DeepSec Talk 2024: RAT Builders – How to Catch Them All – Stephan Berger

Sanna/ September 25, 2024/ Conference/ 0 comments

Cybercriminals now have unprecedented ease in creating their own remote access trojans (RATs), thanks to a plethora of open-source or leaked builders. One can generate a new binary with just a click of a button. We meticulously examine different builders, such as AgentTesla, DCRat, Nanocore, and others, to extract Indicators of Compromise. These indicators serve as valuable instruments for targeted hunting to detect infections within our networks. Building up on my research from last year, “N-IOC’s to rule them all”, we will analyze the binaries the same way, but this time with a focus on open-source builders for RATs. Initially, we scrutinize the distribution channels of different Trojans, pinpointing where individual builders are accessible for download. These sources range from GitHub, hosted as open-source projects, to other online platforms (such as VX-Underground). Subsequently, we

Read More

DeepSec Talk 2024: GenAI and Cybercrime: Separating Fact from Fiction – Candid Wüest

Sanna/ September 11, 2024/ Conference/ 0 comments

Are we standing at the brink of an AI Armageddon? With the rise of Generative AI (GenAI), cybercriminals allegedly now use unprecedented AI tools, flooding the digital world with sophisticated, unblockable threats. This talk aims to dissect the hype and uncover the reality behind the use of GenAI in cybercrime. We will explore the growing use of deepfakes in scams, exemplified by a million dollar fake BEC video conference call. From son-in-trouble scams to KYC bypass schemes, deepfakes are becoming versatile tools for cybercriminals and a nightmare for defenders. Turning to phishing attacks, we’ll discuss how GenAI personalizes and automates social engineering, significantly increasing the volume of attacks. However, they still require an account to send from and some payload. Having the ultimate phishing text does not mean you are not blocked. We’ll also

Read More

DeepSec 2021 Talk: Those Among Us – The Insider Threat facing Organizations – Robert Sell

Sanna/ August 27, 2021/ Conference

Organizations spend a considerable amount of time and money protecting themselves from external threats while practically ignoring the significant threats from within. Cybercrime has an estimated cost of $2 trillion in 2019 with an average cost per data breach of $3.9 million. This global cost is expected to grow to $6 trillion annually by 2021.  In 2018, 34% of those data breaches involved internal factors and this trend continues to grow. This hard on the outside but soft in the middle approach by Information Security departments leaves organizations susceptible to a variety of insider threats that could be avoided. In this talk, I will present the extent of the issue, the types of insider threats to expect and how organizations can mitigate these risks. We asked Robert a few more questions about his talk.

Read More

DeepSec 2018 Talk: Without a Trace – Cybercrime, Who are the Offenders? – Edith Huber & Bettina Pospisil

Sanna/ September 14, 2018/ Conference, Security

Cybercrime is a worldwide and diverse phenomenon, which needs multidisciplinary and global prevention and intervention strategies. Regarding the situation in Austria, no evidence-based scientific analysis exists that depicts the bright field of Cybercrime. Therefore an interdisciplinary research group investigated the phenomenon cybercrime regarding the questions – Edith Huber and Bettina Prospisil will present their findings at DeepSec 2018. We asked them a few questions about their talk: Please tell us the top 5 facts about your talk. We will talk about cybercrime, offender profiling, the typical modus operandi and successful methods to apprehend offenders. How did you come up with it? Was there something like an initial spark that set your mind on creating this talk? Cybercrime is a worldwide and diverse phenomenon, which needs multidisciplinary and global prevention and intervention strategies. Regarding the situation

Read More

DeepSec 2017 Talk: Who Hid My Desktop – Deep Dive Into hVNC – Or Safran & Pavel Asinovsky

Sanna/ October 17, 2017/ Conference

Seeing is believing. If you sit in front of your desktop and everything looks as it should look, then you are not in the Matrix, right? Right? Well, maybe. Manipulating the surface to make something to look similar is a technique also used by phishing, spammers, and social engineers. But what if the attacker sitting on your computer does not need to see what you see? Enter hidden virtual network computing where malicious software controls your system, and you don’t know about it. Since the past decade, financial institutions are increasingly faced with the problem of malware stealing hefty amounts of money by performing fraudulent fund transfers from their customers’ online banking accounts. Many vendors attempt to solve this issue by developing sophisticated products for classifying or risk scoring each transaction. Often, identifying legitimate

Read More

Mythbusting: Anti-Virus Research considered dangerous

Sanna/ August 18, 2017/ High Entropy, Internet, Security Intelligence, Stories

Everyone doing research in information security or doing any work in this field takes some risks. Since most of the „cyber stuff“ is black magic to others not working in this context, there are a lot of problems and severe misunderstandings. The Crypto Wars still haven’t been decided in favour of mathematics. Real people prefer end-to-end encryption over insecure communication all of the time. Proposals of severely damaging information security for all of us by using sanctioned malicious software are still being debated in parliaments. Backdoors, covert or otherwise, are no line of any defence, as many military strategists will readily tell you. Marcus Hutchins was in the news recently, because of claims that he developed a strand of malware tied to attacks on financial institutions. While you can debate all you want about

Read More

Decline of the Scientific Method: New (Austrian) “Trojan” Law without Technical Expertise

Sanna/ August 3, 2017/ Discussion, High Entropy, Security

The Crypto Wars are still raging despite everyone relying on secure communication. Everyone means everyone. The good thing is that mathematics still works, even though some people wouldn’t want it to. The latest cryptographic review comes from Amber Rudd, the current UK Home Secretary. She said recently: “Real people often prefer ease of use and a multitude of features to perfect, unbreakable security.” The corollary in turn states that DeepSec conferences aren’t attended by real people. Since we are not yet a purely robot-based event, there is something wrong with this approach to secure communication. The common denominator is simply the lack of technical expertise. There is no surprise there. Ever since the Internet was discovered by the rest of the world (which was in the 1990s, don’t get fooled by web sites who

Read More

Digital Security of the Future: Technology and Algorithms alone are no Substitute for Strategy

René Pfeiffer/ July 14, 2017/ Conference, Security Intelligence

Unfortunately, you can not rely on antivirus programs when it comes to the security of your own business. Antivirus programs do not read newspapers, they do not attend lectures, they don’t protect you from social engineering or know the meaning of Facebook friends or Twitter tweets. False friends, indeed. The continuous monitoring and evaluation of threats is the next step in information security. This aspect has always been an important part of digital defense. Today’s discussion often centers around the term Security Intelligence, which unites different approaches. The DeepINTEL is Austria’s first event, which, since 2012, has been taking up this topic – in all its facets, because modern information security is interdisciplinary. Lectures by experts from various fields of science, defence and industry: At DeepINTEL you have the opportunity to strategically rethink your

Read More

DeepSec 2016 Talk: Assessing the Hacking Capabilities of Institutional and Non-institutional Players – Stefan Schumacher

Sanna/ November 3, 2016/ Conference, Security, Security Intelligence

Cyberwar, Cyberterror and Cybercrime have been buzzwords for several years now. Given the correct context, using cyber has merits. However Cyber-Headlines are full with Cyber-Reports about Cyber-Incidents, Cyber-Hacking and Cyber-Cyber in general. However, that whole discussion does not only suffer from sensationalism of journalists and bloggers, there are also some fundamental problems, says Stefan Schumacher. We are still lacking useful definitions for modern IT security threats and we still have to think about the assessment of capabilities in the IT field.Besides institutional actors like states and their military and intelligence community we also have to assess the capabilities of non-institutional actors like terrorist groups or organised crime. Unlike the assessment of classic military strength (eg. fighting power or Kriegsstärkenachweise), assessing the capabilities and powers of actors in the IT field is much more complicated

Read More

DeepSec2016 Talk: Cover Your SaaS: Protecting Your Cloud With Analytics and Machine Learning – Ian Thornton-Trump

Sanna/ September 24, 2016/ Conference, Security, Security Intelligence

Some people call military intelligence an oxymoron. This usually happens when something goes wrong. It might be due to sloppy reconnaissance, operations, or simply bad luck. While it’s always good to have someone or something to blame, things are not so easy in modern „cyberspace“. Improving your security means to have something to base this improvement on. Despite the fact that being lucky is never a bad thing, the selection of your defences and the assessment of the threats you are facing need to be based on something more solid. IT departments have been mining logs and other kind of raw materials that produce metrics for decades. Every once in a while there is a new trend. Now that we can store enormous amounts of data and can access it, we have a lot

Read More

DeepSec Video: A Death in Athens – The inherent Vulnerability of “Lawful Intercept” Programs

René Pfeiffer/ January 20, 2016/ Conference, Discussion

In politics it is en vogue to create new words by connecting them. The words „cyber“ and „lawful“ come to mind. You can add „crime“ and „intercept(ion)“, and then you got something. Actually you can combine both of the latter words with the first two. Either combination makes sense if you take a look at the Athens Affair. More than ten years ago the lawful interception modules of Vodaphone Greece were used to eavesdrop on the Greek government. Kostas Tsalikidis (Κώστας Τσαλικίδης) , Vodaphone’s network planning manager, was found dead in his apartment. At DeepSec 2015 James Bamford talked about what the Athens Affair really was and shed light on the many uses of the lawful intercept systems which are mandatory for most telecommunications equipment. We don’t know how many Athens Affairs are still

Read More

DeepSec 2013 Video: Future Banking And Financial Attacks

René Pfeiffer/ February 24, 2014/ Conference, Security

Predicting the future is very hard when it comes to information technology. However in terms of security analysis it is vital to keep your head up and try to anticipate what attackers might try next. You have to be as creative as your adversaries when designing a good defence. This is why we invited Konstantinos Karagiannis (BT) to DeepSec 2013.  Konstantinos has specialized in hacking banking and financial applications for nearly a decade. Join him for a look at the most recent attacks that are surfacing, along with coming threats that financial organizations will likely have to contend with soon.

Stealing Digital Assets with Knives

René Pfeiffer/ October 22, 2011/ Discussion, High Entropy

This article on the ElReg® web site caught my attention today. Police forces in England and Wales read the statistics stemming from crime reports more closely. They think to have found a correlation between the increase of robbery and robbery with knives and the demand for smartphones to sell on the black market. The stolen devices could now be in demand for the hardware (probably), the software (doubtful) or the identity information stored on them (what about this, then?). The protection level of personal data and identity information is quite low for most phone owners. Of course, there are „lies, damned lies and statistics“ and you have to be careful to draw conclusions from a quick glance of a news article. Then again correlations is what you are interested in when building your radar.

Read More

Analysis of Governmental Malware

René Pfeiffer/ October 9, 2011/ Odd, Security, Stories

There is a ongoing discussion about the use of malicious software for criminal investigations. German and Austrian agencies use the term „Online-Durchsuchung“ (online search) or „Quellen-Telekommunikationsüberwachung“ (source telecommunications surveillance) for investigative measures that cover the source of telecommunication messages (which is usually a suspect’s computer or telephone). In context with malicious software used for this purpose the unofficial term „Bundestrojaner“ (federal trojan horse) was coined. On 27 Februar 2008 the German Federal Constitutional Court ruled that the online search and Internet surveillance rules violate the German constitution and have to be reviewed (you can read the explanation of the Court in German here). Yesterday the Chaos Computer Club (CCC) published a detailed analysis of a „lawful interception malware“. The results have a profound impact on security since the design of the malware allows attackers

Read More

Talk: Insight Into the Russian Black Market

René Pfeiffer/ September 7, 2011/ Conference

You have all heard the term cybercrime, and you have heard about all things cybercrime – stolen credentials, data theft, fraud, blackmail and more. You may have heard the there are markets for goods connected to computer crime. You may have heard that there’s a lot of money in it (enough to pay off the national debts of most states including the USA, if you total all reports on damages by cybercrime). As usual the problems lie in connecting the dots. What are the mechanisms behind these black markets? What are the goods? Who pays for them and by which means? Surely you cannot just walk into a chat room, drop your credit card number and part with the digital loot, or can you? What if you end up being a trade object yourself?

Read More