Advanced and inept persistent threats to be discussed at VB2017

Posted by   Martijn Grooten on   Jul 20, 2017

Only a few years ago, "APT" (advanced persistent threat) was a buzzword mostly heard being bandied around at security exhibitions to sell even more advanced technology to prevent, detect and remediate threats. And though people are right to point out that even the most powerful attackers use technology that is only as advanced as it needs to be (which can often be very basic, the spear-phishing used by Fancy Bear being a prime example), few will deny that well-funded, determined attackers are a real threat for many governments, enterprises and organizations.

The best we can do, then, is learn from such attacks, to help us to better defend our networks and to detect stealthy attackers.

This is why the VB2017 programme features several talks on such APTs. Cisco Talos researchers Paul Rascagneres and Warren Mercer, for example, will look at the reconnaissance phase of APTs, an essential part of any targeted campaign. Their paper also shows how attackers sometimes focus on software specific to their target of interest, in this case South Korea's Hangul Word Processor, or in the case of attacks discussed in a paper by Kaspersky Lab's Denis Legezo, InPage, a text processing and publishing program popular in India and Pakistan.

The best known APT group today is probably Fancy Bear (also known as APT28, Sofacy or Sednit), and Tiberius Axinte, a researcher from Bitdefender, will present a paper looking at this group's first known steps into the world of Mac malware.

Another important, though probably lesser known attack campaign is Operation Orca, which has targeted various countries in Asia; Chia-Ching Fang and Shih-Hao Weng from Trend Micro's Taiwanese office will present a paper highlighting the activities of this group.

And while you may think you will be able to attribute a specific group to a specific country, Juan Andres Guerrero-Saade and Costin Raiu warn against jumping to quick conclusions when it comes to attribution. The two Kaspersky Lab researchers, who have been involved in some of the most important APT investigations, will present a paper on fourth-party collection, and how attackers taking over other attackers' infrastructure makes attribution even more difficult.

jags_costinraiu_vb2015_2.png

Juan Andres Guerrero-Saade and Costin Raiu, here speaking at VB2015, will be back with a talk on fourth-party collection and its implications for threat attribution.


There are many other papers on the programme that deal with or are relevant to APTs. For example, a paper by Bart Parys looks at the attacks faced by his employer, PwC, while Nelson Murilo Rufino (Pangeia) will discuss the 20-year-old Chkrootkit tool that he wrote and which can help detect advanced attacks against Linux servers.

Still, not all attacks are APTs and not all attackers are advanced, even if they may still be persistent. A good example of the latter is discussed in a paper by Adam Haertlé, on an "inept persistent threat", in which he rather hilariously describes the steps taken in the world of cybercrime by a Polish hacker who is as determined as he is clueless.

We will soon open the call for last-minute papers for VB2017, to fill ten remaining slots with talks on the latest attacks. No doubt, some of them will deal with threats from very persistent attackers, whether their skills are advanced or inept.

In the meantime, don't forget to book your place for the conference before it's too late!

VB2017-325w.jpg

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Where are all the ‘A’s in APT?

In a guest blog post by VB2018 gold partner Kaspersky Lab, Costin Raiu, Director of the company's Global Research and Analysis Team, looks critically at the 'A' in APT.

VB2018 preview: commercial spyware and its use by governments

Today, we preview three VB2018 presentations that look at threats against civil society in general and the use of commercial spyware by governments for this purpose in particular.

VB2018 preview: Wipers in the wild

Today we preview the VB2018 paper by Saher Naumaan (BAE Systems Applied Intelligence) on the use of wipers in APT attacks.

VB2018 preview: IoT botnets

The VB2018 programme is packed with a wide range of security topics featuring speakers from all around the world. Today we preview two of them: one by Qihoo 360 researchers on tracking variants of Mirai and one by researchers from Bitdefender on the…

VB2018: last-minute talks announced

We are excited to announce the final additions to the VB2018 programme in the form of 10 'last-minute' papers covering up-to-the-minute research and hot topics and two more invited talks.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.