The return of Lotus Blossom: Hiding in plain sight скачать в хорошем качестве

The return of Lotus Blossom: Hiding in plain sight

Part 1: Detailed analysis of malware used in targeted attacks The Endpoint detection and response (EDR) system is a cybersecurity technology that monitors and mitigates malicious cyber threats on end users. But advanced persistent threats (APTs) are now taking advantage of the perception that EDR components are trusted software to inject their malware into the system. Viettel Threat Intelligence (VTI) will analyze the attack of apt Lotus Blossom group in detail to determine the entry point, the mechanism of privilege escalation and how attacker took over the security center server This malware is highly sophisticated in using advanced techniques: DLL Side loading, Process injection, rootkit, binary obfuscate, domain fronting... Part 2: Expanding the investigation with similar malware samples and identifying the group of attackers who intentionally carried it out With the special characteristics that VTI collected after the detailed analysis of the malware such as the way of using the obfuscate algorithm, obfuscating the execution flow, shellcode, domain fronting... VTI compared and evaluated those unique characteristics with the targeted attack campaigns that have occurred to make an assessment of the person behind this targeted attack campaign. In addition, VTI also expanded the search for similar malware and compiled a list of attacks that use common defense system components to conceal malicious behavior. Part 3: Methods of detecting and preventing similar malware After the analysis and investigation, VTI has identified some typical behavioral characteristics for malware attacks with the above mentioned behavior. The presentation will present ways to detect Dll side loading and process injection techniques with persistent malware registered on the system, in the directory of common software and with running processes to help scan for malware more accurately. In addition, VTI also presents some recommendations to prevent and detect early malware that intentionally targets different organizations.