Presented at
VB2019,
Oct. 2, 2019, 4 p.m.
(30 minutes).
In 2018, we investigated what seemed to be a single breach in a large telecommunications company. In the process of assessing data from the breach, we began to see signs of a larger attack campaign and identified the attacker as a nation state actor. Over the course of six months and through multiple waves of attacks, we were able to observe the tools and methodologies used by the attacker, recognize what data they were after, and at times watch the attacker operate on the network with admin privileges. We were able to determine that this attack was far more widespread and far reaching than it appeared. By using various techniques such as OSINTing and cross-correlating data from tools dropped by the attacker across multiple threat intel platforms, we discovered that the attack was part of a much larger, broader campaign against telcos.
Presenters:
-
Amit Serper
- Cybereason
Amit Serper Amit leads the security research at Cybereason's Noctornus group in the company's Boston HQ. He specializes in low-level, vulnerability and kernel research, malware analysis and reverse engineering on Windows, Linux and macOS. He also has extensive experience researching, reverse engineering and exploiting IoT devices of various kinds. Prior to joining Cybereason four years ago, Amit spent nine years leading security research projects and teams for an Israeli government intelligence agency, specifically in embedded systems security (or lack thereof). @0xAmit
-
Mor Levi
- Cybereason
Mor Levi Mor Levi has more than eight years of experience in cyber investigations, incident response, and SIEM/SOC management. She began her career as a team leader in the Israeli Defense Force security operation centre. Later, she led an incident response and forensics team at one of the big four accounting firms providing services to global organizations.
-
Assaf Dahan
- Cybereason
Assaf Dahan Assaf has over 15 years in the infosec industry. He started his career in the Israeli Military 8200 Cybersecurity unit where he developed extensive experience in offensive security. Later in his career he led Red Teams, developed penetration testing methodologies, and specialized in malware analysis and reverse engineering.
Links:
Similar Presentations: