Ohad Zaidenberg - CTI League - Community Talk

our next speaker is going to be ohad Seidenberg he is one of the founders of the CTI league and it's all about volunteering during a type of crisis that's really going to be the heart of what we're gonna talk about in four short months they've accomplished so many things ohad is the lead cyber intelligence researcher for clear sky cyber security where he tracks state-sponsored malware propaganda influence campaigns psychological warfare and he focuses on Iran oh my goodness what a topic right now of all times you know and I can't welcome or had enough please join me in giving him a strong warm welcome to the p-side service stage ohad take it away [Applause] so hello everyone and thank you for

joining me in this community talking was really really excited to have in this I want to take to thank besides tel Aviv for the opportunity to talk about the CCI League the first global community dedicated to neutralize in cyber threats looking to exploit the current pandemic and to protect life-saving sector so Karen told a lot of about me but I want to introduce myself in person as you heard my name is Eisenberg I'm the founder of the city Ally I'm leaving Tel Aviv here five minutes away from this place and everything that's already strapped so let's start the story of the city I League four five six months ago on January when general I started to see

more and more threat actors trying to leverage the current crisis to input for example the team of the corner into the decoy documents all the documents the trying to leverage in some social engineering methods in order to attack some clients and victims and on January when it was just a small virus an unknown virus in China I started to see more and more threat actors use it then I saw an increasing of that on mouch I started to think what would happen if some occurs try to reply the scenario of not petia from 2017 the time that ransom were targeted hospitals in the US and around the world this is a real danger this is

now note that this is not the time to do it this is a real threat now that might causing death the bass the equation that I do is very simple if some Hospital need to choose between pain to ransomware or Bank new ventilator I prefer that this hospital will buy this new ventilator so I started to think how can I contribute to this effort because I can't I'm not a doctor I can't fight the virus itself but I can contribute and participate in the fight of the world of the virus I can help to protect life-saving sectors I remember a really long denied drive that I add to Tel Aviv just after the Prime Minister of Israel announced about

the quantum and I said to myself you are going to have a lot of spare time right now you are going to stay at home for at least one or two months you need to do something for the medical sector I thought about a slack channel some small slack channel 450 maximum people that's going to answer some scripts on Jordan to identify vulnerabilities but only a few days after the second biggest shaker public hospital was targeted and heated by a cyber attack that was the trigger that said to me you need to do something now that was the trigger for me to stop sitting on the fence and start operating death City Island I reached Nate

Warfield is one of my co-founder because it witted a lot of ease effort to identifying vulnerabilities in medical organizations I sent him a message and I said hi I'm in the last few days I think about creating the poor bond of CGI community dedicated to the current crisis like a strep channel do one hour join me so together alongside with Mark holders and Chris miles and all the management team of city eyelid we established the first global community dedicated will become on crisis I want to start talking about the city ilyich itself with this map this map does not presenting the distribution of the virus of corner this map includes all the countries that we have volunteers form

from New Zealand to Australia Japan India the Middle East Europe South Africa and other countries in Africa northern South America people joined us for more than 1500 people from all around the world more than 80 countries in 21 time zones it means that every time in the league we have at least one member that is active and ready to act so we started the city a league as global the CIL also is a community it means that we want to connect people want to build the social network but professional network of people that want to volunteer to want to contribute poor bono to some great goal we want to make change but we really care about what

people wear the members of the city I League think about our daily should operate we are a community of cyber threat intelligence experts incident responders industry experts and are really happy about the fact that we have a lot of law-enforcement organization and representative in the community these connections is very very very very important to the league because together we can break the silos and the barriers between people all around the world no matter the country no matter the place we can connect them and operate is one unit to make the change this is the first time law enforcement organizations from all around the world whether it's government in organization agencies or national cells can talk directly with

experts not from only from the country from all around the world on that those are the missions of the city I lead the first mission in the most paralyzing the most initial mission of the city eyelid is to neutralize cyber threats looking to exploit the current covenant in pandemic the second mission of the city eyelid is to protect life-saving sectors from cyber attack by life-saving sectors I mean the medical sector the public health sector the emergency sector of all the people that now fighting the virus standing on the field on the frontline of the virus and someone need to watch them - if we can contribute and help them protecting their network the organization's they

will be able to save life more than painful antemer and the last mission and I'm going to talk about it in a few minutes is to support the law enforcement organization against the cyber threats that are a danger for the public safety to understand how we achieve this mission of these missions I'm going to talk about four main core services of the city eyelid all of these services are pro bono services none of the city I look volunteers getting money from it we don't ask money from the organization we do it because we believe that we can make change we do it because we saw already our effective can we be how fast we can walk faster

than any company in the world because we are united we have representative of all the great companies that exist in the world and we're looking for more so let's talk about the core services of the city I live the first one is neutralization we can compare neutralization to getting a vaccine or using a medicine for disease transaction means neutralized malicious activity exploiting the current covenant in pandemic or targeting the life-saving sectors which are the medical the emergency the Public Health and we do that by three main services or efforts the first one is takedown we want to terminate or to eliminate the infrastructure and the assets of the trash Actos from the internet we were able to

do it and we did it with amazing amount of tear downs for sure at the last few months of the CGI League we were able to take down and remove from the internet a lot of stress we can try out the information to the medical sector for example or to the organization that were impersonated we can escalate with the information to further investigation of these law enforcement organization we believe if we will take down these threat actors infrastructure we will be able to disrupt their ability to conduct the criminal activities we will be able to make a safer place for the medical sector but this is not enough because you can't take down all the malicious

infrastructures from the internet we need something else we need something more than vaccine so we have prevention if we talked about neutralization on the terms of the medical sector as I've seen we have the prevention which is met wearing a mask basically the prevention is reduced the level of threat for our stakeholders on that matter we are identifying vulnerabilities compromised assets in the GMAT and illegitimate ways including the darkness definitely data leaks all of these very very important knowledge about the infrastructure all the vulnerabilities that the actors can exploit to do harm for these organizations and we can create a databases of viruses or it these great actors that focusing on the medical sector for example and to share it with

the organizations with the Caesars of the organization and its really important to us to send the information to send it indicators for example the way that the organization can posted the data we made a survey at the beginning of this crisis with many seasons of hospitals all around the world part of them said we can't integrate me miss poor stakes or even open city I you can send us block list so we created the Geeta dedicated for them we can escalate information - LT sucks for example all around the world and then we'll reach the organization said hey you have vulnerabilities please touch it but it festers you can reduce the level of threat to your organization in some

cases the vulnerabilities will so severe that we needed to outreach the specific organization by phone and say them please patch it now this is a real threat for you we can share with them compromised assets threats for these sectors trends that exist in cyber domain and threaten about them so we have the internalization where the prevention let's talk about supporting supporting slack going to the doctor the city a league wish to offer for the medical sector and all the life-saving organizations support with cyber protection capabilities want to improve their cyber protection capabilities want to guide them and to supply technical advisors how to become a protected organization we want to help them with infrastructure support to mitigate cyber

attacks and data leak against them I never thought about that alex is threat for the medical sector but after all the amazing therefore that our darknet indeed we saw how many data medical data sensitive data exists for selling and of course want to offer our services if needed but this is not enough we can't focus only on the life-saving sectors if we want to make change now during this crisis we need to do some other services just related to the corner but not related only for the life-saving sector and I want to mention two of these efforts one is this information we have amazing amazing amazing this enformation walk up that walk 24/7 news of amazing

CGI tools to help preventing health-related down it can be boxing denials it be fake news operation against the corner against some rules for example of the government to undermine the importance of these rules this is very dangerous because on that we can see more and more people not listening to the walls and then we can say we can suffer second wave they escalate information they take it down they alerted the specific organization in need and they use social media output influencer to help them this group this war group wish to help the medical facilities and organization to build cyber resilience against disinformation attacks I want to mention another health-related support that we supply as the city I League is the L eat the law

enforcement collaboration want to neutralize cyber threats looking to exploit the can pandemic I studied some I said it a few times here let's take an example imagine with me what would happen if someone who maybe not believe in the government for example because of a disinformation campaign we'll find an ad on the darknet about test for the koala crisis he has the symptoms he wants to do a tested on it doesn't believe food to the government you use the test the t-bolt on the darknet and then get a negative result is thick but is get a negative result what would happen is going to go out and infect others it can cause second wave can

cause dead wave on the mat of that and it can cause that people can die and we need to protect them we need to help the law enforcement organization all around the world to mitigate these type of scams we want to help them basically to reduce the danger for the public safety and of course now we suffer the corona crisis this is a global event but in the future we might suffer more events may be not only health-related and we want to be ready to protect and to help the law enforcement organization with new events global events my touch crisis when protect them help the threats for the wall on that matter I want to thank all the law enforcement

organization that worked with us including Christopher Krebs that point out the good collaborations with the CGI leagues Christopher Krebs is the head of Caesar from the DHS and all of these members of the city I like that he'll so much for the medical sector so if I look to the future do you remember the equation that I did at the beginning of this talk I made that I said the treatment fell that the organization will buy ventilators for example and not paying for a ransom oh god this is to not only now during a crisis this is true for all the time so we would like to stay to keep the CTI League for the future in three months

and a half in almost four months of operating the city I live Paul bond not getting even a single dollar foiled we saw a vulnerable the life-saving sectors are and how many threats exist only for them I couldn't believe it myself you remember that I said beginning of this talk that I thought it going to be 50 people and only finding vulnerabilities there are so many threats so we would like to build some model of an open cell still community volunteer laid still nonprofit still global still life-saving sector focused and ready for the next event whether it's medical or non-medical for that I'm happy to announce for the first time about the a curtain of the city a league from the

15th to the 18th of July if you want to join us if you want to participate and take your effort that your part in this fight join us via website for the end of this talk I want to thank all the management team of the city a league and more than anyone I want to thank all the members and volunteers of the city a league it worked so hard pro bono for the medical sector for the life-saving sectors and made so much change in this world thank you very much for besides to having me thank you