Threat Group Fingerprints, with VR Demo by Christiaan Beek
Details
Pizza and other nibbles will be available (thanks to McAfee).
Talk Details:
The Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy and 10 Days of Rain attacks are all believed to originate from North Korea. But how can they be attributed with certainty? And what connection does a DDoS and disk-wiping attack from 4 July 2009 have with WannaCry, one of the largest cyber attacks in the history of the cyber sphere?
From the Mydoom variant Brambul, to the more recent FallChill, WannaCry, and targeting of cryptocurrency exchanges, there is a distinct timeline of attacks beginning from the moment North Korea entered the world stage as a significant threat actor. Bad actors have a tendency to unwittingly leave fingerprints on their attacks, allowing researchers to connect the dots between them. North Korean actors have left many of these clues in their wake and throughout the evolution of their malware arsenal. In this session, attendees will view code analysis illustrating key similarities between samples attributed to North Korea, a shared networking infrastructure, and other revealing data hidden within the binaries. All of these puzzle pieces will be put together and using a VR demo to illustrate the connections between the many attacks attributed to North Korea and to categorize different tools used by specific teams of their cyber army.
About Christiaan:
Christiaan Beek, lead scientist & sr. principal engineer is part of Mcafee’s Office of the CTO leading strategic threat intelligence research within Mcafee. He coordinates and leads passionately the research in advanced attacks, plays a key-role in cyberattack take-down operations and participates in the NoMoreRansom project. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee’s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs threat intelligence systems, performs malware and forensic analysis, pentesting and coaches security teams around the globe. He is a passionate cybercrime specialist who has developed training courses, workshops, and presentations. He speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides conferences, he is also frequently teaching at universities, Police Academies and public schools to recruit, mentor and train the next generation of cyber-security specialists. Beek contributed to the best-selling security book "Hacking Exposed." and has two patents pending. Twitter: @ChristiaanBeek