BT-2043 Large Scale Botnet Analysis

Presented at Texas Cyber Summit 2019, Oct. 10, 2019, 1 p.m. (60 minutes).

Large Scale Botnet Analysis – Massive botnet spreader campaign that we have dissected and are actively tracking. Carbon Black's Threat Analysis Unit (TAU) uncovered various new and otherwise previously unknown components of a prominent cryptocurrency mining campaign. The botnet overseeing the operation leverages unique attack patterns that are designed to bypass application whitelisting, provide remote access, collect and exfiltrate sensitive information, and likely sell access to hundreds of thousands of compromised hosts. This multistage campaign highlights the need to remain vigilant in protecting your organization, as threats that may start off as commodity malware may transform and evolve into complex attacks over time. We'll dive deep into this campaign and present findings which: 1) demonstrate the weaponization of commodity threats, 2) highlight the potential hidden impacts of commodity malware, and 3) show how attribution models can be misleading in an active threat economy.

Presenters:

  • Greg Foss - Carbon Black
    Greg Foss is a Senior Principal Researcher with Carbon Black's Threat Analysis Unit (TAU) where he focuses on detection engineering, security efficacy, and bypasses across the diverse product line. In previous roles, Greg led a Threat Research team, built and ran a Global Security Operations program, consulted in penetration testing, and worked as a security analyst for the federal government. Greg is a very active member of the Denver information security community who loves to give back and support the industry.

Links:

Similar Presentations: