Presented at
DeepSec 2020 „The Masquerade“,
Unknown date/time
(Unknown duration).
Check Point Researchers recently discovered an ongoing, evolving campaign from a known hackers' group, "DarkCrewFriends." This campaign targets PHP servers, focusing on creating a botnet infrastructure that can be leveraged for several purposes such as monetization and shutting down critical services.
DarkCrewFriends has been quite active over the last few years. The group offers a variety of services ranging from bots to traffic services for websites, and was mentioned as the party responsible for causing a data breach in an Italian news site.
The attack chain of the current campaign includes exploiting an unrestricted file upload vulnerability, uploading a malicious PHP web shell, and communicating with a C&C server using an IRC channel. The attackers can leverage the malware's capabilities for various scenarios, such as DDoS attack types and shell command execution.
In the presentation we will present our findings, from the detailed entire attack chain walk through to sharing unique insights on the threat actors.
Presenters:
-
Ori Hamama
- Check Point Software Technologies
Ori Hamama is a software engineer and security researcher. He has been writing code from the age of 12 and has worked at various startups and enterprises ever since. Today he is Research Team lead at in the Network Research and Protection Group at Check Point, discovering interesting campaigns. Ori specializes in web security and network technologies.
Liron Yosefian is a Security Analyst in the Network Research and Protection team at Check Point. We analyze the threat landscape and provide the best security coverage to our customers while discovering and analyzing new malware campaigns. I have been working at Check Point for the last 5 years in various positions in the company. I arrived at Check Point as a Graphic Designs graduate, and there I discovered the Cybersecurity world.
-
Liron Yosefian
- Check Point Software Technologies
Ori Hamama is a software engineer and security researcher. He has been writing code from the age of 12 and has worked at various startups and enterprises ever since. Today he is Research Team lead at in the Network Research and Protection Group at Check Point, discovering interesting campaigns. Ori specializes in web security and network technologies.
Liron Yosefian is a Security Analyst in the Network Research and Protection team at Check Point. We analyze the threat landscape and provide the best security coverage to our customers while discovering and analyzing new malware campaigns. I have been working at Check Point for the last 5 years in various positions in the company. I arrived at Check Point as a Graphic Designs graduate, and there I discovered the Cybersecurity world.
Links:
Similar Presentations: