Wednesday 4 October 11:30 - 12:00, Green roomDhia Mahjoub (Cisco Umbrella (OpenDNS))
The money spent defending against cybercrime increases enormously year after year. Yet, cybercrime is a growing multi-trillion-dollar industry that has surpassed even the illicit drug trade. You would think there would be an inverse relationship between spend to defend and cybercrime profits, but evidently this is not the case.
In traditional warfare, an understanding of the adversary is required before a commander can make battlefield decisions. It’s about impacting the enemy. It’s 2017 and our decisions are having little overall impact because we don’t understand our adversary as well as we should. It’s time we started getting to know our enemies so that we can have real impact and make it cost-prohibitive for them to operate.
Our talk will detail multiple sophisticated Eastern European bulletproof hosting (BPH) operations, which are the key enabler of long-lasting, large-scale, and profitable cybercrime campaigns. We’ll discuss their history, networks/ASNs, the actors operating them, their front companies, relationships with other bulletproof hosters, underground marketplace dynamics related to bulletproof hosting, and more. This research is based on exclusive access to vetted closed underground forums and large-scale analysis of network traffic and telemetry. We will demonstrate the importance of both network-centric and actor-centric perspectives to reveal the intricacies of BPH and its close ties to cybercrime at large. Whether you are a security researcher, a threat intelligence analyst, or involved in law enforcement, join us in this talk to understand how BPH works and ultimately how to identify potential pain points where your actions can have real impact.
Dr Dhia Mahjoub is the Head of Security Research at Cisco Umbrella (OpenDNS). He leads the core research team focused on large-scale threat detection and threat intelligence and advises on R&D strategy. Dhia has a background in networks and security, has co-authored patents with OpenDNS and holds a Ph.D. in graph algorithms applied on Wireless Sensor Networks problems. He regularly works with prospects and customers and speaks at conferences worldwide including Black Hat, Defcon, Virus Bulletin, BotConf, ShmooCon, FloCon, Kaspersky SAS, Infosecurity Europe, RSA, Usenix Enigma, ACSC, NCSC, and Les Assises de la sécurité.
John Graham-Cumming (Cloudflare)
In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…
Tiberius Axinte (Bitdefender)
This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…
Thiago Marques (Kaspersky Lab)
Fabio Assolini (Kaspersky Lab)
Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…