The Computer Emergency Response Team of Group-IB – CERT-GIB, having received the appropriate accreditation , has become an official full member of FIRST (http://www.first.org/members/teams/cert-gib).
CERT-GIB is an independent unit of Group-IB, which is responsible for the systematic monitoring of information security incidents and potential threats in the . RU, .RF and .SU domain zones. CERT-GIB has a special formal agreement with several of the largest domain name registrars in Russian Federation and the Coordination Center for TLD on the subject of phishing, fraudulent and malicious resources monitoring, including botnets intelligence.
It is important to mention that previously there was only one CERT from Russian Federation – RU-CERT having FIRST status, but this accreditation is truly the first 24/7/365 CERT with successful and positive results and experience in cybercrime investigations and incident response. The addition of CERT-GIB has fundamentally changed the landscape of immediate incident response and provided alternatives to companies who need real time action.
Currently FIRST has more than 200 member countries from the European Union, the Asia-Pacific region, the U.S., Canada, Australia and the CIS.
The procedure for assigning such status is quite complex and requires a nominated member of CERT FIRST to perform a number of requirements for responsiveness, security, methods of storage and handling, and the availability of qualified professional staff to investigate the incident, as well as the positive voting of other FIRST members.
CERT-GIB was established in October 2011, and during its existence more than once proved the effectiveness and efficiency of their work, with the participation of experts of Group-IB:
Leonid Kuvaev, 8th spammer in the world, arrested for 20 years
(2010, joint operation with help of Microsoft and Group-IB);
Carberp Group, $4.5 million was stolen, 8 people were arrested
(2012, joint operation with FSB, MVD, ESET and Group-IB);
GRUM Botnet takedown cuts world spam by 18 percent
(2012, joint operation with FireEye, Spamhaus, Group-IB);
Group-IB and department K prevented the theft of 1 billion rubles
(2013, joint operation with MVD “K”, national bank Sberbank and Group-IB);
Cooperative Efforts To Shut Down Virut Botnet
(2013, joint operation with Austrian CERT, CERT.pl and Group-IB CERT-GIB);
Group-IB researchers find new point-of-sale malware called BlackPOS
(2013, all the investigation details were provided to VISA and USSS/FBI).
Currently CERT-GIB officially was placed in the registers of Trusted Introducer, ENISA CERT registry, IMPACT-ITU, thus enabling its specialists to carry out comprehensive cooperation with CERTs of foreign countries about new global threats and malicious activity.
Representatives of the CERT-GIB will take part in the 25th international conference of FIRST, which will be held in Bangkok from 16 to 25 June 2013.