital evidence collection
- threat actor identification and support with further investigation
Anomaly analysis
Today, the threat landscape is more difficult than ever to defend. Attack speed is rising, the variety of attacks is spiralling. We examine problems that have widespread cybersecurity implications and develop advanced methods and tools to counter large-scale, sophisticated cyber threats.
By detecting and analyzing anomalies, our security analysts are able to prevent severe data breaches, find malware entry points, foresee external attacks, and in general detect vulnerabilities within an organisation’s perimeter.
As a result of the analysis, you will receive:
- a post-incident report with descriptions of the vulnerabilities discovered
- recommendations on the steps to take to prevent similar attacks in the future
Types of anomalies
- Suspicious activity or communication on an employee’s computer (backdoor/mining)
- Unusual email sent to executives
- Hacking of a resource and its replacement with a phishing resource or a cryptocurrency miner
- Email with threats and demands for ransom
- Fraudulent company website (fraud/phishing/brand)
- Distribution of the company’s sensitive information online
- Incoming text message to an employee with a link to download malware
- External scanning of corporate nodes to find and exploit vulnerabilities
Timing of service: from 1 day to 1 week, depending on the complexity of the event
Malware Analysis (apart from incident)
1
Rapid analysis
The client receives a classification, a list of C&C servers and encryption algorithms used, a description of the ecosystem (modules, plugins, droppers, exploits, configs, etc.), and possible distribution methods.
A member of the Forum of Incident Response and Security Teams (FIRST)
An accredited member of Trusted Introducer (Association of European Security and Incident Response Teams)
A partner of the International Multilateral Partnership Against Cyber Threats (IMPACT)
CERT-GIB is officially authorised by the Carnegie Mellon University (PA, USA) and licensed to use the «CERT» trademark in its name
2
In-depth report
Full technical description that is sufficient to reproduce malware actions on an end user’s computer. It includes the following sections:
- General technical information
- Distribution mechanism
- Detection prevention
- Configuration file
- Persistence in the infected system
- C&C communications
- Data encryption
- Conclusion with recommendations
Signed memorandums of cooperation with Computer Emergency Response Teams worldwide