The rise and fall of Bayrob

Friday 6 October 14:00 - 14:30, Green room

Ryan MacFarlane (FBI)
Liam O Murchu (Symantec)

One constant in the threat landscape is change: malware comes and goes, groups appear and disappear, technology and economic models change. One other constant of the threat landscape has been the Bayrob group. For over ten years they operated stealthily, navigating threat landscape and technology changes anonymously. The group had many incarnations over that time, from auction fraud to credit card theft to cryptocurrency mining.

However, through all these changes the FBI had been investigating the group, slowly closing in on their target. Independently, Symantec was also closely monitoring the group's activities throughout the same ten year period.

In this talk two different perspectives on the long-term tracking of a group of cyber career-criminals will be presented. The copious evidence of the group's activities, both from a legal and a technical perspective, shine a light on how the group operated and how the FBI succeeded in disrupting its activities.



Liam O'Murchu

Liam O'Murchu leads the North American Security Response group at Symantec. Over the past decade this team of threat analysts has investigated and responded to the most sophisticated cyber attacks to emerge; from professional cybercriminals targeting financial institutions, to government-backed threats targeting critical infrastructure. Investigations often involve working with law enforcement to identify and apprehend malware authors. His analysis of Stuxnet, Duqu, Flame and Gauss has been documented in the book Countdown to Zero Day by Wired's Kim Zetter and in the documentary Zero Days, which was shortlisted for an Academy Award in 2017.








Other VB2017 papers

Keynote address: Inside Cloudbleed

John Graham-Cumming (Cloudflare)

In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…

Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

Juan Andres Guerrero-Saade (Kaspersky Lab)
Costin Raiu (Kaspersky Lab)

Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…

XAgent: APT28 cyber espionage on macOS

Tiberius Axinte (Bitdefender)

This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.