Wednesday 4 October 14:00 - 14:30, Green room
Paul Rascagneres (Cisco Talos)
Warren Mercer (Cisco Talos)
The Talos researchers are no strangers to APT attacks. During recent research, we observed how APT actors are evolving and how the reconnaissance phase is changing to protect valuable 0-day exploit or malware frameworks. During this presentation, rather than concentrating on a specific malware actor, we will use various different cases to illustrate how the reconnaissance phase is becoming more important and more complex.
In some cases, the reconnaissance is performed directly by a first-stage malware (PE32) and not directly by the infection vector; we will see an example of the approach that was used to target South Korean public sectors at the end of December. At the end of the presentation, we will describe different mitigation techniques in applications (for example in Microsoft Office and Hangul Word Processor) and in the Microsoft Windows OS to help attendees protect their users against the threats described during the talk.