Presentations - Costin Raiu - Keynote presentation: APT Paleontology in the age of cyber

  • Speaker: Costin Raiu
  • Date and time: 20. October 2017. 09:05 - 09:45

Sometimes, APT researchers can be compared to paleontologists that find bones of a long-gone dinosaur. In these circles, it often happens that some paleontologists have an unusual or rare bone but nobody has the full skeleton. While a normal person finding a dinosaur bone might discard it and keep traveling, in security research we like to collect things. Sometimes we join efforts with other “paleontologists” and share our discoveries. Once we collect enough of bones from a monster to understand potential size, danger and possible habitat, we can start the next phase which is a real active investigation that might lead us to the mysterious mountain lake.

At Kaspersky Lab, we are processing hundreds of thousands of samples every day. The art of figuring out which ones are significant and further yet which ones belong together as part of a big APT attack is akin to finding dinosaur bones in a huge haystack and then figuring out which ones belong to the same skeleton. We are grateful for every bone we discover, because this makes the world a little safer.

Key take-aways from this speech:

  • How do you find which bones are interesting and which are not
  • Using  Yara to hunt cyber-dinosaur skeletons
  • The story of how Yara helped us find a zero-day

Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical