BPH exposed - RBN never left they just adapted and evolved. Did you?

Wednesday 4 October 11:30 - 12:00, Green room

Dhia Mahjoub (Cisco Umbrella (OpenDNS))
Jason Passwaters (Intel471)

The money spent defending against cybercrime increases enormously year after year. Yet, cybercrime is a growing multi-trillion-dollar industry that has surpassed even the illicit drug trade. You would think there would be an inverse relationship between spend to defend and cybercrime profits, but evidently this is not the case.

In traditional warfare, an understanding of the adversary is required before a commander can make battlefield decisions. It’s about impacting the enemy. It’s 2017 and our decisions are having little overall impact because we don’t understand our adversary as well as we should. It’s time we started getting to know our enemies so that we can have real impact and make it cost-prohibitive for them to operate.

Our talk will detail multiple sophisticated Eastern European bulletproof hosting (BPH) operations, which are the key enabler of long-lasting, large-scale, and profitable cybercrime campaigns. We’ll discuss their history, networks/ASNs, the actors operating them, their front companies, relationships with other bulletproof hosters, underground marketplace dynamics related to bulletproof hosting, and more. This research is based on exclusive access to vetted closed underground forums and large-scale analysis of network traffic and telemetry. We will demonstrate the importance of both network-centric and actor-centric perspectives to reveal the intricacies of BPH and its close ties to cybercrime at large. Whether you are a security researcher, a threat intelligence analyst, or involved in law enforcement, join us in this talk to understand how BPH works and ultimately how to identify potential pain points where your actions can have real impact.



Dhia Mahjoub

Dr Dhia Mahjoub is the Head of Security Research at Cisco Umbrella (OpenDNS). He leads the core research team focused on large-scale threat detection and threat intelligence and advises on R&D strategy. Dhia has a background in networks and security, has co-authored patents with OpenDNS and holds a Ph.D. in graph algorithms applied on Wireless Sensor Networks problems. He regularly works with prospects and customers and speaks at conferences worldwide including Black Hat, Defcon, Virus Bulletin, BotConf, ShmooCon, FloCon, Kaspersky SAS, Infosecurity Europe, RSA, Usenix Enigma, ACSC, NCSC, and Les Assises de la sécurité.




Jason Passwaters

Jason Passwaters is the VP of Intelligence at Intel 471, Inc. where he leads the cyber threat research and collection effort and building for their global team. He has spent the last decade quietly tracking cybercrime and cyber espionage threat actors behind the scenes and leading teams around the world doing the same. He's been involved and responsible for tracking down some of the most notorious cyber criminals of the last 10 years. His previous experience includes building and running iSIGHT Partner's Global Research department, four years supporting federal law enforcement efforts targeting eastern European and other cyber threat actors, and tactical intel collection support to combat and other military operations as a US Marine. He spent nearly 12 years in the US Marine Corps as a tactical CI/HUMINT collector and Technical Surveillance Countermeasures (TSCM) specialist.







Other VB2017 papers

Mariachis and jackpotting: ATM malware from Latin America

Thiago Marques (Kaspersky Lab)

Fabio Assolini (Kaspersky Lab)

Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…

The state of cybersecurity in Africa: Kenya

Tyrus Kamau (Euclid Consultancy)

The cyber threats Kenya faces range from basic hacking such as website defacements, financial fraud, social media account…

XAgent: APT28 cyber espionage on macOS

Tiberius Axinte (Bitdefender)

This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.