Afleveringen
-
In 2023, ESET detected over 675,000 attempts to access malicious domains abusing the popularity of ChatGPT; some offer bring-your-own-key web apps that can steal OpenAI API keys. Apart from AI, in H2 the Cl0p ransomware gang exploited MOVEit software, causing a staggering $14 billion in damages. The IoT landscape faced the new Pandora botnet, compromising Android devices via malicious firmware updates or pirated content apps. Of course, this podcast episode can only cover so much of the latest ESET Threat Report H2 2023. Visit WeLiveSecurity to read about other topics it covers.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: René Holt, Security Awareness Specialist
Read more @WeLiveSecurity.com and @ESETresearch on Twitter
ESET Threat Reports and ESET APT Activity Reports
-
In this episode, ESET researchers Radek Jizba and Jakub Souček talk about the dynamics within and between various Neanderthal groups, the techniques that this horde of scammers uses to find the best Mammoths, and especially about Neanderthals teaching each other how to wield the cybercriminal tool Telekopye effectively. While this might seem like an odd topic for a podcast about cybersecurity, quite the contrary. Telekopye is the name of a highly automated malicious toolkit implemented as a Telegram bot, that cybercriminals use to deceive unsuspecting users on online marketplaces. If you want to read more before listening, head to the research articles published on WeLiveSecurity.com.
Host
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Radek Jizba, ESET Malware Researcher
Jakub Souček, ESET Malware Researcher
Materials:
Telekopye: Hunting Mammoths using Telegram bot
Telekopye: Chamber of Neanderthals’ secrets
-
Zijn er afleveringen die ontbreken?
-
In H1 2023, intrusion vectors were closing left and right. This forced many cybercriminals to search for alternative ways to compromise devices of their victims. While some of the attackers tried revisiting old routes such as brute-forcing MS SQL servers or distributing (AI-generated?) sextortion and text-based email messages, others kickstarted several Android apps running usury schemes. But there’s also good news. Emotet botnet went quiet after a month of dwindling and ineffective campaigning, and Redline stealer – a notorious malware-as-a-service – has been disrupted by ESET researchers and their friends at Flare systems. Of course, this podcast episode can only cover so much of the ESET Threat report. If you wish to learn about other topics it covers, visit WeLiveSecurity.
Discussed: Sextortion and text-based threats 1:46, brute force attacks on MS SQL servers 7:10, usury Android apps 9:20, Emotet activity 13:25, RedLine Stealer disruption 16:45.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: Ondrej Kubovic, Security Awareness Specialist
Read more @WeLiveSecurity.com and @ESETresearch on Twitter
ESET Threat Reports and ESET APT Activity Reports
-
What do Disco, NightClub, backdoors, espionage, and internet service providers in Belarus all have in common? They all are tied to the same MoustachedBouncer. It sounds like a bad joke, but it sums up some of the key findings of ESET’s latest research focusing on a recently discovered APT group. Listen to ESET Director of Threat Research Jean-Ian Boutin explain the intricacies of this threat actor to our host Aryeh Goretsky - and if that doesn’t satisfy your hunger for further details - then read the full thing on WeLiveSecurity.com.
Host:
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Jean-Ian Boutin, ESET Director of Threat Research
Materials:
MoustachedBouncer: Espionage against foreign diplomats in Belarus
-
Towards the end of 2022, an unknown threat actor boasted online that they created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could mysteriously bypass UEFI Secure Boot, a feature built into all modern computers to prevent them from running unauthorized software. What at first sounded like a myth turned into reality a few months later when ESET researchers discovered a sample that perfectly matched all the mentioned attributes of a UEFI bootkit known as BlackLotus. Listen to the fascinating story of ESET Malware Researcher Martin Smolár describing his threat hunt to our host ESET Distinguished Researcher Aryeh Goretsky. For more info about this research, read the blogpost on WeLiveSecurity.com.
Host:
Aryeh Goretsky, ESET Distinguished Researcher
Guest:
Martin Smolár, ESET Malware Researcher
Materials:
BlackLotus UEFI bootkit: Myth confirmed
-
What do you need to break into a corporate network? ESET’s latest research suggests that interest in secondhand computer hardware, a bit of time, and $100 is more than enough. In this episode, ESET Specialized Security Researcher Cameron Camp explains to host Aryeh Goretsky what secrets he found on secondhand routers bought online, what types of companies he would be able to penetrate with that information, and how to securely wipe devices before selling them. Cameron presented the topic at this year’s RSA Conference in San Francisco and published on WeLiveSecurity.com.
Host:
Aryeh Goretsky, ESET Distinguished Researcher
Guests:
Cameron Camp, ESET Specialized Security Researcher
Materials:
Blogpost Discarded, not destroyed: Old routers reveal corporate secrets
White paper How I (could’ve) stolen your corporate secrets for $100
-
Since the Russian invasion on February 24th, 2022, Ukrainians have had to defend their data against an unprecedented number of data-wiping malware variants. While Russian threat actors seem like the obvious culprits, attributing these attacks to specific groups based on evidence is a different beast. In this podcast episode, ESET researchers Anton Cherepanov and Robert Lipovský explain to the host Aryeh Goretsky what pointed them to the crucial samples, how they pinned some of the attacks on the Russian cybergroup probably most notorious for NotPetya and Industroyer. The guests of this episode also offer their recollection of the events of February 23rd, 2022; compare HermeticWiper to its successors; and reveal the range of operating systems that were targeted as well as the level of success achieved by the attacks.
Host:
Aryeh Goretsky, ESET Distinguished Researcher
Guests:
Anton Cherepanov, ESET Senior Researcher
Robert Lipovský, ESET Principal Researcher
Blogposts:
A year of wiper attacks in Ukraine
Episode from March 2022: Past and present cyberwar in Ukraine
-
In the last four months of 2022, Russia-aligned APT groups unleashed several data-destroying malware variants on Ukraine. Android detections grew rapidly, while most of the crimeware scene continued on a downward spiral. In this ESET Research Podcast episode, Aryeh Goretsky and Ondrej Kubovic explore trends in several threat areas, including ransomware, exploits used for initial access, and more. For additional security research topics, visit WeLiveSecurity.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: Ondrej Kubovic, Security Awareness Specialist
Read more @WeLiveSecurity.com and @ESETresearch on Twitter
Reports:
ESET Threat Report T3 2022
ESET APT Activity Report T3 2022
-
Let’s say your network access gets shut off from the rest of the world due to a catastrophic event. Whether it is a natural disaster, an armed conflict, a decision of an authoritarian regime or your connection is just squeezed to a trickle by overzealous network restriction and power grid issues; how secure will you be and for how long? In this episode of ESET Research Podcast, Aryeh Goretsky and Cameron Camp look at this scenario and its implications for the cybersecurity of one’s devices.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guests: Cameron Camp, ESET Specialized Security Engineer
Read more @WeLiveSecurity.com and @ESETresearch Twitter
Blogposts:
How long would your tech work in a digital vacuum?
-
Looking at the ESET telemetry data from May through August 2022, it seems like the cybercriminal scene has taken taking its foot off the pedal in almost every possible area. But what is the reason for the drop? We expand on the brutal decline in RDP brute-force attacks; changes observed around ransomware messaging and targeting, but we also mention one malware category, where the decline did not apply.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guests: Ondrej Kubovic, Security Awareness Specialist
Read more @WeLiveSecurity.com and @ESETresearch Twitter
Blogposts:
ESET Threat Report T2 2022
-
This is an ESET Research Podcast special, recorded at RSA Conference 2022, the world's largest conference devoted entirely to information security. It is also a double feature: first, ESET’s top machine-learning experts Juraj Jánošík and Filip Mazán discuss the use of artificial intelligence in the industry, and how it compares with the claims presented on the expo floor and in the talks they’ve seen; in the second section, ESET Specialized Researcher Cameron Camp offers his insights into the security of medical devices, another hot topic of this year’s RSAC.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guests: Juraj Jánošík, ESET Head of Automated Threat Detection; Filip Mazán, ESET Senior Machine Learning Engineer; Cameron Camp, ESET Specialized Security Engineer; Ondrej Kubovič, ESET Security Awareness Specialist
Read more @WeLiveSecurity.com and @ESETresearch Twitter
-
As Unified Extensible Firmware Interface (UEFI) replaced legacy BIOS as the leading technology embedded into chips of modern computers and devices, it became vital to the security of the pre-OS environment and to the loading of the operating system. It’s no surprise that such a widespread technology represents a tempting target for threat actors in their search for ultimate persistence.
Listen to the latest episode of ESET Research podcast to find out more about ESPecter, the latest real-world espionage malware targeting the UEFI space, namely the EFI System Partition.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guests: Jean-Ian Boutin, ESET Head of Threat Research, Martin Smolár, ESET Malware Researcher
Read more @WeLiveSecurity.com and @ESETresearch Twitter
Blogposts:
UEFI threats moving to the ESP: Introducing ESPecter bootkit
-
Long before the first Russian soldier set his foot on Ukrainian soil, the country has been a target of sophisticated digital operations, spying on its officials, and sabotaging its critical infrastructure and other sectors. It was even the initial ground for the most destructive cyberattack in history, known as NotPetya.
That trend continues also during the current crisis as ESET researchers uncovered an array of new, advanced cyberthreats infiltrating Ukrainian organizations with a single goal - to cause as much damage as possible. Apart from describing their capabilities, we provide context and explain when such attacks against Ukraine started, how they evolved over time, which of them could be considered successful, and what to expect in the future.
Host:
Aryeh Goretsky, ESET Distinguished Researcher
Guests:
Jean-Ian Boutin, ESET Head of Threat Research
Robert Lipovský, ESET Malware Researcher
Read more @WeLiveSecurity.com and @ESETresearch Twitter
Blogposts and other resources:
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
Ukraine Crisis – Digital Security Resource Center
-
The first ESET Research podcast episode dives deeper into the previously unexplored waters of malware targeting Internet Information Services (IIS), Microsoft's web server software for Windows with an extensible, modular architecture.
Threat actors misused IIS to intercept or modify network traffic already back in 2013 and in 2021 IIS backdoors are being deployed by both cybercriminals and APT groups. ESET research breaks down the anatomy of native IIS malware, extracts its common features and documents real-world cases, supported by its full-internet scan for compromised servers.
ESET researchers discovered as many as 14 malware families being deployed in the wild ranging from traffic redirectors to backdoors. We cover curious schemes to boost third-party SEO by misusing compromised servers, and IIS proxies turning the servers into a part of C&C infrastructure but also mitigation techniques and a whole lot more.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: Zuzana Hromcová, ESET Malware Researcher
Read the whole story @WeLiveSecurity.com.
White paper:
Anatomy of native IIS malware
Blogposts:
IIStealer: A server‑side threat to e‑commerce transactions
IISpy: A complex server‑side backdoor with anti‑forensic features
IISerpent: Malware‑driven SEO fraud as a service