Explore a conference talk from GrrCon 2018 that delves into the challenges and opportunities of malware mitigation through sample detonation and intelligence automation. Learn about the rise of machine learning in security technologies, its impact on file conviction, and the potential hindrances it poses for incident responders. Discover the desired malware workflow incorporating hybrid analysis techniques, including static and dynamic analysis, as well as threat intelligence correlation. Examine real-world examples of malware alerts, code overlap attribution, and targeted operations by threat actors like Berserk Bear. Gain insights into the evolving landscape of cybersecurity and the importance of adapting analysis methods to stay ahead of sophisticated threats.
Overview
Syllabus
Intro
THE RISE OF THE MACHINES.
AND MALWARE WORKFLOWS
A MACHINE LEARNING ALGORITHM WALKS INTO A BAR...
AND THE MACHINE LEARNING ALGORITHM SAYS...
HINDERING US A LITTLE AS INCIDENT RESPONDERS?
MACHINE LEARNING OUTPUT
PROBLEM STATEMENT
More and more security technologies are relying on machine learning for file conviction Greatly improves efficacy and elasticity of detection and prevention mechanisms Makes identifying exactly what is attacking you slightly more difficult Is heavily reliant on static analysis
MALWARE WORKFLOW WE WANT
HYBRID ANALYSIS
Static analysis Dynamic analysis Static analysis of dynamic data sets Threat intel correlation
OPPORTUNISTIC PRICE DISCRIMINATION!
MALWARE ALERT IN FALCON
CODE OVERLAP WITH DRIDEX - ATTRIBUTION
BERSERK BEAR HAS BEEN TARGETING ENGINEERING AND INDUSTRIAL CONTROL COMPANIES.
USED IN THESE OPERATIONS TO REGAIN CONTROL IN THE EVENT PRIMARY METHODS (STOLEN CREDENTIALS) ARE COMPROMISED.
BORING!
SEE YOU MONDAY!
