Why joining forces can help solve the crime… or not

This presentation forms part of the CTA's Threat Intelligence Practitioners' Summit

Thursday 5 October 2023 12:00 - 12:30, Small Talks room

Sara Eberle (Sophos) & Doug Domin (FBI)

This presentation shows how different strands of threat intelligence from the FBI and other law enforcement agencies and private sector cybersecurity companies can help solve cybercrimes and provide better protection for all. While the public and private sectors tend to operate in their own silos, even sharing the smallest amount of data can help shed light on new TTPs and attackers’ organizational and hierarchical layers. The talk will also review ways to deal with press and social media when threat research is available and how it may (positively or negatively) impact an investigation (from both sides). An example is the Genesis Marketplace research from Sophos, which was made public seven months before the FBI’s initial takedown of the site, known as 'Amazon for cybercriminals', at the street level, which has allegedly resurfaced sporadically on the dark web. The FBI will also review a case that has led to an arrest and guilty plea, thanks to private sector and other law enforcement contributions.

The talk will address when and why organizations should collaborate to solve cybercrimes and when it may make sense to go at it alone. Regardless of the approach, the end result should be the same: defeat the bad guys, as best possible, and protect people/businesses from losing their data and assets.


Sara-Eberle.jpg

Sara Eberle

Sara Eberle is Vice President of Global Public Relations and Organic Social Media at Sophos. She has more than 30 years of PR and journalism experience, with 15 of these in the cybersecurity industry. Sara's public relations agency in Los Angeles, California, handled breaking news around the ILOVEYOU virus, which infected more than 10 million personal computers after the virus was released in May 2000. The strategic effort elevated, for the first time, interest in and coverage of nascent Internet-induced cybercrime in US national news outlets, including NBC and The New York Times. Over the years, Sara has worked with countless threat experts around the world. At Sophos, she works closely with the Sophos X-Ops team to uncover and generate awareness of changing attacker TTPs to help defenders defeat adversaries. Sara is also a 2023 graduate of the FBI's Citizen Academy, which provides sessions on cyber and cryptocurrency crimes, white collar and organized crime, and much more, to further her work and expertise as an effective threat intelligence communications strategist.

 

Doug-Domin.jpg

Doug Domin

Doug Domin is a Supervisory Special Agent at the FBI Boston Cyber Task Force. Prior to beginning his career at the FBI, SSA Domin was an incident responder at Sun Microsystems. He entered on duty in September 2002 at the Boston Division and was assigned as a cyber investigator, eventually becoming certified as a technically trained agent and SWAT operator. In 2012, he transferred to FBI Cyber Division in Washington, D.C. and was selected to manage the Cyber Action Team (CAT), a deployable contingent of highly skilled FBI cyber investigators. SSA Domin subsequently served two years as an assistant legal attaché at the U.S. Consulate in Toronto, Ontario. Since 2016, he has worked exclusively on computer intrusion matters, focused exclusively on ransomware and criminal cyber threats. He received his M.S. in cybersecurity, policy & governance from Boston College and holds the CISSP and GRCA industry certifications.

Back to VB2023 Programme page

Back to VB2023 conference page

Register for VB2023

Other VB2023 papers

Targeted attacks using secure USB

VB2023 paper: Targeted attacks using secure USB

Tales from a cloud CSIRT - let’s deep dive into a Kubernetes (k8s) infection

VB2023 paper: Tales from a cloud CSIRT - let’s deep dive into a Kubernetes (k8s) infection

RedStinger: new APT discovered amid Russia-Ukraine conflict

VB2023 paper: RedStinger: new APT discovered amid Russia-Ukraine conflict

The evolution of TA551

VB2023 paper: The evolution of TA551

Let's go door with KCP

VB2023 paper: Let's go door with KCP

Supply chain attack targeting South Asian government delivers Shadowpad

VB2023 paper: Supply chain attack targeting South Asian government delivers Shadowpad

Abusing Electron-based applications in targeted attacks

VB2023 paper: Abusing Electron-based applications in targeted attacks

Darkbit decoded: analysis of an Iranian-sponsored attack

VB2023 paper: Darkbit decoded: analysis of an Iranian-sponsored attack

Lazarus campaigns and backdoors in 2022-2023

VB2023 paper: Lazarus campaigns and backdoors in 2022-2023

Sheep’s clothing of deep & dark web operators: there are no secrets you can hide forever

VB2023 paper: Sheep’s clothing of deep & dark web operators: there are no secrets you can hide forever

Side loading is not dead: the Chinese and the Korean way

VB2023 paper: Side loading is not dead: the Chinese and the Korean way

South Korean Android banking menace - FakeCalls

VB2023 paper: South Korean Android banking menace - FakeCalls

The history and tactics of visa-centric scams in search, spam, and social apps

VB2023 paper: The history and tactics of visa-centric scams in search, spam, and social apps

Terror in Peru: the Zanubis banking trojan

VB2023 paper: Terror in Peru: the Zanubis banking trojan

Looking into TUT’s tomb: the universe of threats in LATAM

VB2023 paper: Looking into TUT’s tomb: the universe of threats in LATAM

Mac-ing sense of the 3CX supply chain attack: analysis of the macOS payloads

VB2023 paper: Mac-ing sense of the 3CX supply chain attack: analysis of the macOS payloads

Don’t flatteN yourself: deobfuscating malware with Control-Flow Flattening

VB2023 paper: Don’t flatteN yourself: deobfuscating malware with Control-Flow Flattening

When a botnet cries: detecting botnets infection chains

VB2023 paper: When a botnet cries: detecting botnets infection chains

Look out! Outlook’s gonna get you!

VB2023 paper: Look out! Outlook’s gonna get you!

"Undocumented"[2:] MSI format. Take it. We are gganbu, aren't we?

VB2023 paper: "Undocumented"[2:] MSI format. Take it. We are gganbu, aren't we?

R2R stomping - are you ready to run?

VB2023 paper: R2R stomping - are you ready to run?

Stolen cookies, stolen identity: how malware makers are exploiting the insecurity of browser data storage

VB2023 paper: Stolen cookies, stolen identity: how malware makers are exploiting the insecurity of browser data storage

May the Shadow Force with Maggie – Shadow Force Group characteristics and relationship to Maggie

VB2023 paper: May the Shadow Force be with Maggie – Shadow Force Group characteristics and relationship to Maggie

Dancing the night away with named pipes

VB2023 paper: Dancing the night away with named pipes

Ransoming and clipping for illicit cryptocurrency gains

VB2023 paper: Ransoming and clipping for illicit cryptocurrency gains

Into the Cumulus: Scarcruft bolsters arsenal for targeting individual Android devices

VB2023 paper: Into the Cumulus: Scarcruft bolsters arsenal for targeting individual Android devices

Intent-based approach to detect email account compromise

VB2023 paper: Intent-based approach to detect email account compromise

How to develop MoleRats defensive strategies: hunt, counterattack and adversary simulation

VB2023 paper: How to develop MoleRats defensive strategies: hunt, counterattack and adversary simulation

Generic script emulation

VB2023 paper: Generic script emulation

Building a cybersecurity AI dataset for a secure digital society

VB2023 paper: Building a cybersecurity AI dataset for a secure digital society

The Dragon who sold his Camaro: reversing a custom router implant

VB2023 paper: The Dragon who sold his Camaro: reversing a custom router implant

C2F2: a framework for detecting C2 frameworks at scale

VB2023 paper: C2F2: a framework for detecting C2 frameworks at scale

MEGALO-(414E)-DON: uncovering data espionage, blackmailing and shell companies in mobile lending apps

VB2023 paper: MEGALO-(414E)-DON: uncovering data espionage, blackmailing and shell companies in mobile lending apps

Teasing the secrets from threat actors: malware configuration extractors

VB2023 paper: Teasing the secrets from threat actors: malware configuration extractors

Web3 will bite you in the Web 2.0: exploring IPFS threats

VB2023 paper: Web3 will bite you in the Web 2.0: exploring IPFS threats

The Dropping Elephant never dropped

VB2023 paper: The Dropping Elephant never dropped

Corporate users in the crosshairs as malvertising gains momentum again

VB2023 paper: Corporate users in the crosshairs as malvertising gains momentum again

SharpTongue: pwning your foreign policy, one interview request at a time

VB2023 paper: SharpTongue: pwning your foreign policy, one interview request at a time

DNS "takeover": the full journey and redemption

VB2023 paper: DNS "takeover": the full journey and redemption

Infostealers: investigate the cybercrime threat in its ecosystem

VB2023 paper: Infostealers: investigate the cybercrime threat in its ecosystem

The rise of China-based financially motivated threat actors?

VB2023 paper: The rise of China-based financially motivated threat actors?

TIPS: Exploring the efficacy of community-driven TI: a real-world approach

VB2023 TIPS presentation: Exploring the efficacy of community-driven TI: a real-world approach

TIPS: Little crumbs can lead to giants

VB2023 TIPS presentation: Little crumbs can lead to giants

TIPS: All for value and value for all – 'Responding RFIs: the merit lies in the difficulty'

VB2023 TIPS presentation: All for value and value for all – 'Responding RFIs: the merit lies in the difficulty'

TIPS: Why joining forces can help solve the crime… or not

VB2023 TIPS presentation: Why joining forces can help solve the crime… or not

TIPS: Dream on: exploring the community effect in cybersecurity

VB2023 TIPS presentation: Dream on: exploring the community effect in cybersecurity

TIPS: AI-based digital evidence enhancement technology for profiling attack groups and techniques to respond to cybersecurity threats

VB2023 TIPS presentation: AI-based digital evidence enhancement technology for profiling attack groups and techniques to respond to cybersecurity threats

TIPS: The global state of scams 2023

VB2023 TIPS presentation: The global state of scams 2023

TIPS: Securing the future: the vital role of computer security vendors in an AI-driven world

VB2023 TIPS presentation: Securing the future: the vital role of computer security vendors in an AI-driven world

TIPS: Emotet in 2023: a comprehensive overview for decision makers on the resurgence, evolution and threat landscape

VB2023 TIPS presentation: Emotet in 2023: a comprehensive overview for decision makers on the resurgence, evolution and threat landscape

TIPS: Operation Cookiemonster – the law enforcement response to the notorious Genesis Market

VB2023 TIPS presentation: Operation Cookiemonster – the law enforcement response to the notorious Genesis Market

Deobfuscating virtualized malware using Hex-Rays decompiler

VB2023 paper: Deobfuscating virtualized malware using Hex-Rays decompiler

Workshop: Modern threat hunting

VB2023 workshop led by VirusTotal

Applied one-to-many code similarity analysis using MCRIT

VB2023 presentation: Applied one-to-many code similarity analysis using MCRIT

Keynote address: Solving cyber insecurity

VB2023 keynote: Solving cyber insecurity

TIPS: Evolution vs extinction & the 10th man

VB2023 TIPS presentation: Evolution vs extinction & the 10th man

Data mining, darknet and chat monitoring - a deep dive into Telegram monitoring and the latest features of the AIL framework

VB2023 presentation: Data mining, darknet and chat monitoring - a deep dive into Telegram monitoring and the latest features of the AIL framework

Keynote: The physics of information asymmetry

VB2023 keynote: The Physics of Information Asymmetry

Turla and Sandworm come filelessly

VB2023 paper: Turla and Sandworm come filelessly

W3LL phishing kit - the tools, the criminal ecosystem, and the market impact

VB2023 paper: W3LL phishing kit - the tools, the criminal ecosystem, and the market impact

Unravelling the MOVEit vulnerability: a journey from exploitation to Clop ransomware infestation

VB2023 paper: Unravelling the MOVEit vulnerability: a journey from exploitation to Clop ransomware infestation

Everything happens for a reason: the choices made by ransomware operators

VB2023 paper: Everything happens for a reason: the choices made by ransomware operators

Hit the bullseye: detecting browser exploits abusing the X memory in WebAssembly

VB2023 paper: Hit the bullseye: detecting browser exploits abusing the X memory in WebAssembly

Browser extensions as an emerging threat vector: unveiling the MANGO malware

VB2023 presentation: Browser extensions as an emerging threat vector: unveiling the MANGO malware

FirePeony: a ghost wandering around the Royal Road

VB2023 paper: FirePeony: a ghost wandering around the Royal Road

$100 hardware backdoors – your old routers may be happily spilling corporate secrets

VB2023 paper: $100 hardware backdoors – your old routers may be happily spilling corporate secrets

USB flows in the Great River: classic tradecraft is still alive

VB2023 paper: USB flows in the Great River: classic tradecraft is still alive

Unveiling activities of Tropic Trooper 2023: deep analysis of Xiangoop Loader and EntryShell payload

VB20203 paper: Unveiling activities of Tropic Trooper 2023: deep analysis of Xiangoop Loader and EntryShell payload

It all makes sense if you don't think about it - misinformation in malware analysis

VB2023 presentation: It all makes sense if you don't think about it - misinformation in malware analysis

Reinventing the steal: Arid Viper now with a Rusty flavour

VB2023 paper: Reinventing the steal: Arid Viper now with a Rusty flavour

Partner presentation: Reversing Nim binaries

VB2023 partner presentation: Reversing Nim binaries

Magniber's missteps: because even spiders trip over their own web

VB2023 paper: Magniber's missteps: because even spiders trip over their own web

Silent whispers of malware: unveiling hidden threats in legitimate network traffic

VB2023 paper: Silent whispers of malware: unveiling hidden threats in legitimate network traffic

Addressing the ransomware threat from outside the lab

VB2023 panel discussion: Addressing the ransomware threat from outside the lab

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.