Wednesday 4 October 14:00 - 14:30, Green room
Paul Rascagneres (Cisco Talos)
Warren Mercer (Cisco Talos)
The Talos researchers are no strangers to APT attacks. During recent research, we observed how APT actors are evolving and how the reconnaissance phase is changing to protect valuable 0-day exploit or malware frameworks. During this presentation, rather than concentrating on a specific malware actor, we will use various different cases to illustrate how the reconnaissance phase is becoming more important and more complex.
In some cases, the reconnaissance is performed directly by a first-stage malware (PE32) and not directly by the infection vector; we will see an example of the approach that was used to target South Korean public sectors at the end of December. At the end of the presentation, we will describe different mitigation techniques in applications (for example in Microsoft Office and Hangul Word Processor) and in the Microsoft Windows OS to help attendees protect their users against the threats described during the talk.
Paul is a security researcher within Talos, Cisco’s threat intelligence and research organization. As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world. He has been involved in security research for seven years, mainly focusing on malware analysis, malware hunting and more specially on Advanced Persistent Threat campaigns and rootkit capabilities. He previously worked for several incident response teams within the private and public sectors.
Warren Mercer joined Talos coming from a network security background, having previously worked for other vendors and the financial sector. Focusing on security research and threat intelligence, Warren finds himself in the deep, dark and dirty areas of the Internet and enjoys the thrill of the chase when it comes to tracking down new malware and the bad guys!
Thiago Marques (Kaspersky Lab)
Fabio Assolini (Kaspersky Lab)
Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…
John Graham-Cumming (Cloudflare)
In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…
Juan Andres Guerrero-Saade (Kaspersky Lab)
Costin Raiu (Kaspersky Lab)
Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…