Title of research: SecurityScorecard Discovers new botnet, ‘Zhadnost’, responsible for Ukraine DDoS attacks
Author(s) of research:
Ryan Slaney
Please explain why you are nominating this piece of research:
I am nominating this novel research that provides insights into a previously unknown botnet targeting Ukraine in the early days of invasion. This has become a blog series covering new findings using techniques to map Network flow to known botnets.
Relevant link/s (note, link added by VB, not by person/s nominating):
Title of research: CHERNOVITE’s PIPEDREAM Malware Targeting Industrial Control Systems (ICS)
Author(s) of research:
Dragos Global Intelligence Team
Please explain why you are nominating this piece of research:
The PIPEDREAM malware is unique research which examines the 7th-known ICS malware. PIPEDREAM is comprised of 5 distinct components, including 3 components that are specifically designed to be used in operations against sensitive OT environments. The completion of this research involved bringing together advanced malware analysis with expertise in industrial environments, equipment, protocols and industrial standards.
Relevant link/s (note, link added by VB, not by person/s nominating):
Title of research: When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
Author(s) of research:
Mike Harbison and Pete Renals
Please explain why you are nominating this piece of research:
Exposing BRc4 brought awareness to all security vendors and the community that a new tool was on the market being used by threat actors.
Relevant link/s (note, link added by VB, not by person/s nominating):
Title of research: Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Author(s) of research:
Mike Harbison and Pete Renals
Please explain why you are nominating this piece of research:
With the current Ukraine war this research brought awareness that Russian actors are still active, and using advanced techniques to deliver Cobalt Strike to targets. This research brought awareness of a technique that was previously unknown to the industry, that being the use of Google Drive to devlier Cobalt Strike.
Relevant link/s (note, link added by VB, not by person/s nominating):
Title of research: CryptoRom fake iOS cryptocurrency apps hit US, European victims for at least $1.4 million -- and -- CryptoRom Bitcoin swindlers continue to target vulnerable iPhone and Android users
Author(s) of research:
Jagadeesh Chandraiah, Xinran Wu
Note: This research received three nominations.
Please explain why you are nominating this piece of research:
These two posts form a series focused on fake iOS and Android apps that use romance scams to swindle users out of money through social engineering using crypto currencies. This research is particularly notable because it has led to many affected users reaching out to Sophos and others asking for help and is an example of security research directly helping end-users.
Please explain why you are nominating this piece of research:
Hi, I'm one of the victims of Cryptorom, aka Sha Zhu Pan, and I have worked with several victims who have fallen for this. Many have lost their life savings, pensions and are in huge debt because of this, especially lots of vulnerable women. With Cryptorom research, besides highlighting and creating awareness about this threat, they have also brought down many fake applications, fake websites, rogue certificates by reporting this to Apple and Google, potentially saving hundreds of victims. Many of the victims were iPhone users who thought there was no scam on iPhones. This research explained the technical background of how this was achieved. It is very novel and innovative research with direct results for the end-user. I think this should win the award for its technical and philanthropic cause.
Please explain why you are nominating this piece of research:
This is an incredible piece of research. It is an excellent example of how information security research could create real change on the ground. This is a multi-year research helping victims, researching infrastructure and fake applications behind them. Time and effort has been spent on a noble cause. Very well deserved nominee for Peter Szor award.
Relevant link/s (note, links added by VB, not by person/s nominating):
Title of research: BlackMatter ransomware emerges from the shadow of DarkSide
Author(s) of research:
Mark Loman
Please explain why you are nominating this piece of research:
Detailed analysis of the BlackMatter ransomware filling the void left by DarkSide and REvil after the Colonial Pipeline Attack in spring 2021. Provides in depth analysis of a new, sophisticated ransomware.
Relevant link/s (note, link added by VB, not by person/s nominating):