While many kinds of economic activity have decreased during the pandemic, that is not the case for online threats: they have been as prolific as ever and continue to evolve. Following a long tradition, we reserved some spots on the Virus Bulletin Conference programme for some hot last-minute research.
This year, of course, the VB Conference will be held virtually.
VB2020 localhost
will have a live part, which takes place in a single track on each of the three conference days (30 September to 2 October), and an on-demand programme of talks that will become available as soon as the conference opens.
And perhaps most importantly, the conference will be completely FREE to attend (
register now
if you haven’t done so already!).
Additions to the live programme
We are excited to announce the addition of nine last-minute talks to the live programme.
Targeted ransomware attacks continue to be a plague and are probably the threat that organizations are most concerned about today.
Sophos
researcher and regular VB Conference speaker Gabor Szappanos
will discuss
toolsets used by ransomware crews, in particular during the initial infection phase.
Malware on
macOS
isn’t particularly new anymore, as VB regulars will know from previous conference talks by
Jamf
’s Patrick Wardle. This year, Patrick will be back to
talk about
EvilQuest, a rather insidious piece of
macOS
malware that has some viral capabilities, showing that even pedants aren’t correct when they claim that ‘Macs don’t get viruses’.
Once all the files in the list of target files have been encrypted, the EvilQuest malware writes a file named READ_ME_NOW.txt. Source:
objective-see.com
.
Another regular feature at recent VB conferences is malware linked to North Korea. Sveva Vittoria Scenarelli from
PwC
will offer a
comprehensive overview
of the TTPs and strategic goals of the Black Banshee threat actor, also known as Kimsuky. Threats linked to North Korea’s northern neighbour aren’t new to the VB Conference either. At VB2020 localhost,
Malwarebytes
researchers Hossein Jazi and Jérôme Segura
will discuss
the ‘Evasive Panda’ APT group that was recently found targeting Hong Kong and India.
Attribution, however, remains a contentious subject.
Cisco Talos
researchers Paul Rascagnères and Vitor Ventura
will discuss
the attribution process when it comes to cyber threats and will in particular look at the recent linking of APT29 with WellMess by a number of Western intelligence agencies.
A common technique for linking separate campaigns is by pivoting on common infrastructure. This technique can be used to investigate malicious IP addresses and domains. Source:
Talos
.
ESET
’s Zuzana Hromcová, who also spoke at VB2019 in London, will be preset at this year’s virtual event to
dive deeply
into the InvisiMole threat actor, which is noteworthy due to its use of external vulnerable tools to exploit and then to deliver malware onto targets’ systems.
Tan Kean Siong of
The Honeynet Project
will
speak about
how he selectively spread supposedly $100,000 worth of Bitcoin wallets on the Internet and what that taught him about the ‘thieves’. Meanwhile,
McAfee
’s Christiaan Beek will
dive deep
into the OOXML standard and explain how its details matter to malicious actors and thus to threat analysts.
Finally, VB wouldn’t be VB without some talk on security products: Zoltan Balazs (
CUJO AI
) and Hyrum Anderson (
Microsoft
) will
present details
of the competition they ran in which participants were tasked to bypass machine learning-based malware detection.
Additions to the on-demand programme
But that’s not all! We have also added more than a dozen new talks to the on-demand programme.
Among them is is Hiroshi Takeuchi of
Macnica Networks
, who will
speak about
the LODEINFO RAT and its use in APT attacks in Asia. Tejas Girme of
Qualys
will discuss
the strategies employed by adversaries to establish and strengthen their foothold inside Docker containers.
Alexander Adamov of
NioGuard Security Lab
will
talk about
the WastedLocker ransomware, while another popular ransomware, Netwalker, will be the subject of a
presentation
by
McAfee
’s Thibault Seret.
ESET
researcher Ignacio Sanmillan will present
his research
on Ramsay, a cyber-espionage toolkit tailored for air-gapped networks.
Overview of discovered Ramsay versions. Source:
WeLiveSecurity
.
And there’s more!
There are many more talks on the programme, including those added during the first CFP phase back in spring, as well as eight presentations that form part of the
Threat Intelligence Practitioners’ Summit
(
TIPS
). For details of all the presentations the event has to offer, check out the
full programme!
And alongside the presentations VB localhost will be running a dedicated Discord server, through which you can chat with other participants, contact event partners and speakers and even set up 1:1 or small group meetings via text, audio or video.
Don’t forget registration for VB2020 localhost is completely free, and we won’t even pass on your details to our sponsors. We look forward to seeing you there!
Leave a Reply