This talk will be based on real world cases in Asia and Korea. We will talk about real approaches for incident response in CERTs and also present the common points and connections between different malware incidents in Asia.
Through various incident response and malware analysis, we have found attackers were using similar malware and attack methods for several incidents. The analysis for common points and relations of attacks can help us to better understand the purpose and tactics of attackers for more effective response. Attack Profiling is a valuable method for figuring out the motives of an attacker, sharing threat intelligence for incidents and preparing response methods for expected future incidents.
We have performed analysis against incidents targeting government agencies, media outlets, broadcasting services, critical infrastructure and the financial sector and in this presentation, we will introduce the approach and methods used for attack profiling.
Outline:
1. Recent Cases
2. Attack Profiling Methods and Factors for Analysis
– Approaches for Profiling
– Tactics, Code and IOC
3. Attack Profiling in Real World Incident Cases
– Case 1 : (Malware targeted to Financial Industry in Asia)
– Case 2 : (APT Incident Case 1)
– Case 3 : (APT Incident Case 2)
4. Conclusion
We hope through this session, attendees will better understand how to analyze an attack and how to figure out it’s possible relations to other incidents.
Moonbeom Park
Yongjun Park