1 00:00:00,230 --> 00:00:02,090 - So hi, my name is Jaromir. 2 00:00:02,090 --> 00:00:05,630 I work in Trend Micro as a cyber threat researcher 3 00:00:05,630 --> 00:00:08,200 and my topic is called cyberespionage 4 00:00:08,200 --> 00:00:11,430 abusing third-party cloud services in targeted attacks. 5 00:00:11,430 --> 00:00:13,680 So what will be my presentation about? 6 00:00:13,680 --> 00:00:15,250 So basically when you are dealing with 7 00:00:15,250 --> 00:00:18,160 malware infrastructure and communication protocols, 8 00:00:18,160 --> 00:00:19,780 you can have two different approaches. 9 00:00:19,780 --> 00:00:21,710 You can have either the custom approach 10 00:00:21,710 --> 00:00:23,150 or a cloud based approach. 11 00:00:23,150 --> 00:00:26,810 In case of custom approach, the threat actors themselves 12 00:00:26,810 --> 00:00:29,169 register their own domains, their own hosting, 13 00:00:29,170 --> 00:00:31,490 they write their own backend scripts, 14 00:00:31,490 --> 00:00:33,910 design communication protocols. 15 00:00:33,910 --> 00:00:37,269 In case of cloud based, they abuse some kind of 16 00:00:37,270 --> 00:00:39,800 legitimate cloud services. 17 00:00:39,800 --> 00:00:41,140 What are these cloud services? 18 00:00:41,140 --> 00:00:43,840 So this overview shows you which services might be abused. 19 00:00:43,840 --> 00:00:46,850 They are renowned services for file sharing, 20 00:00:46,850 --> 00:00:50,140 text storage, communication collaboration services, 21 00:00:50,140 --> 00:00:53,410 version controlling services, and many others. 22 00:00:53,410 --> 00:00:55,279 So in my presentation I will look 23 00:00:55,280 --> 00:00:57,460 at four different APT groups 24 00:00:57,460 --> 00:00:59,610 which I helped to research in the past. 25 00:00:59,610 --> 00:01:01,820 From each group I choose one or two 26 00:01:01,820 --> 00:01:05,099 of their backdoors or file-stealing tools 27 00:01:05,099 --> 00:01:07,530 and I will analyze them for you. 28 00:01:07,530 --> 00:01:10,040 I will show you which services 29 00:01:10,040 --> 00:01:12,300 have been abused and how and what it means 30 00:01:12,300 --> 00:01:14,500 for us researchers, what advantages, 31 00:01:14,500 --> 00:01:18,114 disadvantages and what benefits this can provide to us. 32 00:01:18,114 --> 00:01:21,170 So if you like this topic, please visit my presentation. 33 00:01:21,170 --> 00:01:22,003 Thank you.