Newsletter compiled by Jon Munshaw.
Good afternoon, Talos readers.
We are excited to finally share this LockBit research paper with you all after months of work. Some of our researchers spoke to a ransomware operator, which provided us insight into a threat actor’s day-to-day goals and tactics. The paper includes information on how the attacker chooses its targets and why it’s easier for the attacker to operate in some countries than others.
Upcoming public engagements with Talos
Event: CactusConDate: Feb. 6 - 7
Speakers: Edmund Brumaghin and Nick Biasini
Overview: As the volume of malware samples in the wild has continued to explode in recent years, a lot of effort has been put into the development of automated analysis platforms. These platforms typically execute files in controlled environments to observe their behavior and determine if the file is benign or malicious. As the use of these technologies has increased, adversaries have invested significant resources in developing techniques to circumvent automated analysis and evade detection. Malware developers are also implementing various techniques to make analysis more difficult. Modern botnets have begun leveraging new technologies to make their infrastructure more resilient to disruption by security organizations and law enforcement. This presentation will describe the latest techniques employed by adversaries to evade analysis and detection. It will also cover the new technologies being leveraged to establish C2 communications channels that are resilient against intervention by the security industry and law enforcement. We will discuss specific examples and walk through detailed case studies where these techniques are being employed, as well as how to defend again ..
Support the originator by clicking the read the rest link below.
){kind=link}