Is ‘SexyDefense’ The Future of Anti-Espionage?

01 May 2012

minute read

Authors

Roel Schouwenberg

At the recent SOURCE Boston conference, one presentation that caught my attention was
called SexyDefense – Maximizing the home-field advantage.

This was quite a thought-provoking presentation that was based on the old concept that offense is always the best defense.

Basically, the idea is to profile your attacker(s) and subsequently modify their attack tools to something that you can silently detect. The premise is that they continue to use their attack tool because they believe they are going undetected.

During the talk, the speaker gave one example of a cryptor which had been marketed as fully undetectable. In reality, there was an anti-virus program which did detect files crypted using this cryptor. As a result, they hacked the server, modified the cryptor to make it truly undetectable statically and added silent detection/protection at their end.

Obviously, there are some very clear ethical and legal issues with this approach.

Those issues aside, this approach forces us to ponder the question: Is this the possible future in the (anti-)espionage era?

When dealing with cyber-espionage you can never have enough intelligence. And this approach is certainly a very interesting one to go about gathering more intel.

I’m not a fan of using vigilante tactics. But as more companies and industries grow increasingly frustrated with cyber-espionage/APT, I do expect to see an increase in the adoption of using offense as defense.

Interesting times.

Authors

Roel Schouwenberg

Is ‘SexyDefense’ The Future of Anti-Espionage?

Latest Posts

Latest Webinars

Reports

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Is ‘SexyDefense’ The Future of Anti-Espionage?

GReAT Ideas. Balalaika Edition

GReAT Ideas. Green Tea Edition

GReAT Ideas. Powered by SAS: malware attribution and next-gen IoT honeypots

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

GReAT Ideas. Powered by SAS: threat hunting and new techniques

ZeroLocker won’t come to your rescue

A Post-PC BlackHat?

Adobe Updates April 2014

Trust. Trust. Trust

Adobe’s First Patch Tuesday of 2014

Black Hat USA 2022 and DEF CON 30

How we took part in MLSEC and (almost) won

Lyceum group reborn

Wake me up till SAS summit ends

Targeted Malware Reverse Engineering Workshop follow-up. Part 2

Latest Posts

From Caribbean shores to your devices: analyzing Cuba ransomware

Evil Telegram doppelganger attacks Chinese users

IT threat evolution in Q2 2023. Non-mobile statistics

IT threat evolution in Q2 2023. Mobile statistics

Latest Webinars

2023 APT Landscape Unveiled: Trends, Challenges, Solutions

Cybersecurity risks in alternative energy sources

Securing ICS Workstations: Vulnerability Identification with OVAL

Unveiling the Darknet’s Malware-as-a-Service model

Reports

Focus on DroxiDat/SystemBC

APT trends report Q2 2023

Operation Triangulation: iOS devices targeted with previously unknown malware

Meet the GoldenJackal APT group. Don’t expect any howls

Subscribe to our weekly e-mails