Threat Source newsletter (Jan. 7, 2021)

Threat Source newsletter (Jan. 7, 2021)


Newsletter compiled by Jon Munshaw.

Good afternoon, Talos readers and welcome to the first Threat Source newsletter of 2021.  We hit the ground running already this year with a new Beers with Talos episode. It was recorded back in 2020, but the lessons regarding ransomware attacks and how actors choose their targets are still very much relevant.  

Upcoming public engagements with Talos

Title: “The Crimeware Arms Race: Modern Techniques in Malware Armoring and Evasion” 

Event: CactusCon 

Speakers: Edmund Brumaghin and Nick Biasini 

Overview: As the volume of malware samples in the wild has continued to explode in recent years, a lot of effort has been put into the development of automated analysis platforms. These platforms typically execute files in controlled environments to observe their behavior and determine if the file is benign or malicious. As the use of these technologies has increased, adversaries have invested significant resources in developing techniques to circumvent automated analysis and evade detection. Malware developers are also implementing various techniques to make analysis more difficult. Modern botnets have begun leveraging new technologies to make their infrastructure more resilient to disruption by security organizations and law enforcement. This presentation will describe the latest techniques employed by adversaries to evade analysis and detection. It will also cover the new technologies being leveraged to establish C2 communications channels that are resilient against intervention by the security industry and law enforcement. We will discuss specific examples and walk through detailed case studies where these techniques are being em ..