VB Migration

Tag: vb2019

  • The Bagsu banker case – presentation

    Some time ago, researchers at CSIS Security Group discovered the infrastructure of a “quiet” banking trojan actor that had been targeting German users since at least 2014. At VB2019 CSIS researcher Benoît Ancel gave a talk in which he provided a technical insight into the whole operation: infrastructure, multi-platform trojans, money laundering schemes, and a…

  • VB2019 paper: APT cases exploiting vulnerabilities in region-specific software

    Software that is endemic to a specific country or region has long been a popular attack vector, in particular among APT groups, who have a history of exploiting vulnerabilities in such software. Past VB conference papers have analysed attacks against InPage , popular in Pakistan, and against Hangul , widely used in South Korea. Japan…

  • VB2019 paper: 2,000 reactions to a malware attack – accidental study

    In an illuminating study – possible thanks to a unique perspective on a malicious email campagin – cybercrime journalist and researcher Adam Haertlé ( BadCyber.com / ZaufanaTrzeciaStrona.pl ) read, analysed and classified 1,976 responses sent by victims of a malicious email campaign. In taking revenge for Adam having written about them on his blog, the senders of…

  • VB2019 paper: Why companies need to focus on a problem they do not know they have

    It is one of the worst things on the Internet: child sexual abuse material (CSAM), sometimes referred to as ‘child porn’. Many misconceptions exist around CSAM, one of which is that it is only ever accessed from home. In fact, many company networks are used to download and store CSAM, often unbeknownst to network administrators.…

  • VB2019 paper: Defeating APT10 compiler-level obfuscations

    Obfuscation in malware has long frustrated analysis, and obfuscation at the compiler level, such as opaque predicates and control flow flattening, has been particularly challenging. One group that has been using this kind of obfuscation is APT10, an APT group made famous through a 2018 indictment by the US government in which two Chinese individuals…

  • VB2019 paper: Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers

    Malicious RTF files, exploiting vulnerabilities in Microsoft Office , have long been a popular way to deliver malware, most often through (spear-)phishing attacks. Such files are often created using exploit builders, which were the subject of a VB2018 presentation by Sophos researcher Gábor Szappanos. One such builder (or weaponizer) is ‘Royal Road’, which has been…

  • VB2019 presentation: Nexus between OT and IT threat intelligence

    Cyber attacks on industrial control systems (ICS) include the well-known stories of Stuxnet and BlackEnergy and such attacks appear to be getting more prevalent. Late last year, a natural gas compression facility at a US pipeline operator was targeted with ransomware . Operational Technology (OT), the mission critical IT in ICS, shares many similarities with…

  • VB2019 paper: Kimsuky group: tracking the king of the spear-phishing

    In September 2013, Kaspersky reported a new APT group it dubbed ‘Kimsuky’, which it linked to North Korea. The group, whose interests include South Korean industry, journalists and North Korean defectors, continues to be active: recent activity was analysed by Yoroi earlier this month . Jaeki Kim. Kyoung-Ju Kwak and Min-Chang Jang from Financial Security…

  • VB2019 paper: Play fuzzing machine – hunting iOS and macOS kernel vulnerabilities automatically and smartly

    Apple ’s MacOS and iOS operating systems are often praised for their security. Yet vulnerabilities in both operating systems are regularly being found and exploited, especially by more advanced attackers. In a paper presented at VB2019 in London, Trend Micro researchers Lilang Wu and Moony Li explained how researchers like them hunt for such vulnerabilities…

  • VB2019 paper: Finding drive-by rookies using an automated active observation platform

    Exploit kits made a bit of a comeback in 2019, something we have also seen in our test lab . Detecting these kits isn’t trivial though, given the various anti-analysis measures built into them, from geo-restricting to specific countries or regions, to the detection of client-side sandboxes. In a last-minute paper presented at VB2019 in…