Insights from the 1st Ibero-American Summit

Last week, we held our first Ibero-American virus analyst summit, to which we invited 34 journalists from 14 Latin American countries, as well as Spain and Portugal. Speakers and panelists included antivirus experts Jorge Mieres, Fabio Assolini, Vicente Diaz and Dmitry Bestuzhev.

Our summit was held in the vicinity of Cancn in Mexico – a place that is famous for its beaches, resorts and ancient Mayan pyramids.

What did we discuss? Regional targeted APT attacks, which we believe may become a real threat within 5 years or less. Specifically, we talked about targeted APT ttacks in which one Ibero-American country attacks another country in the same region. Such attacks can be reasonably expected to take place as soon as three or four years from now.

Another issue discussed was that the number of attacks targeting financial data correlates with the economic situation in the country affected by the attacks. The economic crisis in Spain and Portugal led to a decrease in the number of such attacks, compared to the countries of Latin America.

Jorge Mieres demonstrated that many infection-related problems in the Ibero-American region are due to pirated unpatched software. What further aggravates the situation is that there is often a lack of policies and configurations aimed at improving the overall security situation.

Fabio Assolini presented detailed information on Brazilian malware writers and their annual earnings. Curiously, while malware writers in Europe and Asia prefer to remain in the shade and refrain from disclosing their identities, their Brazilian colleagues conduct PR campaigns in social networks and on YouTube.

Finally, Vicente Diaz presented examples that demonstrate how easily our online social life can be used for targeted attacks. He also talked about the threats which we are not yet aware of and which will nevertheless become real in the near future, such as on-board computer infections in cars and other vehicles.

We also recorded several webcasts in three languages: English, Spanish and Portuguese. They should become available to the general public soon. The event offered a plethora of interesting insights, and this is just the beginning!

Insights from the 1st Ibero-American Summit

Your email address will not be published. Required fields are marked *



Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox