Events

The first BSides Latin America, this time in Sao Paulo

As time goes by, each year we have more and more BSides events all over the world where the information security community can get together in a laid back atmosphere without the usual formalities found in other conferences. For starters, anyone can be a part of a BSides, the entrance is free and the call for papers doesn’t focus so much on the history of the presenter but rather on the value of the information they are going to share.

The first BSides Latin America, this time in Sao Paulo

This year we had the first BSides Latin America conference, which joined the efforts of many other BSides organizers around the region. While the weather in Sao Paulo didn’t help much during those days, little did it matter since a full day of workshops and trainings preceded the conference day where three simultaneous tracks took place.

It was interesting to see how popular was the “Python for Kids” workshop, in which you could really see what BSides is all about. Sharing information and teaching what you know, giving your time for free to the community and expecting nothing in return. Just seeing the enthusiasm demonstrated by this new generation of hackers and information security aficionados makes you go back to your roots and remember why one is a part of this exciting community.

The first BSides Latin America, this time in Sao Paulo

The talks were as diverse as the presenters, covering topics ranging from ransomware, to hardware cryptography and some advanced persistent threat speeches mixed in between. All the presenters adjusted the presentation to their audience making each talk unique and engaging. These weren’t university lectures but a group of friends discussing about information security topics.

My colleagues Thiago Marques and Roberto Martinez gave the audience a detailed tour around the malicious activities found nowadays in Latin America and how the scenario has changed drastically over the years. Cibercriminals are upgrading their skills and toolset in order to achieve higher code quality, as well as resorting to more advanced infection and propagation techniques. Exchanging knowledge with eastern Europe crews has become the de-facto standard in regionalized cybercrime.

In addition, Fabio Assolini, described a series of attacks against network devices, DNS services, and popular advertisement networks such as Google Adsense, where local bad guys are silently and massively pilfering bank accounts without so much as a byte of malware nor a single phishing e-mail. This presentation highlighted how attacks against internet infrastructure in Latin America are leading us to a scenario of pandemic distrust against the most fundamental services and the true magnitude of the risk facing our everyday financial transactions.

If you have never took part of a BSides event before, I highly encourage it. Each one is different, and it’s one of those experiences in life where you get what you put in. There are of course various drinks available during the entire day, and music can always be heard in the background. Come for the talks, the workshops, the people, or to visit a beautiful city in Latin America, you won’t regret it.

The first BSides Latin America, this time in Sao Paulo

Your email address will not be published. Required fields are marked *

 

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox