WEBLOG CERT-LEXSI
CERT-LEXSI publishes a blog animated by its' experts and offering topical information in the field of security.
Weblog Access
who we are
The CERT-accredited LEXSI Group is the leading independent Information Systems Security Consulting firm, based in France.
For the past 8 years we have been helping our 600+ customers take care of the security of their information systems by:
providing accurate and up-to-date information and solutions regarding the latest security vulnerabilities and malicious programs,
auditing their networks and systems (external and internal pen tests, architecture design and configuration optimization ..),
conducting consulting missions on all types of security issues (Security Policy and procedures, BCP, DRP),
organizing security awareness training programs tailored to different profiles.
Our missions are compliant with current standards (BS/ISO 17 799 & 27001, COBIT, Sarbanes-Oxley, etc).
Our clients are French CAC 40 and various international companies.
We are proud to offer the exclusive services we have been successfully providing to every French financial company to every major player in the financial industry:
CERT-LEXSI, LEXSI.s acknowledged CSIRT department, conducts semantic analyses of up to 12 millions new items (spam, blogs, newsgroups, honeypots, malware codes and malicious networks) on the Internet on a daily basis.
Through such extended coverage we presently protect close to 150 financial brands in retail and corporate banking, card processing and asset management.
The CERT-LEXSI Cybercrime Division includes 20 investigators tracking suspicious content and cybercrime gangs in Russian, French, English, Spanish, Italian, Romanian, German, Portuguese, Chinese and Japanese. The team works hand in hand with national law enforcement agencies and numerous CERTs and security companies worldwide.
Financial cybercrime rapidly expands and fraudulent techniques constantly adapt to the ever-changing environment; new modus operandi get introduced, criminal organization structures evolve, targeted assets expand in volume and numbers, geography and global financial impact increase. Since 2003, the CERT-LEXSI has conceived industry responses to cover the three complementary axes: detection, investigations and mitigation.
Incident detection
According to LEXSI, the detection process involves:
conceiving innovative information systems to monitor new types of attacks (spam, phishing, banking malware, DNS poisoning attacks, fake bank and other fraudulent sites),
expanding one's outlook on the Internet by increasing the volume of monitored documents: in order to get a broader coverage, LEXSI monitors more than 125m spams, 2m new domain names, 6m new web content items and keeps track of activity of 35k malware and 340k DNS servers.
The Internet constantly challenges any surveillance system, however sophisticated it may be, making it very hard to achieve a global snapshot of the drifting information environment.
Therefore, successful detection requires restrictively specific and regularly updated surveillance patterns for sensitive data capturing: tracking of cybercrime gangs' systems, monitoring of fraudulent hosting services, on-the-fly monitoring of sensitive forums or channels. LEXSI has already successfully implemented such surveillance infrastructure for the major financial companies in Paris, France.
Alert qualification
At the core of CERT-LEXSI's expertise stands our team of analysts and multilingual security experts, who dismantle most exotic fraudulent schemes and deactivate new attack techniques. All client-related incidents are studied and evaluated by a dedicated analyst who provides you with confirmed and high added-value information. All technical incident-related information and, most importantly, recommendations containing a list of immediate actions are also provided.
Investigations and mitigation
The CERT-LEXSI team provides regular investigations for all handled cases, most of which usually unveil critical operational information which may later be used for forensic purposes:
Standard investigations include profiling the attackers in order to evaluate the severity level of the alerts,
Advanced investigations may include attackers. full profiles (identity, fraudulent background, location, contacts, psychological profile), infrastructure and attack patterns, stolen data examination, etc.. New trackers are usually positioned upon investigation result analysis and are meant to facilitate detection and prevention of new threats from the same attacker.
From LEXSI's viewpoint, successful investigations require:
Sound methodology,
Continuous training for analysts,
Efficient investigation tools,
Fraudulent patterns database.
Furthermore, our CERT-LEXSI investigators natively or fluently speak Russian, French, English, Spanish, Italian, Romanian, German, Portuguese, Chinese and Japanese. Languages are essential for deep investigations conducted in a world where financial cybercrime is mainly led by Russian, Brazilian, Romanian or Asian criminals.
The CERT-LEXSI team also runs tactical countermeasures, such as takedowns of phishing websites, fraudulent hosting servers (used for botnet herding or malware proliferation). As a recognized CSIRT with years of experience in such measures, we usually achieve required results in minutes. We may also go further by recovering and analyzing logs from the implicated operators, discovering further traces left by the fraudsters, etc..
Once resolved, all incidents are placed under close surveillance. We follow up any renewed activity (reactivation of fraudulent web sites, malware updates, etc.) and stay ready to take action in case of necessity.