Fresh from the sun-soaked vistas of Scottsdale, Arizona, LABScon23 has just concluded, and what a phenomenal event it was! Now in its second year, the research con once again united a galaxy of the brightest minds to present ground-breaking discoveries and the latest insights in cyber threat intelligence.
We’re gearing up to showcase many of the talks from the event in our LABScon Replay series, but in the meantime some of these illuminating sessions have already made their debut on SentinelLabs and elsewhere (read on for links).
Stay with us as we journey through the standout moments of LABScon23 in this post. Make sure to follow @labscon_io and track #LABScon23 on social media for news of when further talks are publicly released.
Lawyers Behaving Badly, and Nation States in the Spotlight
After the welcome reception and fireside chats, the con got seriously underway as legal guru Elizabeth Wharton presented “Send Lawyers, ‘Garchs, and Money”. Liz explored how oligarchs leverage the power of the law to exert influence and thwart cybercrime prosecutions, employing ‘dirty tricks’ such as leaking legal discovery, twisting data privacy laws and funding Slapp libel cases.
Liz was followed by Rolling Stone’s Adam Rawnsley presenting “Meet the Iranian Company Powering Russia’s Drone War on Ukraine” and journalist Kim Zetter talking “AI, Cyber Defense and Incentivizing Innovation” with DARPA’s Perri Adams. DARPA was also the recipient of the LABScon23 “Most Valued Player” award in recognition of its work “incentivizing the bleeding edge of cybersecurity”.
— LABScon (@labscon_io) September 21, 2023
SentinelLabs’ Tom Hegel was up next, presenting on how China’s offensive cyber operations are used to support its soft power agenda in Africa. Widely-covered in the cyber media, the full paper is available here.
The campaign @TomHegel revealed at #LABScon23 is part of a broader effort by China-backed threat groups to expand their influence into Africa and other less monitored regions. pic.twitter.com/IOfdbtydyy
— SentinelOne (@SentinelOne) September 21, 2023
Kristin Del Rosso and Matt Devost took to the LABScon stage next with a fascinating insight into using data leaks to learn more about adversaries in “Ghost in the Breach: Using breach intelligence to hunt hidden Russian assets”.
Danny Adamitis and Sarah Jones discussed their work tracking an elusive threat actor in “Scouring for Sea Turtles” before ESET’s Zuzana Hromcová dove into previously undocumented campaigns attributed to Iranian-aligned cyber espionage group OilRig. Zuzana’s research has been published by ESET here.
New APTs and New Vulnerabilities
SentinelLabs researchers Aleksandar Milenkoski and Juan Andres Guerrero-Saade presented new research on LUA based malware. The talk explored how a previously unknown threat actor dubbed “Sandman” has targeted telcos across the globe with malware leveraging LuaJIT. The first of two papers on the topic is published in full here, with the second soon to follow.
The afternoon continued at pace with Automox’s Jason Kitka presenting “Just Bomb it Already – Why the Grass Isn’t Always Greener on the Offensive Side” and Binarly’s Alex Matrosov on “Spectre Strikes Again: Introducing the Firmware Edition”.
Hakan Tanriverdi’s “From Vulkan to Ryazan – Investigative Reporting from the Frontlines of Infosec”, Robert Ghilduta‘s “Unmasking the Airwaves and Wireless Vulnerabilities” and Martin Wendiggensen’s “Black Magic – Influence Operations in the Open and At-Scale in Hungary” completed the day’s breathtaking list of value-packed research.
The New York Times’ Christiann Triebert closed out Day 1 with a keynote speech, which just happened to win the Best Speaker award. Way to go Christiann!
Artificial Intelligence, LLMs and Finding Novel Malware
Day 2 was split into two tracks of talks. One of the highlights included the topic at the center of almost every conversation these days, AI. Eoin Wickens provided a fascinating talk on AI tech in “Rage Against the machine (learning): A cross section of attacks on AI systems”.
Also speaking on the topic of AI and LLMs, Gabriel Bernadett-Shapiro explored the different perceptions of LLM in public discourse and how to bridge the divide in “Demystifying LLMs: Power Plays in Security Automation”.
Emily Austin from Censys dug into high profile attacks against file transfer software like MOVEit, GoAnywhere and Faspex. Emily explained why attacks using this vector are likely to become more common in the near future.
Nicole Fishbein and Ryan Robinson presented on “Cryptovirology: Second Guessing the Cryptographic Underpinning of Modern Ransomware”, exposing the cryptographic flaws inherent in many modern strains of ransomware.
— J. A. Guerrero-Saade (@juanandres_gs) September 22, 2023
Proofpoint’s Greg Lesnewich stepped up onto the LABScon stage for the second year running with “Surveying Similarities in macOS Components used in North Korean CryptoHeists”, a look at how analysts can better pivot off known Mach-O samples to find novel malware. Friday also saw MJ Emanuel return to LABScon from last year’s outing with an in-depth discussion on “Where have all the APTs gone” – a discussion of tradecraft accelerationism or counter-counter intel.
Off the Record | EvilBamboo and the Youth Gangs Attacking Enterprises
In a separate track, Volexity’s Paul Rascagneres discussed threat actor EvilBamboo, aka EvilEye, and how the group is actively targeting Tibetan, Uighur and Taiwanese communities with malicious mobile appplications and fake websites. Paul’s collaborative research has been published in a blog post here.
Meanwhile, LABScon also saw the first research to accurately portray the threat group incorrectly labelled as “Scattered Spider”. LABScon researchers explained how the youth gangs behind the recent high profile breach of MGM Casinos are part of an online community of teens and young adult hackers known as “the Com”. The research findings have been discussed in more detail in the media here and here.
Want More? Yes, There’s More!
Prior to LABScon23 kicking off, we highlighted some of these talks as well as others here and here. The full list of talks is available here. We’re working hard to get as many of the talks ready to share via LABScon Replay, so don’t forget to follow us and be among the first to know when these presentations become publicly available.
Following on from last year was always going to be a tough act to follow, but there’s no doubt that LABScon23 was a great success, and it couldn’t have happened without both the participation of all our talented researchers and speakers, and the invaluable support of our sponsors, which came from a wide spectrum across the infosec industry. A huge heartfelt thanks to all, and we’ll see you next year for LABScon24!
— KatieMoussouris (she/her) (@k8em0) July 27, 2023