2020-11-20, 11:25–12:15, Hackfest - Sponsor room (and workshops)
Threat actors have always played the game of emotions. Fear is the emotion they are using right now to lure users to click on an email or manipulate them to install an application. In the last four months, cyber criminals have used fear as their main weapon to compromise users by using pandemic-related themes to deliver malware. The dropped malwares are deadlier and stealthier and are hybrid in nature. There is a need for advanced investigation techniques, like memory forensics that are raiding energy/power sectors and entropy-based detection for new-age trojan exfiltrations. The talk discusses how we use traditional methods to identify these threats, how we cracked some emotet epoch's stealthy nature and also how we added a pinch of new-age forensics tricks to do some big reveals.
Threat actors have always played the game of emotions. Fear is the emotion they are using right now to lure users to click on an email or manipulate them to install an application. In the last four months, cyber criminals have used fear as their main weapon to compromise users by using pandemic-related themes to deliver malware. The dropped malwares are deadlier and stealthier and are hybrid in nature.
Here is how the talk will progress:
-
Pandemic Threat Landscape
-
New stealthy methods : Hiding macros inside hidden excel sheet and hiding macros inside form elements in VBA
-
How popular tools failed to detect these threats ?
-
Azerbaijan Targets and Energy Sectors hit : RAT trojans that are upgraded
-
Evasion of Agent Tesla and how they have defeated sandboxes.
-
Rise of False positives with Sodinobki ransomware spraying legit domains in config files.
-
Using Entropy to solve image exfiltration by malwares.
-
How can we convict the extracted domains and IP from malware config files, C2 communication using Cisco Umbrella and crack the malware infra.