Speakers

Recently, the security industry has adopted various machine learning solutions to proactively prevent malware from infecting a system. This has the potential to be a game changer in the fight against malware. However, at this early stage of machine learning in the AV industry, recent malware innovations are already showing how this next-gen AV solution can be bypassed. This paper aims to show what techniques are readily available for malware writers to use to have a chance at infecting a system even with machine learning based security in place. First, we will provide an overview of the two most common machine learning approaches that are being used by the AV industry today along with the pros and cons of using each one (static vs. dynamic). We will then present how these machine learning approaches are affected by already established malware techniques that have proven to be effective against previous AV solutions. Next, we will be discussing the latest malware innovations being used by malware authors to bypass these machine learning solutions. And lastly, we will be showing the possible trade-offs of actually using these malware innovations against the overall security solutions offered by the AV industry today.

When people think of the term “vulnerability research”, the focus tends to be on the high profile task of discovering new vulnerabilities, also known as 0-days. However, due to the low frequency with which attackers actually exploit 0-day vulnerabilities, properly defending a network requires a deep understanding of known vulnerabilities and how they function. This presentation will introduce the world of researching known vulnerabilities as experienced by the Trend Micro team formerly known as TELUS Security Labs, and provide insight into the end-to-end process used by the Vulnerability Research team. The presentation will include information such as why N-day vulnerability research is so important, how the team monitors for new vulnerabilities and performs triaging, the factors that play into how research candidates are chosen, and details on the research process and techniques through an illustrative example. In addition, the presentation will highlight some of the challenges that the researchers face in the course of their day to day work.

Hundreds of vulnerability reports are submitted to the Zero Day Initiative each year, but rarely does one generate a new path to over one hundred bugs. However, that exact scenario is how a recent bug report enabled me to find and ultimately disclose over 100 0-day vulnerabilities in Wecon LeviStudioU SCADA Human Machine Interface (HMI). This type of asymmetric research is also known as variant hunting and, when used properly, can greatly enhance your research. This talk covers basic approaches for variant hunting in software. Using case studies, I cover various techniques including source code analysis, binary reversing and fuzzing. Finding a security vulnerability in a product can be a great thing. Using that one bug to open a pathway to 100 bugs is even better.

As an information security company, we often focus on collecting and understanding malicious software samples. However it takes more than a file sample to understand the attacker nature and motivation. This presentation uses several investigation case studies to demonstrate how external data sources and Trend Micro’s internal data sets could be used to hunt threats, collect and investigate artifacts related to certain incident, victim or a threat actor. The author will discuss how understanding of criminal underground dynamics is helpful in the investigative process and demonstrate how the structural analytical approach is used to collect, analyze and cross-reference artifacts trying to understand a bigger picture. Lastly, some automation tools will be demonstrated and released.

Throughout the years, the Consumer malware landscape keeps changing and new detection techniques are being developed to cope with this ever-changing “Cyber Threat” landscape. From a simple trojan to a sneaky rootkit, we now deal with ransomware, scams and vulnerable home devices. With the increasing number of IoT devices, increase in adaption rate on new technologies and a total upgrade of our internet speed through 5G, the types of cyber threat are also changing quickly and at the same time, they are rapidly adapting to Consumer’s home environment. One effective technique that is being used in Enterprise to monitor and detect possible threats that attack your network is called – Security Operation Center or SOC. This allow security experts to monitor, detect and respond to possible attacks and mitigate or contain the damage. So, the big question now is can we use Security Operation Center on a Consumer Home Network environment? Can it protect Alexa, your smart TV or your IP camera from getting compromised? Can it address the ever-changing cyber threats that we encounter everyday while we are at home chilling and watching Netflix? You will soon find out!