Photo Cred: Forbes
Last week, I had the pleasure of speaking at Virus Bulletin on the recent news of iPhone (first reported on by Google Project Zero) and Android (first reported on by Volexity) mobile malware being used to target Tibetans (as reported by Citizen Lab) and Uighur Muslims inside and outside the People’s Republic of China. Lots of great research is linked above and you should definitely read it.
Whenever events like these occur, researchers from many organizations are researching pieces of it. If you are interested in Chinese APT attacks against these groups, certainly take a look.
One of the most interesting things to me when looking into these attacks is the sophistication and persistence of the adversary. As vulnerabilities got patched, they reused what pieces they could from their attacks and discovered new vulnerabilities to maintain their ability to action on the surveillance objectives. Some of the tools used indicate relationships to other Chinese APT groups, and certainly these types of attacks could be used against truly foreign adversaries as well.Read More
The chief problem with cyber security is that most of our tools and workforce is geared to waiting for adverse events, detecting those events (sometimes months after the fact), investigating the breach that has already occurred, and then cleaning up. This slow and reactive process ensures breaches happen and security staff us overwhelmed under the noise.
This talk will focus on automation and machine learning techniques that can proactively identify threats seen in the wild based on the latest academic research. This techniques allow organizations to identify suspect infrastructure before it is used to attack them. The key to making this work is infusing machine learning with knowledge of how actual attacks work and the threat landscape. Machine learning without intelligence is merely gussied up mensa math exercises.