Lastline Researchers Selected to Speak at Premier Security Event, the Security Analyst Summit in Singapore
Presentation will explore how amateurish techniques by threat actor belied otherwise sophisticated techniques used by Agent Drable
REDWOOD CITY, CA, April 2, 2019 – Lastline®, the leader in AI-powered network security, today announced that two of the company’s threat researchers have been selected to present at the Security Analysis Summit in Singapore. Being selected reflects Lastline’s unique perspective into advanced threats and the company’s ability to analyze and share behavioral insights into sophisticated threat actors. The company is continually on the lookout for, frequently detects, and shares details of advanced threats to improve customer defenses and continually strengthen the company’s network security product capabilities.
Conference: Security Analysis Summit
Presentation: Agent Drable and Stolen Certificates: Sloppy Means to a Precarious End
Date: April 10, 2019
The Middle East features a dynamic threat landscape, and Agent Drable might just be the latest implant operating in the region. In this talk, Lastline security analysts Quentin Fois and Stefano Ortolani present the missteps that are atypical of an attacker with the abilities demonstrated by this attack. They will share how an otherwise highly-sophisticated attack was counter-balanced by a poorly configured command and control infrastructure that leaked precious details of the underlying tactics and procedures.
As part of their ongoing threat research, Mr. Fois and Dr. Ortolani uncovered Cold River, a sophisticated threat actor making malicious use of DNS tunneling for command and control activities. They were able to decode the raw traffic, find sophisticated lure documents, connect the attack to previously unknown samples, and associate a number of legitimate organizations whose infrastructure is referenced and used in the campaign.
“Agent Drable” is a specific string Lastline analysts uncovered in the binary. It references a 2007 conflict of the Lebanese army at the “Nahr Elbard” Palestinian Refugee camp. “Drable” is “Elbard” spelled backward, suggesting that the developer uses a right-to-left language. The English translation of Nahr Elbard is “Cold River.”
Cold River highlights the importance of detection diversity and contextualized threat intelligence. Without correlating behavioral intelligence and network traffic analysis, the full scope of Cold River’s capabilities would have gone unseen, exposing victims to additional risk.
The Security Analyst Summit is an annual event that attracts high-caliber anti-malware researchers, global law enforcement agencies and CERTs and senior executives global organizations. The conference provides an exclusive atmosphere that encourages debate, information sharing and display of cutting-edge research, new technologies, and ways to improve collaboration in the fight against cybercrime.
Lastline, Inc. provides innovative AI-powered network security products that detect and defeat advanced threats entering and operating within a network. We protect network, email, cloud, and web infrastructures, minimizing the risk of damaging and costly data breaches with fewer resources and at lower cost. Headquartered in Redwood City, California with offices throughout North America, Europe, and Asia, Lastline’s technology is used by Global 5000 enterprises, is offered directly and through resellers and security service providers, and is integrated into leading third-party security technologies worldwide. www.lastline.com