Tiago Pereira – Threat Intel Researcher, at AnubisNetworks
Nivdort is a malware family that has been around for several years. Over these years it has been subject to several improvements and, as a result, today it is a very interesting piece of malware with an uncommonly large number of features that has steadily kept a few botnets running with a high number of infections.
Join us on this webinar to learn more about the Nivdort family and some of its extensive list of tricks (e.g. DGA, P2P, information stealing, email spam, instant messaging spam, bitcoin mining), and about its worldwide infection distribution.
As part of our research work focused on identifying automated network traffic that we can relate with malicious behavior and botnet communications, we often come across with traffic not necessarily related to malicious intent, but that represents a high risk for the companies allowing it to occur on their networks.
Often associated with abandoned ware, policy control failures, or miss configurations, these traffic patterns end up exposing company information and assets to multiple risk levels.
On this webinar, we are going to explore this byproduct of our botnet research, how widespread this problem is, how we can use this to relay risk information to companies, and the several degrees of exposure and impact that this type of traffic can represent.
CERTs and CSIRTs need the proper tool for understanding the Malware threats ongoing within their portfolio of constituents, but also obtain a real, and timely view on the Infection Landscape worldwide, per industries, sectors, and countries.
We have leveraged our renowned Cyberfeed threat Intelligence and developed a Platform specifically designed for Incident Response and Situational Response.
This presentation shows our work, but also hints at the features all CERTs should have to achieve their goals.
Ransomware is on the rise. Only in the first quarter of 2016 a dozen of new families have emerged with Locky leading the way. This webinar will summarize who are the new players, and their technical ability to perform in the ransomware market against the well-established TeslaCrypt and Cryptowall. We will also dive in on how companies can protect themselves against ransomware in general and some of this malware in particular.
BitTorrent is a very well-known protocol for large files distribution over the internet and it’s used by every industry from Linux distributions to copyrighted software and also for more questionable uses. Loved and hated by many, it is today unquestionably part of the internet landscape.
With over 300 million users swapping files via BitTorrent every month, according to startup Tru Optik, with little or no supervision or control, it has also became an important target for malware distribution, explored by criminals worldwide, making both users as well as organizations victims.
In this session we will present a research done by AnubisNetworks Labs team that shows how Bittorrent is an infection vector used by malware creators to compromise machines at a global scale, with minimum effort.
We will provide a historic view concerning the P2P Networks evolution from the early players such as E-Mule, Napster, Kazaa; highligh the Bittorrent protocol and how it works. The methodology used in this research unveiled which applications and operating systems are more vulnerable but more importantly which botnets are more common shipped with torrents and what type of risk they pose to users and organizations.
· Why P2P file sharing is a security risk to both users and organizations
· How malware is disseminated using different type of applications
· Most common types of malware shipped with torrents
In light of recent news about Dridex takedown, AnubisNetworks Labs team would like to take this webinar to share with the community some of the efforts undertaken during this investigation led by the NCA, with our participation, to track this malware and exploit its communication channels.
In March 2015, AnubisNetworks Labs team started analyzing multiple malware samples of the Dridex family which ultimately led to running a fake node inside Dridex botnets.
Dridex has been around since November 2014 and it is an evolution of the malware families known as Bugat, Geodo, Feodo and Cridex. The malware is distributed via email, with a malicious Microsoft Word document as attachment which, once opened, downloads a second stage payload that infects the system.
Primarily targeting homebanking users, it is a malware with various capabilities including man in the browser, keylogger, proxy and VNC. It features a peer-to-peer (P2P) network and uses cryptography on its communication channels.
Dridex botmasters are very active, launching new campaigns against different geographies, hardening the botnet infrastructure with new countermeasures and command and control systems on a regular basis. By hiding inside Dridex, our researchers compiled and gained knowledge about this botnet modus operandi.
In this webinar AnubisNetworks´ security team will share the research done, focusing
Key takeways from this webinar:
· Map Dridex infections of associated botnets;
· Understand the complexity of Dridex communication channels;
Threat intelligence could mean different things to different people, but for AnubisNetworks it is defined as stopping cyber threats by providing actionable threat intelligence from the moment a breach is detected until it is solved.
By combining Cyberfeed technology, the excellence and expertise of AnubisNetworks security team, this webinar will help you understand the roadmap your organization needs to follow to keep safe against cyber threats.
In this webcast we will describe how to use Cyberfeed capabilities to leverage incident response inside an organization. With real-time alerting we will drive you on tracking a malware infection with network and host based indicators of compromise, traveling along the way with memory forensic analysis.
Knowing that your company has been compromised is just the first step in a long road to erase the threat.
Many companies take weeks and sometimes months to address compromised machines due to a lack of real-time notifications or, in many cases, a deep understanding of the malware profile.
Tiago Pereira, Threat Intel at AnubisNetworks will share the methodology used by AnubisNetworks which comprises the combination of Cyberfeed threat intelligence capabilities with the expertise of the security team to dissect and understand the botnet behaviour, destroying capabilities and threat risk for organizations. The first part of the webinar will be dedicated to explaining the methodology and the second how it was applied in a real case study.
In this webinar you will learn:
- AnubisNetworks’ sinkhole techniques and botnet research methodology
- Case study: understand a botnet:
AnubisNetworks Adds Powerful New Features to Cyberfeed Security Intelligence Service.
New Cyberfeed release delivers more visibility into cyber threat vectors and improved enrichment and correlation, providing actionable threat intelligence, as recently attested by Europol in major Ramnit takedown
Botnet sophistication is increasing at an astonishing speed. Malicious actors continually use new resources and develop new methods for attacking organisations for a myriad of reasons but with a simple purpose; to look for vulnerabilities in the whole operating environment and compromise an organisation’s security.
It is estimated that about 16% to 25% of Internet traffic in the world comes from communication between various types of malware. Without an adaptive security approach it becomes challenging for any organisation to process and analyse the sheer volume of data being generated, which is why a different approach is critical. It should involve identifying botnet activity using new methods, leveraged on automation and machine learning techniques, which are best suited to help tackle this challenge.
Join João Gouveia, CTO of AnubisNetworks for a discussion focused on the most common botnet evasion techniques and how to fight them. This webinar will highlight Cyberfeed’s (AnubisNetworks threat intelligence solution) capabilities, to present a cutting edge approach on botnet activity identification, related traffic and risk level.
In this webinar you will learn:
•The main challenges and the current Malware landscape
•Botnet invasion techniques
•A holistic approach to detecting botnet activity, correlating different attack vectors and techniques
Join us at the " The Trojan Horse inside the Trojan Horse: Tackling C2 Communications" webinar where you will learn:
1.Understand AnubisNetworks’ Cyberfeed service, and how it may help your organization to support your threat intelligence program.
2.Understand how to use Cyberfeed to trace back an infection and understand its behavior.
3.Answer these questions:
•What’s happening in country X and network 000.000.0.0/00?
•How is botnet XPTO spreading?
•Can send me the report of Y every day at 7 am?
•Can I get a report for ASN Corporation Z?