Laura Varano Relatore
Laura works as Cyber Threat Analyst at Nozomi Networks, creating detections and researching current IoT and OT threats. She has previous experiences as forensic analyst, OSINT analyst and penetration tester in the public and private sector.
- Could Threat Actors Be Downgrading Their Malware to Evade Detection? With the constantly changing landscape of IoT botnets it requires a certain effort to stay on top of all the changes introduced by attackers daily to make sure that both adequate detections and the right naming constantly remain in place. Surprisingly, the quality and the arsenal of malware functionality is not always improving or increasing in quantity. In this presentation, we are going to explore some peculiar modifications introduced by the botnet developers over time and try to find an explanation for them. More specifically, in this talk we are going to describe what type of attacks are observed from our chain of honeypots as initial vectors, we will then describe the functionalities of two very similar samples distributed as second stage with the same initial vector. We will highlight their code similarities and differences, and compare them with the well known Mirai and Gafgyt IoT botnets. Finally we are going to explore some peculiar modifications introduced by the botnet developers over time and try to find an explanation to them. - 12:15/13:00, 03 Dec 2022