Investigating Advanced Persistent Threats

Have you ever wondered how Kaspersky discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. Watch the latest recorded webinar by Costin Raiu, director of Kaspersky’s Global Research and Analysis Team (GReAT), who will be sharing best practices on the use of YARA, an essential tool for APT hunters that can assist with the discovery of new malware samples, exploits and zero-days, speed up incident response, and increase your defenses by deploying custom rules inside your organization.

If you ever wanted to master YARA and achieve a new level of knowledge in APT detection, mitigation and response, now is your chance.

This brief webinar is based on Kaspersky’s exclusive training on YARA rules, which has already helped improve the APT detection strategies of many cybersecurity teams from leading businesses across the world. During the webinar, you will learn how to write test and improve effective YARA rules. You will also get a glimpse of some of our internal tools and learn how to maximize your knowledge for building effective APT detection strategies with YARA.

This practical webinar is useful for security researchers and incident response personnel, malware analysts, security engineers, network security analysts, APT researchers and IT security staff. The content is suitable for both beginners and seasoned YARA users.

During this webinar, you will learn about:

•YARA syntax
•Tips & tricks for creating fast and effective rules
•Using YARA-generators
•Testing YARA rules for false positives
•Hunting new undetected samples
•Using external modules within YARA for effective hunting
•Anomaly search
•Real-life examples

Don’t miss this opportunity to learn about APT threat detection from Kaspersky’s Global Research and Analysis Team.

Attendees’ requirements:
Technical level: medium
Prerequisites: knowledge of basic programming languages
Software to install: YARA 3.11.0 or newer (if any)

The META threat landscape: cyberthreats in the new reality
The world is changing every day and the cyberthreat landscape now fully reflects that. In this webinar, Amin Hasbini and Maher Yamout, security researchers from Kaspersky’s GReAT, will provide an overview of the latest cyberattacks in the META region and share their insights about the new threats to have affected the cybersecurity sector in the past month.

You will learn more about:
∙ Cybersecurity after several months of working remotely: what has changed and what still needs attention
∙ Coronavirus and the threat landscape in the META region
∙ Kaspersky’s latest private threat intelligence findings on the most recent incidents in the region

The third edition of ‘GReAT Ideas. Powered by SAS’, a series of talks held by security researchers from Kaspersky’s GReAT (Global Research and Analysis Team), will conclude this summer with an even more lively discussion, sharing the latest expertise and new hot topics in the cybersec world.
Just like before, ‘GReAT Ideas’ will arm you with information about the threat landscape, including the most recent cases and techniques used in the cybersecurity world, directly from the experts themselves. Enjoy over two hours of presentations and discussions on cutting edge tools, current projects and the most recent APTs discovered by GReAT.
In this webinar you will learn:
•Looking for sophisticated malware in IoT devices by Noushin Shabab
•Cyber-mercenaries: a private intelligence service goes on the hunt by Maher Yamout, Ivan Kwiatkowski and Pierre Delcher
•Not so TransparentTribe: new tools and mobile APT campaigns by Giampaolo Dedola
•HolyWater: a unique insight into a recent water-holing campaign by Ivan Kwiatkowski, Pierre Delcher and Felix Aime
•Using Twitter for open-source intelligence during the COVID-19 pandemic by Santiago Pontiroli

On April 14 and 15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies, which involved the use of Windows and Google Chrome zero-day exploits. The attacks were carried out by PuzzleMaker, a previously unknown advanced persistent threat (APT) actor.

Zero-day vulnerabilities involve the exploitation of an undiscovered and unfixed weaknesses, which makes them particularly difficult to detect and prevent. With attacks that involve zero-day vulnerabilities remaining among the most dangerous ones, and more criminals deferring to their use, detecting such vulnerabilities and swiftly responding to attacks that exploit them is of utmost importance.

In this webcast, Boris Larin, a senior security researcher at Global Research and Analysis Team (GReAT), Kaspersky who specializes in zero-day hunting, and his colleague Oleg Gorobets, senior product marketing manager at Kaspersky, speak about zero-day exploits and reveal:

• What happened in the latest zero-day campaign discovered by Kaspersky
• How the discovery of this zero-day exploit occurred.
• How to protect from zero-day exploits and how Kaspersky’s technologies help to detect such threats.

Attendees will also have the opportunity to participate in the Q&A session at the end of the webinar.

If you are an experienced security researcher or incident responder and deal with malware analysis in a professional capacity and at a scale, you understand how important it is to automate static analysis in order to optimize routine tasks and preserve your work in code for your team. Join Igor Kuznetsov, Chief Security Researcher, Kaspersky GReAT, in this practical webinar, where he unveils his automation know-hows distilled from years of APT research experience. He will also introduce his new online course on Advanced Malware Analysis Techniques. Read more about the course here: https://kas.pr/gr9i In this webinar, Igor will inspect samples from the notorious Bangladesh (Central) Bank heist and use them to walk through the common tasks required for malware analysis: recognizing crypto algorithms and writing decoding tools. 1. Firstly, Igor will analyze the code and data flow using IDA Pro to locate the code used to decrypt the configuration file (“gpca.dat”). 2. Then, he will inspect the code to recognize the common cipher used by the malicious sample. Using that information and Python 3, Igor will create a static decoder to decrypt the file. 3. Finally, the session will discuss ways to improve tooling by creating static analysis frameworks, which are used in the recently launched Kaspersky Advanced Malware Analysis Training. Igor will also introduce the new Advanced Malware Analysis Techniques online course. This self-study, 100% hands-on advanced course is based on 16 real-life, notorious cases including Lazarus, Carbanak, MikiDuke etc. which Igor has personally worked on. The course focuses on static analysis techniques and also features automation of decryption, decoding, and other sample processing techniques. Webinar participants will have the opportunity to win free access to this new online course.

Kaspersky researchers have been monitoring the activity of APT actors, cybercriminals and hacktivists currently involved in the conflict in Ukraine. During this webinar, the Global Research and Analysis Team (GReAT) will share their findings on the most recent cyberattacks targeting Ukraine and present their observations, analysis and top findings.

In this webinar, attendees will learn:
- The types of attacks that have been targeting Ukraine for the past few months
- The results of analysis on destructive attacks and malware (HermeticWiper, etc...)
- How organizations can defend themselves against cyberattacks
GReAT, Kaspersky’s Global Research and Analysis Team, consists of 40 researchers based around the world that work on uncovering APTs, cyberespionage campaigns, major malware, ransomware and underground cybercriminal trends across the world. The webinar will be led by:
- Costin Raiu, Director of GReAT
- Marco Preuss, Head of GReAT Europe
- Kurt Baumgartner, Principal Researcher, GReAT, North America
- Dan Demeter, Senior Security Researcher, GReAT Europe
- Ivan Kwiatkowski, senior security researcher, GReAT Europe

The webinar will be followed by a Q&A session for attendees to ask questions to the speakers.

The political turmoil of 2022 brought about a shift that will resonate in cybersecurity for years to come and have a direct impact on the development of future sophisticated attacks. The 2023 forecast is based on the expertise of the Kaspersky Global Research and Analysis Team (GReAT), and the operations it has witnessed while tracking more than 900 APT groups and campaigns this year.

During the session, David Emm and Pierre Delcher will guide you through the trends were tracked throughout 2022 and the implications that last year’s events may have in 2023.

Speakers:
David Emm, principal security researcher
Pierre Delcher, senior security researcher
Global Research and Analysis Team, Kaspersky