Events

AVAR 9th Edition

Already in its 9th edition, AVAR has established itself as an important security event where the information presented can be just as exotic as the locations where it’s held. The location chosen for this year’s edition was Auckland, New Zealand – the home of the Maori, the Kiwi and the “All Blacks”, the number one rugby team in the world. The architecture is just as impressive.

The subjects covered new threats such as mobile malware and VoIP attacks but also classic questions such as phishing, Virtual Machines, and last but not least, classification and virus naming.

An interesting presentation was given by Jonathan Poon from Microsoft, who spoke about their in-house release scanning system. This system is how Microsoft provides its software, both online and boxed, in a malware-free form. Jonathan maintains a personal weblog where he regularly writes about security and malware from his unique perspective. Feel free to check it out.

One of the most discussed subjects at AVAR 2006 has been the decreasing prevalence of global virus outbreaks and the huge rise in local and targeted attacks. Along with user education and security awareness, these will probably be our main focus points in 2007.

AVAR 9th Edition

Your email address will not be published. Required fields are marked *

 

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox