Events

Virus Bulletin 2014: new times, same challenges

During the last week of September the antimalware industry got together in one of the oldest and most legendary information security conferences in the world, the 24th Virus Bulletin International Conference (VB2014), held in the beautiful Seattle, USA. Kaspersky Lab was there to present and share a wide range of ongoing research topics with the security community.

seattle

In the first day of the conference we were shown over and over how the Linux operating it’s not so malware free any more. Dismantling the myth, we had several talks on the topic, amongst them “Ebury and CDorked. Full disclosure” and “Linux-based Apache malware infections: biting the hand that serves us all” brought attention to non-traditional malware, and how the Apache web server is caught in the middle of this *nix world, becoming an efficient platform for attacking and infecting unsuspecting clients.

My colleague Santiago Pontiroli presented about the current “bitcoin bonanza” and how cybercrime is quickly targeting cryptocurrencies and their users. While sharing some of the most interesting malware samples that target bitcoin and other alternative currencies, the audience got an overview of the benefits that digital currencies offer to Latin American countries and the reasons behind criminals’ activity.

santi

The icing on the first day’s cake was the presentation shared by Patrick Wardle who covered “Methods of malware persistence on Mac OS X“, again showing us that not everything in the malware ecosystem is about Microsoft.

With so many good talks to attend in the second day, sometimes making the right decision was rather difficult. A very interesting presentation by Jérôme Segura, regarding Technical Support Scams, demonstrated in detail how to build a honeypot to catch these scammers while emphasizing the importance of user awareness and education.

I presented a one year research about the attacks against boletos”, an old and very popular payment system from Brazil based in printed documents and a barcode, showing how local bad guys have adapted their trojans to change them, redirecting payments to their accounts, and stealing millions of dollars in the process.

fabio

It was the turn for my colleague David Jacoby to present an extremely funny (yet informative) presentation on how he hacked his own home, exploiting different vulnerabilities on networked devices such as Smart TVs, printers, NAS, etc. Interactively demonstrating how exposing these devices to attacks would mean compromising an entire home network, all the presentation was displayed with funny GIFs and (interestingly enough) the slides were hand crafted with MS Paint.

david

Security Researchers from Microsoft gave us a run down on .NET malware analysis with their last minute paper “.NET malware dynamic instrumentation for automated and manual analysis”. As malware developers are increasingly relying on high level programming languages for their malicious creations, tools like the one presented in this talk will become essential for malware analysts looking to become proficient in .NET malicious applications study.

And the last Kaspersky presentation was from Vicente Diaz on “OPSEC for security researchers”. Working as a security researcher nowadays is not an easy task, especially now that we no longer deal only with technical aspects. The global picture of the security landscape these days features new actors including governments, big companies, criminal gangs and intelligence services. That puts researchers in some tricky situations.

Vicente

The closing panel was funny and informative, with David Jacoby bringing awareness to the community on how disclosure of important vulnerabilities (like Heartbleed, and now the infamous Shellshock) should be handled, and what roles do vendors play in this scenario. After the keynote address by Katie Moussouris of HackerOne on “Bounties and standards and vuln disclosure, oh my!”, the final panel left us with a cohesive feeling for the conference, bringing into the spotlight what the industry as a whole should be facing in terms of vulnerabilities disclosure and the same challenges we had to protect connected devices, the Internet of Things, crypto currencies and payment systems.

Times change but the same challenges remain, one thing is clear, we are still here to protect the user and fight against cybercrime.

Virus Bulletin 2014: new times, same challenges

Your email address will not be published. Required fields are marked *

 

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox