Title of research: BlackLotus UEFI bootkit: Myth confirmed
Author of research: Martin Smolár
Note: this research received two nominations
Please explain why you are nominating this piece of research:
"Brilliant research by a very young junior malware analyst. His work reminds me of Péter Szőr."
Please explain why you are nominating this piece of research:
"Martin discovered the first in-the-wild UEFI bootkit able to bypass secure boot. This is huge for cybersecurity and even the NSA published a guide to mitigate this threat, highlighting this research high relevance."
Relevant link/s (note, link added by VB, not by person/s nominating):
Title of research: Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine
Author of research: Unit 42
Please explain why you are nominating this piece of research:
"The Russia/Ukraine conflict dominated global headlines and the priorities of nations over the past 12 months. As such, this research by Unit 42 uniquely merits consideration for the Péter Szőr Award. This research not only describes the technical details of Russian APT malware, but it also spotlights attacks by the actors against the research community. Going further, this research was timed & published in a manner that significantly degraded malicious cyber operations during an armed conflict. In doing so, the author's efforts align to the ideals of freedom, kindness, and generosity – ideals which Péter Szőr greatly valued."
Relevant link/s (note, link added by VB, not by person/s nominating):
Title of research: Analyzing and Exploiting MOVEit Transfer CVE-2023-34362
Author of research: Ron Bowes, Curtis Fielding, Stephen Fewer
Please explain why you are nominating this piece of research:
"The MOVEit Transfer hack was one of the most significant and impactful threat campaigns in recent years. When it first hit, the exploit chain was completely opaque to security practitioners and the broader community, which led to uncertainty and rampant speculation about additional vulnerabilities and alternative attack vectors. Rapid7 researchers published the first full analysis of MOVEit Transfer CVE-2023-34362, comprising the equivalent of 30+ pages of research, including exploit code to allow security teams to test their defences."
Relevant link/s (note, link added by VB, not by person/s nominating):
Title of research: The benefits of taking an intent-based approach to detecting Business Email Compromise
Author of research: Abhishek Singh
Please explain why you are nominating this piece of research:
"Ranked among the most financially detrimental cybercrimes, Business Email Compromise (BEC) has emerged as a formidable threat. The Internet Crime 2021 report underscores its severity, revealing a staggering loss of approximately 2.4 billion dollars attributed to BEC in the year. This research delves into an in-depth analysis of prevailing BEC attack trends and the actors orchestrating them. Drawing insights from these trends, it subsequently conducts a comprehensive evaluation of countermeasures aimed at thwarting BEC exploits effectively."
Relevant link/s (note, link added by VB, not by person/s nominating):
Title of research: Signed driver malware moves up the software trust chain
Author of research: Andreas Klopsch
Please explain why you are nominating this piece of research:
"This research uncovered a new, very serious escalation in the attempts by threat actors to disable EDR. Specifically, by targeting the Microsoft signing process itself to make their malicious drivers fully trusted by all Windows operating system machined."
Relevant link/s (note, link added by VB, not by person/s nominating):
Title of research: Rising Tide: Chasing the Currents of Espionage in the South China Sea
Author of research: PwC - Sveva Vittoria Scenarelli with Michael Raggi (no longer with Proofpoint)
Please explain why you are nominating this piece of research:
"This research exposed the nefarious activity of China-based adversaries weaponizing Austrailan elections in order to expand their espionage operations around China's strategic interest in the South China Seas. Despite online reporting, Sveva/PwC spearheaded this research which was directly presented to China's Ministry of Foreign Affairs who verbally denied this and discredited the research as US government propaganda."
Relevant link/s (note, link added by person/s nominating):
Title of research: Mac-ing sense of the 3CX supply chain attack: analysis of the macOS payloads
Author of research: Patrick Wardle
Please explain why you are nominating this piece of research:
"Leveraging his renowned expertise in macOS security, Patrick Wardle both confirmed and led the analysis of macOS payloads found in the devastating 3CX supply chain attack. This timely research not only comprehensively covered the attack's multi-stage components but also highlighted IoCs and introduced effective detection methods. Furthermore, Wardle's work yielded generalizable insights for the heuristic detection of supply chain attacks impacting macOS. By addressing a pertinent issue in a timely manner, his research made a significant contribution to the cybersecurity domain, rendering it a compelling contender for recognition."
Relevant link/s (note, link added by VB, not by person/s nominating):