Most sophisticated technique of the year goes to...

Friday 2 October 11:30 - 12:00, Red room

Kalpesh Mantri (Quick Heal)



2019, as has been the case in the recent past, was again full of new malware campaigns and APT attack discoveries. Some were discovered for the first time, while many others made a comeback. We have been tracking such attacks for several years and have observed a variety of techniques being used in them.

In this talk we will share a few highly sophisticated techniques used by attackers that have helped the attacks to stay undetected for years. These techniques are not very prevalent at this point; however, we suspect more and more attacks to adopt them in the future.

This paper will focus on some highly sophisticated techniques used in malware campaigns and APTs in 2019. In this talk I will discuss the following techniques/attacks:

  • An APT actor was found communicating with command-and-control servers over VPN. This APT was able to bypass two-factor authentication (2FA) as well!
  • Inbuilt, but somewhat obscure Windows commands and educational proof-of-concept tools that can be used to execute malware. These tricks may be used by threat actors as they bypass security alerts. Should the defender community proactively hunt for these educational POCs?
  • Are password managers safe? Should we use any? They are increasingly being targeted by threat actors to steal credentials.
  • We will explore how a ransomware group is using Wake-on-LAN (WoL) feature to increase monetization of infections.
  • Web skimmers started using a retired technique called steganography and are still successfully evading security solutions. Would this technique help exploit kits to make a comeback in 2020?

During the talk, I will share insights on the techniques used in these attacks and will discuss the questions called out above. This paper’s intent is to bring these sophisticated techniques to defenders’ attention so that we all can work on proactively blocking attacks that use them.

 

Kalpesh-Mantri-web.jpg

Kalpesh Manti

Kalpesh Manti currently works on hunting APTs and improving EDR products for Quick Heal Security-labs. Kalpesh has more than seven years of experience in the malware reversing and threat hunting domain.

He has spoken at security conferences including AVAR and CARO. Previously he worked for Intel Security Labs (now McAfee) and in the Microsoft Windows Defender team.



Back to VB2020 Programme page

Other VB2020 papers

A new open-source hypervisor-level malware monitoring and extraction system - current state and further challenges

Michał Leszczyński (CERT Polska)
Krzysztof Stopczański (CERT Polska (Former))

TBA

TBA

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.