Jindrich Kubec Avast Software
Eric Romang
This presentation will detail a forensic & detective model that describes the early development of the watering hole campaign which was mostly active from December 2012 to January 2013, mainly targeting energy industries, governments, non-profit organizations and human rights websites. After the initial targeted attack, the vulnerability cooled sufficiently to allow integration in different confidential or public exploit kits.
We will also delve into the past and show that there is clearly a connection with previous (September 2012) watering hole attacks on industrial websites, and also with watering hole attacks through Twitter in May 2012. The earliest phases of the vulnerability, just like the Big Bang, are subject to much speculation. We will try to observe the most distant things that a security researcher can see. The timeline of the attacks, together with the disclosure, detection and publication dates, will be shown. In addition, the code structure and changes will be analysed, including the binary payloads, mostly remote access tools.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.