VB2016 paper: APT reports and OPSEC evolution, or: these are not the APT reports you are looking for

Posted by   Martijn Grooten on   Feb 17, 2017

Ever since Mandiant released its APT1 report four years ago, reports on advanced attack groups have been an important fixture in the security industry. These reports are great for gaining an understanding of how such groups operate and, as a not insignificant aside, a nice PR exercise for the companies that publish them.

However, one aspect may be overlooked: they also provide free QA for the threat actors, who often respond quickly and stop making the mistakes that led to their activities being discovered. This is what worried industry veterans Gadi Evron (Cymmetria) and Inbar Raz (Perimeter X), so they got together and wrote a paper on the subject, which they presented at VB2016 in Denver.

Today, we publish that paper, "APT reports and OPSEC evolution, or: these are not the APT reports you are looking for", in both HTML and PDF format. We have also uploaded the video to our YouTube channel.

Has your organization been attacked by an APT group? Of have you noticed how APT groups evolve because of reports detailing their activity? We'd like to hear from you. Submit an abstract for VB2017 (CFP deadline: 19 March) for a chance to present your research in Madrid, 4-6 October.

 

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

VB2017: What is happening in the threat landscape and what are we doing against it? Submit a proposal in the VB2017 CFP!

Have you analysed a new online threat? Do you know a new way to defend against such threats? Then submit an abstract in the CFP for VB2017!

VB2016 paper: APT reports and OPSEC evolution, or: these are not the APT reports you are looking for

APT reports are great for gaining an understanding of how advanced attack groups operate - however, they can also provide free QA for the threat actors. Today, we publish a VB2016 paper by Gadi Evron (Cymmetria) and Inbar Raz (Perimeter X), who…

Security for your ears: recommended infosec podcasts

Industry veteran Mikko Hyppönen recently urged would-be security researchers to ditch their favourite pop music and listen to security podcasts on their commute to work instead. Virus Bulletin Editor Martijn Grooten shares his favourite security…

VB2016 video: Getting duped: piggybacking on webcam streams for surreptitious recordings

In a presentation at VB2016, Patrick Wardle, Director of Research at Synack, discussed the possibilities of Mac malware recording the user via the webcam. Today, we publish the video of Patrick's presentation.

We shouldn't forget those most vulnerable in our digital world

Virus Bulletin Editor Martijn Grooten calls for the security community not to forget those most vulnerable in the digital world, including political activists living under oppressive regimes, and victims of abuse.