Wednesday 2 October 12:00 - 12:30, Red room
Shusei Tomonaga (JPCERT/CC)
Tomoaki Tani (JPCERT/CC)
Hiroshi Soeda (JPCERT/CC)
Wataru Takahashi (JPCERT/CC)
APT attacks often leverage software vulnerabilities to infect victims with malware. Software that is often targeted includes Microsoft Office, IE and Adobe Flash Player, which are commonly used everywhere. However, in some APT campaigns, attacks are carried out by exploiting vulnerabilities in region-specific software. Government agencies frequently use such local software, and this tends to be the target of attackers. These attack cases are rarely discussed at international conferences as the issue is always exclusive to a specific country.
In Japan, there are many cases where attacks have been carried out by exploiting vulnerabilities in software that is only used in Japan. In addition, the malware used in the attacks is unique to Japan. In this presentation, we will describe the TTPs of attack groups in recent years. Furthermore, we will explain the APT group exploiting vulnerabilities in local software. This presentation will provide insights into intelligence analysis and APT handling by grasping attack characteristics (shellcode, malware etc.) in different campaigns.
Shusei Tomonaga is a member of the Analysis Center of JPCERT/CC. Since December 2012, he has been engaged in malware analysis and forensics investigation. In particular, he spearheads the analysis of targeted attacks affecting Japanese critical industries. In addition, he has written blog posts on malware analysis and technical findings (https://blogs.jpcert.or.jp/en/). Prior to joining JPCERT/CC, he was engaged in security monitoring and analysis operations at a foreign-affiliated IT vendor. He has presented at CODE BLUE, BsidesLV, Botconf, PacSec, FIRST Conference, BlackHat USA Arsenal and more.
Tomoaki Tani works as a forensic analyst in the Incident Response Group of JPCERT/CC. His primary responsibility is in providing coordination and assistance for cybersecurity incidents related to Japanese constituents. With his technical insight, he is also in charge of analysing incident trends and attack methods. He has presented at CODE BLUE, BsidesLV, BlackHat USA Arsenal and more. Outside of work, he is a senior coach at one of the top rowing clubs in Japan and develops motion sensing devices and biomechanical analysis systems to cultivate the athletes' talents. Prior to joining JPCERT/CC, he was engaged in security analysis operations and incident handling at a major Japanese telco.
Hiroshi Soeda has worked as an information security analyst in the Incident Response Group, JPCERT/CC since 2009. His primary responsibility is in providing coordination and assistance for cybersecurity incidents related to Japanese networks. With his technical insight, he is also in charge of analysing incident trends and attack methods, as well as developing in-house tools.
Wataru Takahashi was previously engaged in security system integration and service development at an IT vendor where he honed his expertise in securing servers and access controls against servers. He joined JPCERT/CC in October 2016 and since then has been committed to malware analysis and forensics, especially dealing with ever-evolving malware and attack techniques.
Martijn Grooten (Virus Bulletin)
Mika Ståhlberg (F-Secure)
Sorin Mustaca (Sorin Mustaca IT Security Consulting)
Stefano Ortolani (Lastline)
Jason Zhang (Lastline)