Events

CeCOS VIII – Hong Kong

The eighth annual Counter-eCrime Operations Summit (CeCOS VIII) was held in Hong Kong on April 8th , 9th and 10th, 2014.
The event brings together global leaders from financial services, technology, government, law enforcement, communications sectors and research centers.

208214253

Cybercrime fighters from the field examined:
– Public-source criminal tracking techniques
– Cloud and mobile malware forensics
– The latest crimeware and web-based attack schemes
– Bitcoin as a cybercrime tool
– Globalized industrial cybercrime event data sharing
– Ransomware scams menacing businesses
– Global approaches to securing the Domain Name System

CeCOS VIII was an open conference for members of the electronic-crime fighting community. The agenda is located at http://apwg.org/apwg-events/cecos2014/agenda and I had the opportunity to share recent research results on the second day of the event.

208214254

My topic was the broad global abuse of compromised websites for malicious purposes.
After showing plenty of samples of such problematic websites in Japan, I went on to highlight local .hk samples and exposed samples related to the recently discovered “AOL spam” problems, namely compromised domains redirecting to diet scams or ‘housewife-make-money-from-home’ scams.

208214255

We had been seeing these suspicious URL patterns since the end of February 2014 and took measures to detect related data as “Trojan.JS.Redirector.acf” as well as heuristically.
More information about this threat can be found at virusbtn.com.

This Year’s CeCOS VIII included about 130 attendees from around 20 countries. The organizer noted: “In some dimensions, this is the strongest operations program we have ever organized. I know that important developments will proceed from CeCOS VIII and make enduring contributions.”

I can only confirm that there were plenty of opportunities for discussions and networking and it was a fruitful event – as usual, I may add.

CeCOS VIII – Hong Kong

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox