Presented at
Black Hat USA 2022,
Aug. 11, 2022, 1:30 p.m.
(40 minutes).
When a job offer looks too good to be true… it probably is. As the COVID-19 pandemic has led workers to rethink their careers and long-term goals, threat actors have exploited it as an opportunity to fulfill strategic objectives. Over the past two years, PwC's Global Threat Intelligence team has tracked nation state threat actors as they socially engineered employees at high-profile companies over email, social media and beyond, enticing them with promising job opportunities - only to infect them with malware and disappear.<br><br>In this talk, we unmask how ongoing operations by advanced persistent threats based in different countries (North Korea and Iran) are using recruitment themes to compromise victims. We draw the profiles of three different threat actors that conduct such operations: North Korea-based Lazarus Group and Black Alicanto; an emerging Iran-based intrusion set which we call Yellow Dev 13; and a threat actor targeting former intelligence officers.<br> <br>Phishing is the oldest trick in the book, but this presentation holds the mirror up to threat actors' faces: the ways they use job themes for phishing, from fake career websites to recruiter personae, become the CV we read to learn their capabilities (their tools, techniques, and procedures); the targets they choose become their cover letters, revealing their intelligence requirements and strategic objectives, from counterintelligence to cryptocurrency theft.<br><br>Ultimately, this talk will leave attendees with different insights depending on their role. Business executives will get an overview of the threat landscape and why their organization might be targeted. Defenders will gain actionable intelligence on how to recognize and defend from, activity by advanced persistent adversaries. Ethical hackers might encounter a few tricks to try - and mistakes to avoid! - in phishing exercises and adversary emulation. As for the general audience, they might never open a document or link from a recruiter again.
Presenters:
-
Allison Wikoff
- Director, Global Threat Intelligence, PwC
Allison Wikoff is the Americas Director for the global Threat Intelligence function at PwC. She has 20 years of experience working as a network defender, incident responder, intelligence analyst, and researcher. The focus of the latter half of Allison's career to date has been researching nation-state cyber activity with a focus on Iran. Though she speaks publicly about Iranian operations, she has a passion for tracking all types of cyber threats, both nation state and criminal. Her research interests include emerging threats and threat actor mistakes. She holds numerous industry certifications and an advanced degree from Columbia University where she guest lectures for several information security-focused graduate courses.
-
Sveva Vittoria Scenarelli
- Senior Cyber Threat Intelligence Analyst, PwC
Sveva Vittoria Scenarelli is a Senior Cyber Threat Intelligence Analyst at PwC. Her focus is on tracking advanced persistent threats based in North Korea and China, spanning malware reverse engineering, infrastructure tracking, and intrusion clustering. Sveva holds industry-recognised certifications, and has presented her research at several international conferences including VirusBulletin, CONFidence, and CyberThreat. Sveva's specialty is deep-diving into the activity of threat actors over time to highlight how they change techniques and targeting, and what defenders can do about it.
Links:
Similar Presentations: