Catching Cybercriminals Pandering to the Pandemic
Chad Anderson, Tarik Saleh at All The Talks 2020 - Security
Since the initial outbreak of COVID-19, cybercriminals have since found many ways to take advantage of anxious and fearful users. There have been reports of TrickBot campaigns, Ryuk ransomware targeting hospitals, and hackers hijacking routers’ DNS to spread malicious COVID-19 Apps. The DomainTools Security Research Team recently discovered a website luring users into downloading an Android application under the guise of a COVID-19 heat map.
Alongside the devastation of the pandemic, and opportunistic threat actors, we have seen both security organizations, vendors, and individuals do everything they can to minimize additional hardship. We thank them for their ongoing work and dedication.
This webinar will demonstrate how to proactively identify these types of campaigns and provide defenders with strategies to keep themselves, their families, and organization safe. Join Chad Anderson and Tarik Saleh to walk through the entire process of identifying a nefarious domain, mapping connected infrastructure, and reverse-engineering a ransomware attack.
You will learn how:
- The domain was initially discovered luring users into downloading a nefarious Android Application
- Mapping connected infrastructure led to additional IoCs and attribution
Security Researchers conducted ransomware analysis and reverse-engineered the decryption key
- To proactively identify these campaigns and stay a step ahead of threat actors
Chad Anderson
Chad Anderson is a Senior Security Researcher at DomainTools. His background is in security-focused operations and automation that he now applies to building, curating and exploring new data sets for security researchers. He has a particular interest in automation, network security and their intersection. His primary focus leans heavily on leveraging open source technologies to improve deployments, network security and systems administration at DomainTools.
Tarik Saleh
Tarik Saleh is the Senior Security Engineer and Malware Researcher at DomainTools. He has been a technology hobbyist since he got his first computer at age 10 and has over 7 years experience in Information Security in various blue-team roles such as leading a Threat Hunting team, Incident Response and Security Operations. Tarik has worked in the Security space for enterprise companies such as Amazon and Expedia. Security is more of a passion than a ‘9-5’ job for Tarik. Outside of work, you’ll see Tarik and his dog Roland out enjoying the beautiful Pacific Northwest.
Alongside the devastation of the pandemic, and opportunistic threat actors, we have seen both security organizations, vendors, and individuals do everything they can to minimize additional hardship. We thank them for their ongoing work and dedication.
This webinar will demonstrate how to proactively identify these types of campaigns and provide defenders with strategies to keep themselves, their families, and organization safe. Join Chad Anderson and Tarik Saleh to walk through the entire process of identifying a nefarious domain, mapping connected infrastructure, and reverse-engineering a ransomware attack.
You will learn how:
- The domain was initially discovered luring users into downloading a nefarious Android Application
- Mapping connected infrastructure led to additional IoCs and attribution
Security Researchers conducted ransomware analysis and reverse-engineered the decryption key
- To proactively identify these campaigns and stay a step ahead of threat actors
Chad Anderson
Chad Anderson is a Senior Security Researcher at DomainTools. His background is in security-focused operations and automation that he now applies to building, curating and exploring new data sets for security researchers. He has a particular interest in automation, network security and their intersection. His primary focus leans heavily on leveraging open source technologies to improve deployments, network security and systems administration at DomainTools.
Tarik Saleh
Tarik Saleh is the Senior Security Engineer and Malware Researcher at DomainTools. He has been a technology hobbyist since he got his first computer at age 10 and has over 7 years experience in Information Security in various blue-team roles such as leading a Threat Hunting team, Incident Response and Security Operations. Tarik has worked in the Security space for enterprise companies such as Amazon and Expedia. Security is more of a passion than a ‘9-5’ job for Tarik. Outside of work, you’ll see Tarik and his dog Roland out enjoying the beautiful Pacific Northwest.