CERT-GIB

Computer Emergency Response Team

Experiencing a breach?

Get help now
50+high-skilled analysts
55 000+hours of incident response

What is CERT-GIB

Back in 2011, we created the first 24/7 private certified emergency response service in Eastern Europe, united by a mission: to immediately contain cyber threats, regardless of when and where they take place and who is involved.

Why CERT-GIB

Human proficiency

  • 55 000+ hours of emergency incident response
  • strategic team with a global vision and able to adjust defence methods to different verticals
  • close collaboration with Forensic Laboratory, Threat Intelligence and Investigation teams

Intelligence-
driven

  • use of world-class proprietary threat intelligence
  • context analysis to foresee sophisticated cyber threats behind trivial events
  • development of cutting-edge solutions to improve cybersecurity practices

In-depth expertise in APTs

  • attribution of targeted attacks vs. random infections
  • identification of threats behind "legitimate" actions
  • extensive knowledge of cybercriminals’ tools and techniques

International cooperation

  • collaboration with all russian top‑level domains which helps CERT-GIB block dangerous websites in these domains
  • partnership with CERTs and anti‑cybercrime associations worldwide striving to ensure safety in the digital space around the globe

24/7 incident response hotline

When it comes to real-life incidents, every minute counts. CERT-GIB is your round-the-clock first technical emergency aid to help you contain the threat and bring trusted incident responders, forensic analysts, and investigation experts on the scene if needed to eliminate costly delays.

  • Network intrusions
  • Malware infections
  • Data leaks
  • All types of phishing
  • DoS/DDoS attacks
  • Breaches of web resources
  • Targeted attacks
  • Online and mobile banking fraud

How it works

1
Alert on the incident
  • 24/7 monitoring
  • call us on +7 (495) 984-33-64
  • email us at response@cert-gib.com
  • fill out our incident response form
2
Analysis and classification
  • establishing the source of the threat
  • assessing the intensity of the attack
  • obtaining context from Threat Intelligence
3
First aid incident response
  • clear instructions on how to contain the incident
  • blocking pf phishing & dangerous websites
  • proactive monitoring to prevent future threats
4
Incident response & investigation
  • containment of severe attacks
  • digital evidence collection
  • threat actor identification and support with further investigation

Anomaly analysis

Today, the threat landscape is more difficult than ever to defend. Attack speed is rising, the variety of attacks is spiralling. We examine problems that have widespread cybersecurity implications and develop advanced methods and tools to counter large-scale, sophisticated cyber threats.

By detecting and analyzing anomalies, our security analysts are able to prevent severe data breaches, find malware entry points, foresee external attacks, and in general detect vulnerabilities within an organisation’s perimeter.

As a result of the analysis, you will receive:

  • a post-incident report with descriptions of the vulnerabilities discovered
  • recommendations on the steps to take to prevent similar attacks in the future

Types of anomalies

  • Suspicious activity or communication on an employee’s computer (backdoor/mining)
  • Unusual email sent to executives
  • Hacking of a resource and its replacement with a phishing resource or a cryptocurrency miner
  • Email with threats and demands for ransom
  • Fraudulent company website (fraud/phishing/brand)
  • Distribution of the company’s sensitive information online
  • Incoming text message to an employee with a link to download malware
  • External scanning of corporate nodes to find and exploit vulnerabilities

Timing of service: from 1 day to 1 week, depending on the complexity of the event

Malware Analysis (apart from incident)

1

Rapid analysis

The client receives a classification, a list of C&C servers and encryption algorithms used, a description of the ecosystem (modules, plugins, droppers, exploits, configs, etc.), and possible distribution methods.

A member of the Forum of Incident Response and Security Teams (FIRST)

An accredited member of Trusted Introducer (Association of European Security and Incident Response Teams)

A partner of the International Multilateral Partnership Against Cyber Threats (IMPACT)

CERT-GIB is officially authorised by the Carnegie Mellon University (PA, USA) and licensed to use the «CERT» trademark in its name

2

In-depth report

Full technical description that is sufficient to reproduce malware actions on an end user’s computer. It includes the following sections:

  • General technical information
  • Distribution mechanism
  • Detection prevention
  • Configuration file
  • Persistence in the infected system
  • C&C communications
  • Data encryption
  • Conclusion with recommendations

Signed memorandums of cooperation with Computer Emergency Response Teams worldwide

Experiencing a breach?Get help now

Please fill in the form below to get immediate assistance from GIB-CERT

 

Thank you for the inquiry! We will contact you soon.

Report an incident

24/7 Incident Response Assistance +7 495 984-33-64

Thank you!
We will contact you soon.