And farewell from Vegas

Yesterday Defcon was winding down, the lights were being turned off, and the feeling of electricity among the participants was palpably less than at the beginning of the event. After this grand bash — now as much a part of Las Vegas as any Comdex ever was — people are sobering up, and the reason isn’t just that the alcohol is starting to wear off. It’s also due to a greater realization of just how far-reaching the threat against modern computer systems is.

I attended several sessions on malware and computer-based exploits, and it was clear to me that the bad guys are going to continue to come at our computers with full force. It was equally clear that organized cyber crime exists, with criminal groupings investing the large sums they’ve already made back in to further ‘product development’.

I’m not talking just about developing new exploit code. According to a panel of several U.S. Federal agents, organized cyber crime rings spend heavily on recruiting and retaining people, who may be geographically remote from each other.

Each person within the group will have a specific skill set which complements the skills of other members. Because in many cases cyber crimes transcends geographical borders, the ringleaders have to invest not only in people, but just as heavily in other key areas: computers and peripherals, telecommunications and other fees, and, in some cases, money-laundering and legal fronting organizations.

If this sounds like a expensive business, it is. And yet the bad guys do it because they know think that they’ll see a good return on their investment. And if it sounds like a risky business, well yes, it is. The good guys claim to remain vigilant in curbing cyber crime. As to who will win – that’s a question that only the future can answer.

The invaders from outer space, live at DefCon, 2006.

As the reported 5000+ attendees can attest to, the conference was about much more than just malware and exploits against computers. There were also lighter – though still on-topic – presentations. From upgrading an airline ticket using old ‘skewl’ techniques (which drew raucous applause from a delighted audience) to the ever popular Spot the Fed contest (you G-men need to be more watchful – or perhaps less! – of the young female hacker contingent), this 14th Defcon was both a fun and highly informative event.

And farewell from Vegas

Your email address will not be published. Required fields are marked *



The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox