Thursday 5 October 10:00 - 10:30, Green room
Camilo Gutiérrez Amaya & Fernando Tavella (ESET)
Like in the excavation of the tomb of Pharaoh Tutankhamun, a.k.a. King Tut, the threat landscape in Latin America is shrouded in mystery, mostly because the evolution of malicious campaigns in the region doesn’t get much attention. The ATM attacks, the banking trojans born in Brazil, and the Machete cyberespionage operations all made the news – but there is more to the story. Just as the archaeological excavations of King Tut’s tomb helped us understand life in ancient Egypt, the research that we have carried out in the last five years contributes to a broader understanding of the threat landscape in Latin America.
In recent years, the region has experienced a significant increase in the number and sophistication of malicious campaigns. Whether it’s advanced social engineering techniques or improved multi-stage compromise chains, LATAM cybercriminals have been upping their game.
In this presentation we will share details from our recent investigations, which confirm this trend. For example, Red Octopus Operation, where the cybercriminals’ phishing emails impersonated governmental entities from Ecuador, or Spalax Operation, where cybercriminals used steganography to deliver the Agent Tesla RAT in disguise. Along with these two, we have been tracking dozens of campaigns with particular characteristics in various countries of the region.
Next, we will draw from our experience of tracking these types of campaigns and will share insights based on our knowledge and understanding of the region’s malicious ecosystem. These insights are based around three main topics: cybercriminal motivation, diverse sets of techniques, and the differences between the operations across the countries in the region.
These topics demonstrate the shift from simple, opportunistic crimeware to more complex threats. Notably, we will look at how the targets shifted from the general public to high-profile users, including businesses and governmental entities. We will look at the persistence with which the cybercriminals update their tools again and again, introducing different evasion techniques to increase the success of their campaigns. Finally, we will look at how they expanded their crimeware business to countries outside Latin America, as we have seen with the banking trojan born in Brazil.
Camilo Gutiérrez Amaya
Camilo has a degree in electronic engineering from Universidad de Antioquia (Colombia) and an M.Sc. in data mining & knowledge discovery from Universidad de Buenos Aires (Argentina). He started working at ESET in 2012 as a security researcher. In 2019 he became Head of Awareness & Research for Latin America. In his career as a researcher at ESET, Camilo has had the opportunity to analyse different types of malicious campaigns in Latin America, understanding the types of techniques and tools used and how they have changed over the years. The results of these investigations have been published in WeLiveSecurity articles and by participating in academic events and technical conferences throughout the region.
Fernando has been a malware researcher for ESET since September 2020, specializing in the analysis and tracking of malicious campaigns targeting Latin America. Before that he worked for Deloitte Argentina as a penetration tester. In 2019 and 2020 he taught an introductory course on malware analysis at the security conference EkoParty.