Building Threat Intelligence presented at CounterMeasure 2012

by Nart Villeneuve,

Tags: Security

Summary : In this presentation Nart Villeneuve will examine targeted malware attacks from the reconnaissance phase through to the data ex-filtration phase. He will demonstrate how such attacks are not isolated incidents but are actually "campaigns" a series of failed and successful intrusions that can be linked and tracked over time. Through careful monitoring it is possible to get an inside glimpse of the attackers command and control infrastructure revealing the scope of the operation. This presentation draws from in-depth investigations of four cyber espionage networks (GhostNet, ShadowNet, LURID and LuckyCat) and focuses on building threat intelligence by developing indicators that can be used to identify the tools, tactics, and procedures used in targeted attacks.