VB2012 day 2

One of the things I dont like from conferences is when there are two talks you want to attend scheduled at the same time. And this is what happened to me in VB2012.

Fortunatelly David was on the stage for a whole hour, so I attended his first half and then I switched to Fabios talk.


Both talks are somehow related with “unsuspicious” devices being abused by cybercriminals.
David talked about how most of the AV industry probably does not pay enough attention to protect unix/linux-based devices and servers. We see on a regular basis how cybercriminals abuse all kind of *nix servers for the distribution of malware and to set up their malicious infrastructure. As David says: “Why Im here talking about something 10 years old? because we have done nothing!”

Fabio explained a real example on how other unsuspicious devices are being abused in Brazil, in this case home DSL routers. The existence of well known vulnerabilities for these devices and the easyness to find vulnerable devices on the Internet was abused by brazilian cybercriminals to redirect their victims to their DNS servers. Making more than 50,000 USD a month, cybercriminals then decided to spend all their money on Rio de Janeiro in prostitutes! But the problem is how all the players here (ISPs, LE and vendors) are not taking security seriously.

Who was the winner in this battle? Im sorry David, but Fabio won the #presentattionGame and said the secret word during his talk!

However there was more interesting material in VB2012 day 2. One of the talks I found most interesting was “Measuring the cost of cybercrime” by Tyler Moore. He and his team have been working on a comprehensive economic framework to calculate the true cost of cybercrime based on solid data and economic implications. I really thing this is necessary for the whole industry and for the society, to truly understand and base our risk perception on solid foundations and not estimations. You can find more details here .

And as an extra bonus, here you can find the presentation I did today on privacy:

I will prepare a more detailed article on this, as I understand it might be difficult to follow the PDF without the explanation, but I hope you find this interesting.

Follow me on Twitter

VB2012 day 2

Your email address will not be published. Required fields are marked *



GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

Subscribe to our weekly e-mails

The hottest research right in your inbox