VB2012 day 2

One of the things I dont like from conferences is when there are two talks you want to attend scheduled at the same time. And this is what happened to me in VB2012.

Fortunatelly David was on the stage for a whole hour, so I attended his first half and then I switched to Fabios talk.


Both talks are somehow related with “unsuspicious” devices being abused by cybercriminals.
David talked about how most of the AV industry probably does not pay enough attention to protect unix/linux-based devices and servers. We see on a regular basis how cybercriminals abuse all kind of *nix servers for the distribution of malware and to set up their malicious infrastructure. As David says: “Why Im here talking about something 10 years old? because we have done nothing!”

Fabio explained a real example on how other unsuspicious devices are being abused in Brazil, in this case home DSL routers. The existence of well known vulnerabilities for these devices and the easyness to find vulnerable devices on the Internet was abused by brazilian cybercriminals to redirect their victims to their DNS servers. Making more than 50,000 USD a month, cybercriminals then decided to spend all their money on Rio de Janeiro in prostitutes! But the problem is how all the players here (ISPs, LE and vendors) are not taking security seriously.

Who was the winner in this battle? Im sorry David, but Fabio won the #presentattionGame and said the secret word during his talk!

However there was more interesting material in VB2012 day 2. One of the talks I found most interesting was “Measuring the cost of cybercrime” by Tyler Moore. He and his team have been working on a comprehensive economic framework to calculate the true cost of cybercrime based on solid data and economic implications. I really thing this is necessary for the whole industry and for the society, to truly understand and base our risk perception on solid foundations and not estimations. You can find more details here .

And as an extra bonus, here you can find the presentation I did today on privacy:

I will prepare a more detailed article on this, as I understand it might be difficult to follow the PDF without the explanation, but I hope you find this interesting.

Follow me on Twitter

VB2012 day 2

Your email address will not be published. Required fields are marked *



The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox