Finding drive-by rookies using an automated active observation platform

Thursday 3 October 14:00 - 14:30, Red room

Rintaro Koike (NTT Security)
Yosuke Chubachi (Active Defense Institute, Ltd / nao_sec)



Drive-by download attacks remain a prominent cyber threat on the Internet today. For instance, we recently spotted new exploit kits such as the Azera, Radio and Lord exploit kits, all found during the summer of 2019. To continuously observe drive-by download attacks, one has to address some problems such as a chain of network access redirection and IP-based access control by ad-networks and exploit kits. It is thus difficult to understand the drive-by download attack landscape.

We have already released open-source tools for exploit kit-related threat analysis. Furthermore, we are operating an integrated platform for continuous observation of exploit kits. The primary objective of this platform is to help establish an independent view of the current cyber threat trends.

In this presentation, we will introduce the design, effectiveness and practical use cases of an automated active analysis platform for malicious traffic. Also, we will show the changes to the threat landscape over the last 10 months by using the results from our platform. In particular, we will talk about how we continue to discover and track new attack campaigns and exploit kits, such as the Fallout and Radio exploit kits.

 

 

Rintaro-Koike-web.jpg

Rintaro Koike

Rintaro Koike is a security analyst at NTT Security (Japan) KK. In addition, he is the founder of 'nao_sec' and a malicious traffic/script/document analyst. He was a speaker at the Japan Security Analyst Conference 2018/19 hosted by JPCERT/CC and has spoken at SECCON 2018 Conference, HITCON Community 2019 and Black Hat USA 2018 Arsenal.

 
Yosuke-Chubachi-web.jpg

Yosuke Chubachi

Yosuke Chubachi is Founder and CEO of Active Defense Institute, Ltd, Japan. He is also a member of nao_sec. His research interests are in system security and collecting cyber threat intelligence from the web. He has spoken at Black Hat Europe 2014, PacSec 2014 and Black Hat Asia 2015. He has been a lecturer at Security Camp (a national human resource development program in information security) since 2011 and a member of the SECCON (SECurity CONtest, the largest CTF organizer in Japan) operation team since 2012.

   Download slides    Watch video

Back to VB2019 Programme page

Other VB2019 papers

Fantastic information and where to find it: a guidebook to open-source OT reconnaissance

Daniel Kapellmann Zafra (FireEye)

Thwarting Emotet email conversation thread hijacking with clustering

Pierre-Luc Vaudry (ZEROSPAM Security)
Olivier Coutu (ZEROSPAM Security)

Different ways to cook a Crab...

John Fokker (McAfee)
Alexandre Mundo (McAfee)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.