Tag Archives: Noushin Shabab

The Truth On Cyberespionage @ 3rd Kaspersky APAC Conference

October 13, 2017, 2017 – Kaspersky Lab unriddles today the mysterious threat of cyberespionage against countries, critical infrastructure, and companies in the region as part of its 3rd Asia Pacific (APAC) Cyber Security Weekend in Phuket, Thailand.

The company’s annual cybersecurity conference in the region will bring together its top security experts along with industry professionals and journalists from 11 countries across APAC. The four-day event will highlight presentations from its top security researchers to reveal the truths and bust myths about cyberespionage, an alarming threat which has crossed the worlds of fiction and reality.

“Cyber espionage is a dangerous and costly threat targeting nations and corporations around the world, including nations right here in the Asia Pacific region. Kaspersky Lab today aims to sound the alarm louder about this imminent danger so we can step up our efforts to strengthen our infrastructure and protect the public,” says Stephan Neumeier, Managing Director at Kaspersky Lab APAC.

Don’t forget to check out our earlier article – The Kaspersky Palaeontology of Cybersecurity Conference!

 

Kaspersky Cybersecurity Experts On Cyberespionage

Four cybersecurity experts from Kaspersky Lab’s Global Research & Analysis Team (GReAT) topbill this year’s APAC Cyber Security Weekend and will zero in on the state of targeted attacks in APAC countries from past to present and how governments, businesses, and concerned industrial sectors can beef up their cyber defenses.

Vitaly Kamluk, Kaspersky Lab’s Director of GReAT in APAC, will open up the discussion by looking back at major cyber attacks that have hit public and private organizations over the past years in countries around the region.

“Cyberespionage, a subset of intelligence activities in cyberspace, is covert by nature. The new generation of spies are not doing physical James Bond-style operations anymore — they are regular software developers and system operators. Their achievements remain in the darkness until researchers like Kaspersky GReAT discover and document their activities. The attackers are not writing the history of cyberattacks, but researchers do. And it doesn’t come as easy making documentaries or writing memoirs. The work of researchers require high concentration and solving of multiple difficult logical problems on the way, which is why these stories are so valuable,” explains Kamluk.

Also by Vitaly Kamluk – The Palaeontology of Cyberattacks and The BitScout Free Cyber Forensics Tool.

Kaspersky Lab’s 2016 report titled “Measuring the Financial Impact of IT Security on Businesses” has found that targeted attacks, including cyberespionage, are among the most expensive types of attack. The study further shows these threats can cost up to $143,000 in losses for small businesses and $1.7 million for enterprises.

The global cybersecurity company’s cyberespionage report also reiterates that businesses in all sectors and of all sizes are vulnerable to a targeted attack. A Fortune 500 company is at risk as a two-man startup as both entities hold business data.

Aside from monetary loss, businesses and even government agencies lose confidential data and the trust from their stakeholders and customers in the wake of a successful cyberespionage campaign.

Seongsu Park, GReAT’s Senior Security Researcher based in South Korea, will specifically talk about the role of a company’s infrastructure in a successful targeted attack.

Park is among the Kaspersky Lab researchers who have been closely monitoring the activity of the high-profile cyberespionage group, Lazarus, a cybercriminal gang believed to be behind the $81-million Bangladesh Bank heist last year. He said thorough analysis on this group proved that many servers of big corporations are being used by the cybergang as launchers of their attacks against these same enterprises.

Also by Seongsu Park – The South Korean Cyberattacks – From Military To ATM

To answer the who’s and how’s of a cyberespionage campaign, Noushin Shabab, Senior Security Researcher at Kaspersky Lab’s GReAT based in Australia, will discuss the forensic techniques and critical analysis being carried out by researchers for years to be able to understand an attack and to unmask its perpetrators.

“Like paleontologists collecting the tiniest bones to be able to unearth a full artefact, cybersecurity researchers examine the leftovers of a malicious campaign, chase the trail of clues until we have gathered all the necessary pieces of the puzzle, and collate and compare evidences with fellow experts to be able to know the attackers behind an attack, their main goal, their techniques, and the length of their attacks. All the historic information we have gathered through investigating targeted attacks all these years helped us discover the truths and the myths of cyberespionage in the Asia Pacific region,” says Shabab.

Also by Noushin Shabab – Tracking The Spring Dragon Advanced Persistent Threat

[adrotate group=”2″]

Yury Namestnikov, Senior Malware Analyst at Kaspersky Lab’s GReAT, will explain the trend of cyberespionage groups focusing on attacking financial organizations in the region using the now infamous ransomware to gain monetary rewards. He will also reveal the techniques used by these groups to mask destructive wiper-attack as an ordinary cybercriminal activity.

Aside from elite cybersecurity experts from Kaspersky Lab, the global cybersecurity company’s “Data Guardian” named Midori Kuma will also grace the conference. Midori Kuma, who will be in Asia Pacific for the first time, is Kaspersky Lab’s original character tasked to remind internet users on how to keep their data safe from cybercriminals.

Guest speaker Kyoung-Ju Kwak, Security Researcher at the Computer Emergency Analysis Team of Korea’s Financial Security Institute will talk about Andariel, a threat actor connected to the Lazarus group and responsible for card leakage and illegal ATM withdrawals in South Korea.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Kaspersky Palaeontology of Cybersecurity Conference

Last week, Kaspersky Lab invited us to their security conference on the sidelines of INTERPOL World 2017. Titled as the Palaeontology of Cybersecurity, it focused on Kaspersky Lab’s efforts and abilities in dissecting malware and cyberattacks and tracing their sources.

It was a riveting look at how they tackled the thousands of cybersecurity threats that are active every day – from those that hit the news, like WannaCry and NotPetya, to those that continue to quietly cause damage and losses to consumers and corporations alike.

We also had the opportunity to hear from Eugene Kaspersky himself, as well as Jason Wells, an ex-military intelligence officer, who now helps companies tackle electronic surveillance and corporate espionage. Finally, we had a whole hour to grill them all on anything we wanted!

A lot was covered during the conference, so we will split them up into multiple articles :

We also had the opportunity to grill Eugene Kaspersky on his run-in with the US Senate. Make sure you check out our exclusive conversation with him :

For the video clips and a quick summary of each, please continue below.

 

The Palaeontology Of Cyberattacks

He shared how Kaspersky Labs performed digital forensics, literally the palaeontology of digital monsters, to trace their creators and to learn how to shut them down.

Please check out the full article on his presentation > The Palaeontology of Cyberattacks by Vitaly Kamluk.

[adrotate group=”1″]

 

The BitScout Cyber Forensics Tool Revealed!

BitScout is a free and open-source tool that can be used for the remote forensic investigation or collection of data from a compromised system, without risk of contamination or loss of data.

Please check out the full article on BitScout > The BitScout Free Cyber Forensics Tool Revealed!

 

South Korean Cyberattacks – From Military To ATM

Seongsu Park details how Kaspersky GReAT researchers traced the disparate South Korean cyberattacks and found the similarities that connected them.

Please check out the full article on his presentation > The South Korean Cyberattacks – From Military To ATM

Next Page > The Palaeontology of Cybersecurity Conference Part 2

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Spring Dragon / Lotus Blossom Advanced Persistent Threat

Noushin Shabab recounts how her team tracked the Spring Dragon APT (Advanced Persistent Threat) attacks across the South China Sea region.

Please check out the full article on her presentation > Tracking The Spring Dragon Advanced Persistent Threat.

 

The Latest Cyber Technical Surveillance Counter-Measures (TSCM)

Former military intelligence officer Jason Wells gives an overview of cyber technical surveillance counter-measures over the years and in the future!

Please check out the full article on his presentation > The Latest Cyber Technical Surveillance Counter-Measures (TSCM)

 

Cyberspace – The Survival Guide

In this engaging 35-minute talk, Eugene Kaspersky shares with us his opinions on the evolving cybersecurity threats and how we can survive them.

Please check out the full article on his presentation > Eugene Kaspersky Presents Cyberspace –  The Survival Guide

[adrotate group=”1″]

 

The Kaspersky Lab Security Conference Q&A Session

At the end of the conference, we had an hour to question the Kaspersky Lab experts, Eugene Kaspersky and Jason Wells. Check out the complete Q&A session!

 

Eugene Kaspersky Interview Exclusive : No Kremlin Ties!

I took the opportunity to grill Mr. Kaspersky on his run-in with the US Senate over accusations of personal ties to the Kremlin and close affiliation with Russian intelligence agencies. Check out this exclusive video of our exchange!

Please check out the full article on this exclusive interview > Eugene Kaspersky Interview Exclusive : No Kremlin Ties!

Go Back To > First PageEvents | Home

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Tracking The Spring Dragon Advanced Persistent Threat

In her role as a Senior Security Researcher in the Kaspersky Global Research & Analysis Team (GReAT), Noushin Shabab is responsible for the investigations of targeted cyberattacks with a primary focus on Australia and New Zealand. At the Kaspersky Lab Palaeontology of Cybersecurity conference, she recounted how her team tracked the Spring Dragon APT (Advanced Persistent Threat) attacks across the South China Sea region.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

 

The Spring Dragon Advanced Persistent Threat

In early 2017, Kaspersky Lab researchers noted increased activity by an APT called Spring Dragon (also known as Lotus Blossom). The attacks involved new and evolved tools and techniques and targeted countries around the South China Sea. Kaspersky Lab’s experts have published their analysis of the attackers’ toolset over time in order to help organizations better understand the nature of the threat and protect themselves.

Spring Dragon is a long-running threat actor that has been targeting high profile political, governmental and educations organisations in Asia since 2012. Kaspersky Lab has been tracking the APT for the last few years.

According to Kaspersky Lab telemetry, Taiwan had the largest number of attacks followed by Indonesia, Vietnam, the Philippines, Macau, Malaysia, Hong Kong and Thailand. To help organizations better understand and protect against the threat, Kaspersky Lab’s researchers have undertaken a detailed review of 600 Spring Dragon malware samples.

Kaspersky Lab’s overview of Spring Dragon’s tools shows that:

  • The attackers’ toolset includes a unique customised set of links to command and control servers for each malware: the malware samples contained more than 200 unique IP addresses overall.
  • This toolset was accompanied by customised installation data for each attack to make detection difficult.
  • The arsenal includes various backdoor modules with different characteristics and functionalities – although they all have the capability to download additional files to the victim’s machine, upload files to its servers and execute any executable file or command on the victim’s machine. This allows the attackers to undertake a number of malicious activities on the victim’s machine – particularly cyberespionage.
  • The malware compilation timestamps suggest a time zone of GMT +8 – although the experts warn that does not represent a reliable indicator of attribution.

Noushin Shabab concludes, “We believe that Spring Dragon is going to continue resurfacing regularly in the Asian region and it’s important to be familiar with its tools and techniques. We encourage individuals and businesses to have good Yara rules and other detection mechanisms in place and strongly recommended they use – and regularly audit – a multi layered approach to security.” 

 

How Do You Protect Against Spring Dragon & Other APTs?

[adrotate group=”2″]

In order to protect your personal or business data from cyberattacks, Kaspersky Lab advise the following:

  • Implement an advanced, multi-layered security solution that covers all networks, systems and endpoints.
  • Educate and train your personnel on social engineering as this method is often used to make a victim open a malicious document or click on an infected link.
  • Conduct regular security assessments of the organisations IT infrastructure.
  • Use Kaspersky’s Threat Intelligence that tracks cyberattacks, incident or threats and provides customers with up-to-date relevant information that they are unaware of. Find out more at intelreports@kaspersky.com.

Next Page > The Spring Dragon (Lotus Blossom) APT Presentation Slides

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Spring Dragon (Lotus Blossom) APT Presentation Slides

Here is the complete set of slides from Noushin Shabab’s presentation on the Spring Dragon (Lotus Blossom) APT attacks.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

Go Back To > First PageArticles | Home

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!