Friday 4 October 14:30 - 15:00, Green room
Juan Andres Guerrero-Saade (Chronicle)
Cyber situational awareness is the ultimate outcome of mature threat intelligence. Though we normally think of threat intelligence as a defender’s practice, extensive study of advanced cyberespionage operations reveals that attackers are engaged in a similar activity. Defenders apply threat intelligence insights to ensure that attackers don’t gain persistent access to their enterprise machines. Similarly, attackers monitor for the presence of other threat actors to ensure that they’re the sole owners of a given victim box. While allied organizations engage in a bureaucratic process of victim deconfliction, it turns out that adversarial organizations have turned to embedding anti-virus-like techniques into their malware in order to do the same. This paper will focus on in-the-wild examples of these techniques and provide a conceptual framework for understanding adversarial deconfliction and its ramifications.
Juan Andrés Guerrero-Saade
Juan Andrés is Research Tsar at Chronicle, tracking cyberespionage groups. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky's GReAT team, focusing on targeted attacks, and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador. Juan Andrés comes from a background of specialized research in philosophical logic. His publications include 'The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage', 'Wave your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks’, and 'Walking in your Enemy's Shadow: When Fourth-Party Collection Becomes Attribution Hell''
Benoît Ancel (CSIS)
Daniel Kapellmann Zafra (FireEye)
John Fokker (McAfee)
Alexandre Mundo (McAfee)