Events

Story of one presentation – Gartner Symposium Barcelona

This week I attended the Gartner Symposium in Barcelona. The event is for IT leaders and executives, held in a magnificent venue and superbly organized.

Having the chance of giving a talk there, I wondered what kind of message should I give to such attendees. These people lead big companies and get regular reports from the best analyst in the world. During the conference basically they will get tons of information, and I wanted my message to remain in their minds, so I decided to go for a practical approach.

When talking about the next and most dangerous threats for big companies in the near future, I did not want to enter into technical details that would make my public go away or go to sleep in the first five minutes, so I decided to center my presentation on targeted attacks and consumerization. Basically, we are facing a new paradigm where I think we are not considering seriously the human factor as, probably, the weakest link in the security chain.

The message was clear and useful. The next think I needed to do was to prepare something “shocking” so my attendees will remember my presentation and hopefully, apply some measures in order to secure their organizations against the described threats. I wanted they to know how “hard” it was to create a targeted attack, so I chose some popular tools for gathering information such as The Harvester and for preparing social engineering attacks such as SET.

Basically, using these tools you can create a replica in your own system of some of the most popular sites such as Gmail or Facebook for stealing credentials in less than 1 minute, as well as send mass mailing phishing messages to the targets gathered in the information gathering step. The message here is clear: never to promote the use of these tools for badness, but we should face reality. These tools are freely available and it depends on the user of making a good or bad use of them, they are not malicious by themselves. Still, in case someone chooses the bad way, it is very easy for an attacker with zero technical knowledge to create a targeted attack.

I strongly recommend spending a few minutes learning how to protect against this attacks in our LabMatters video on the topic.

Updated: Even very sophisticated attacks such as Duqu are initiated by social engineering. Check the excellent post of my colleague Aleks.

Story of one presentation – Gartner Symposium Barcelona

Your email address will not be published. Required fields are marked *

 

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox