VB Migration

Tag: vb2019

  • VB2019 paper: A vine climbing over the Great Firewall: a long-term attack against China

    The global nature of both the Virus Bulletin conference and APT threats was highlighted by a VB2019 paper from Lion Gu and Bowen Pan from the Qi An Xin Threat Intelligence Center in China. In their paper, the researchers analysed an APT group dubbed ‘Poison Vine’, which targeted various government, military and research institutes in…

  • VB2019 paper: Fantastic Information and Where to Find it: A guidebook to open-source OT reconnaissance

    Ever since Stuxnet was discovered almost a decade ago, ‘operational technology’, the use of computers to monitor or alter physical processes, has been part of the cybersecurity realm. Indeed, several threats have been discovered that targeted and, in some cases, damaged physical systems such as factories or the power grid. Simplified diagram of OT components.…

  • VB2019 paper: Different ways to cook a crab: GandCrab Ransomware-as-a-Service (RaaS) analysed in depth

    Though active for not much longer than a year, GandCrab had been one of the most successful ransomware operations. Running as a Ransomware-as-a-Service scheme, the malware regularly updated itself to newer versions to stay ahead of decryptors released by security researchers. High-level overview of the GandCrab RaaS model. In a paper presented at VB2019 in…

  • VB2019 paper: Domestic Kitten: an Iranian surveillance program

    In September last year, researchers at Check Point uncovered an Iranian operation they named ‘Domestic Kitten’ and that used Android apps for targeted surveillance. Active since 2016, the operation continued after this discovery with new malware found during the course of 2019. In a paper presented at VB2019 in London, Check Point researchers Aseel Kayal…

  • VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees

    In June, employees at cryptocurrency exchange Coinbase were targeted by emails linking to a website that used two zero-day vulnerabilities in the Firefox browser to deliver macOS malware. The malware, dubbed ‘NetWire’, had previously been known but the exploit allowed it to bypass built-in protections against it. The NetWire sample was analysed by regular VB…

  • VB2019 paper: DNS on fire

    The “phonebook of the Internet” has well outlived physical phonebooks, but that doesn’t mean DNS is without its issues. There is a joke among incident responders that, even when you’re sure the problem isn’t DNS, it still ends up being DNS. Aside from configuration issues, DNS is also a very valuable target for adversaries. In…

  • VB2019 paper: We need to talk – opening a discussion about ethics in infosec

    If infosec was ever a subject with little practical impact, it certainly isn’t today:  infosec headlines feature in the mainstream media almost every day. This means that those working in the field are faced with ethical dilemmas that are impossible to avoid ─ even if you still want to consider it a mostly technical field.…

  • VB2019 paper: Inside Magecart: the history behind the covert card-skimming assault on the e-commerce industry

    Magecart is an umbrella-term for various groups that engage in placing JavaScript code on e-commerce sites to steal credit card info. Magecart attacks go back almost a decade but it became an infosec household name following some prominent breaches in 2018. Magecart is getting a lot of attention from security researchers, and RiskIQ ‘s Yonathan…

  • VB2019 videos: partner presentations

    With the final day of VB2019 three weeks behind us, we want to thank once again the 21 partners and sponsors of the conference for their support. In supporting the conference, the companies and organisations demonstrated how much they care about the sharing of research on current threats. We especially want to thank Platinum partners…

  • VB2019 papers: Emotet and Ryuk

    Targeted ransomware has become one of the biggest and most damaging cybercrime trends in recent years. ‘Targeted’ is a bit of a misnomer though: the operators of the ransomware rarely choose the victim organisations. Instead, they have the organisations ‘chosen’ through an infection with another piece of malware that is then used as a foothold…