Events

2nd Latin American Security Analyst Summit and threats around us

On 20th and 21st of August we had our 2nd Latin American Security Analyst Summit here in Quito, Ecuador.

It was not a closed-door event; we had guests from 13 countries of the region including our panelists from law enforcement agencies who work every day in the fight against cybercrime:

Emerson Wendt from the civil police of Brazil @EmersonWendt
Segundo Mansilla from the Police of investigations of Chile @s_mansilla
Fausto Estrella from Cyber police of Jalisco, Mexico
Santiago Acurio from Catholic University of Ecuador / Lawyer and Doctor of cybercrime Jurisprudence.

During our panel discussion about Online Security Threats, Laws and Challenges in Latin America we discussed many topics like: Is it legal to use proactive security / offensive security to track cybercriminals? How to survive when cybercriminals threaten your life? What are the limitations we face when trying to fight cybercrime effectively inside Latin America? Why cyber crime grows every day if you put so much effort in fighting it? These are just a few of the questions we had an opportunity to discuss publicly.

Also during the program we had presentations from our security experts.

Fabio Assolini @assolini presented on the modern Chucho el roto stealing money from online banking in Latin America and cooperating with other cybercriminals from Eastern Europe countries.

Jorge Mieres @jorgemieres did a nice presentation about how mobile malware frauds work. He showed many legal tricks cybercriminals use to gain money through ads inside legal apps installed on mobile devices around the globe and also Latin America.

Roberto Martinez @r0bertmart1nez presented one the challenges of collecting and processing electronic evidence within a forensic analysis process. He showed many real life examples when a cyber criminal didnt go to jail just because the electronic evidence was not handled carefully.

And finally Dmitry Bestuzhev @dimitribest gave 2 presentations. The 1st one was about the cybercrime landscape in Latin America where the Web is the most preferred media used to attack victims. However, the same victims often fall into a trap just because of bad habits looking for free stuff, illegal programs and also porno content. While Europe and North America is in crisis, the economy of Latin America has been growing every day. That makes it possible for cybercriminals of all nations to focus on victims from the region.

The 2nd presentation was about digital threats putting at risk our real and not only digital lives. For example SSH connections from the passenger seat of an aircraft to its computer; the weak points of SCADA systems which run the most critical infrastructures and how unfortunately they could be use to cause massive destruction. I also showed real life malware examples used by some governments to spy on their own citizens.

You can find some pictures I took with my cam here.

2nd Latin American Security Analyst Summit and threats around us

Your email address will not be published. Required fields are marked *

 

Reports

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

What did DeathStalker hide between two ferns?

While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”.

Subscribe to our weekly e-mails

The hottest research right in your inbox