Thursday 3 October 15:00 - 15:30, Green room
Benoît Ancel (CSIS)
The carding ecosystem is constantly evolving. The actors have to adapt their methodology in order to continue to steal from the banks with a good cost-effectiveness ratio. To maintain this balance, the carders have moved towards infrastructure-as-a-service, making the analyst’s work more and more complex.
Researchers at CSIS Security Group have discovered the infrastructure of a quiet banking trojan actor that has been targeting German users since at least 2014. Our presentation aims to give a technical insight into the whole operation: infrastructure, multi-platform trojans, money laundering schemes, and the recent move towards malware-as-a-service markets like Dreambot, Trickbot, Emotet or even Cobalt Strike.
With this presentation, we want to show how an actor progresses in the carding business, from the development of his own malware to his first million euros stolen.
We aim to show the big picture of the carding ecosystem and discuss the challenges that come with the model.
Benoît Ancel is a malware analyst specialized in tracking carder infrastructure. After working as a reverse engineer for six years in France with Stormshield, he is now part of the threat intelligence team of CSIS in Denmark. His research interests include malware hunting, reversing, and tracking money laundering. His latest publications include "Dreambot, Business Overview" and "The Wolf in Sheep's Clothing - Undressed". He spends his free time documenting the history of the profit-driven cybercrime business.
Peter Kalnai (ESET)
Michal Poslusny (ESET)
Richard Struse (MITRE)
Alex Hinchliffe (Unit 42, Palo Alto Networks)