Unveiling shadows: key tactics for tracking cyber threat actors, attribution, and infrastructure...

Presented at the VB2024 conference in Dublin, 2 - 4 October 2024. ↓ Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Unveiling-shadows-key-tactics-for-tracking-cyber-threat-actors-attribution-and-infrastructure-analysis.pdf ↓ Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Unveiling-shadows-key-tactics-for-tracking-cyber-threat-actors-attribution-and-infrastructure-analysis.pdf → Details: https://www.virusbulletin.com/conference/vb2024/abstracts/unveiling-shadows-key-tactics-tracking-cyber-threat-actors-attribution-and-infrastructure-analysis/ ✪ PRESENTED BY ✪ • Hossein Jazi (Fortinet) ✪ ABSTRACT ✪ In the complex and ever-evolving landscape of cybersecurity, advanced persistent threats (APTs) represent a significant challenge due to their sophisticated and covert nature. These threats, often state-sponsored or highly organized criminal activities, persistently target specific entities with the intent to covertly infiltrate and linger within target networks, achieving espionage, data theft, or sabotage objectives. This talk delves into the cutting-edge methodologies and technologies that cybersecurity professionals employ to track, attribute, and dismantle APTs. We will explore the intricate process of identifying and analysing the digital footprints left behind by these attackers, which involves a meticulous examination of malware signatures, attack vectors, and communication patterns. A significant focus will be on the pivotal techniques for infrastructure tracking and pivoting, which enable defenders to navigate through the maze of servers, domains, and other resources used by adversaries, thereby uncovering the full extent of the threat landscape. Throughout the presentation, we will leverage real-world examples to illustrate how practitioners can effectively track and monitor cyber threat actors. These case studies will highlight successful applications of digital forensics and cyber intelligence techniques in exposing APTs, demonstrating the practical implications of theoretical strategies. Moreover, we will explore the pitfalls of APT tracking, including the consequences of excessive monitoring that may mistakenly link infrastructure to threat actors or the use of inappropriate indicators and methods, causing misattribution of activities. We aim to improve our approaches for precise and streamlined tracking and to impart key practices for robust cybersecurity. Attendees will depart with a deep understanding of the challenges in APT tracking and innovative methods that enable the tracking and attributing of real-world attacks, as well as the mapping of threat actors' infrastructure before it's utilized in an attack.