Predictive Intelligence: Maximizing Adversary Operational Insights

For the past year, Symantec’s DeepSight Intelligence team has been monitoring the Dyre banking Trojan, in an effort to provide customers with predictive intelligence. This includes tracking updates to the Dyre configuration and management panel in order to identify new financial and private sector targets that are being systematically added by criminal threat actors on a regular basis. In this session the DeepSight team will explain how the Dyre development and targeting process operates, and provide details on new Dyre targets outside of the financial arena that have been observed since September. The speakers will also detail activity on cybercrime forums related to Dyre threat actor activity, including examples relating to the tight control of access to the Dyre botnet. Further insights will be provided through a case study showing Dyre being used by a distinct criminal threat group. The case study will demonstrate how this threat group uses commodity malware interchangeably including Dyre, Dridex, Vawtrak, and POS malware variants and will provide details regarding their established TTPs for malware delivery, management, and infrastructure.