Events

The CARO 2010 Technical Workshop

Today was the opening day of the CARO 2010 Workshop, which is hosted by F-Secure in Helsinki.

Mikko Hypponen, the CRO of F-Secure opened the conference by announcing this year’s theme, which is Big Numbers. With between 30,000-50,000 new malicious samples daily, this is a very hot topic in the industry.

One of the highlights of the conference was undoubtedly the keynote address by Dr Alan Solomon.

Dr Solly spoke a bit about the history of computer viruses, starting with the Brain boot sector virus, but also about the founding of CARO and EICAR.

The industry has come a long way from the days of 5 new samples a week. Sample-sharing initiatives, more efficient ways of fighting malicious code and malicious websites were just a few of the subjects discussed. Our own Roel Schouwenberg spoke a bit earlier about the mentality shift required for moving from detecting continuously changing threats to detecting their original sources.

For live coverage of the event, feel free to follow @caroworkshop on Twitter or watch for the tag #CAROHELSINKI.

The CARO 2010 Technical Workshop

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox