📚 VB2015 preview: advanced persistent threats

Several conference papers to deal with targeted attacks.

There was a time when analyses of malware and viruses at the Virus Bulletin conference used the number of infections as a measure of the harm done. And while there are still many talks on what is now referred to as 'opportunistic malware', targeted attacks, or APTs, have become a prominent feature of recent conference programmes. VB2015 is no exception.

Those who think that cyber-espionage attacks are the domain of the global superpowers should attend the talk by Check Point researchers Yaniv Balmas, Shahar Tal and Ron Davidson. They will present a paper analysing a custom-made trojan called 'Explosive', which was used by the Volatile Cedar campaign (which we blogged about in April). This campaign has been traced to an actor operating out of Lebanon.

Malware attribution is notoriously hard, but sometimes researchers get help from unexpected sources. Thanks to documents leaked by Edward Snowden, we know that Canadian intelligence is 'moderately certain' that the 'SNOWGLOBE' campaign was conducted by French intelligence. Cyphort researcher Marion Marschalek will present a paper in which she analyses four malware families linked to this campaign: NBOT, Bunny, Babar and Caspar, three of which share names with well-known French cartoon characters.

The 'Derusbi' malware family may not be too familiar a name, but it dates back to at least 2008 and has been used in a number of prominent attacks, from the breach at Mitsubishi Heavy Industries in 2011 to the high-profile Anthem breach from the beginning of this year. Fortinet researchers Micky Pun, Eric Leung and Neo Tan will present a paper in which they look at the malware, its evolution and its use in state-sponsored attacks.

Read more (7 paragraphs)