Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
1MCAFEE CONFIDENTIAL
McAfee Confidential
The League of Nations
2MCAFEE CONFIDENTIAL
3MCAFEE CONFIDENTIAL
Innovation
The malicious document launches a PowerShell script.
Script downloads and reads an image file from a remote location
The attackers used the open-source tool Invoke-PSImage, released December 20, to embed the PowerShell script into the image file.
4MCAFEE CONFIDENTIAL
Hidden in Plain Sight
5MCAFEE CONFIDENTIAL
A small history lesson
6MCAFEE CONFIDENTIAL
2013: Re-org
Unit 91
Espionage & Destruction
Unit 110
Tools development and Recon
Unit 128
HUMINT
Unit 180
Financial targeted Operations
Unit 413
Tech. Recon & Social Eng.
7MCAFEE CONFIDENTIAL
8MCAFEE CONFIDENTIAL
9MCAFEE CONFIDENTIAL
Innovation unchained
Capitalizing the NYC Terror attack. Documents sent to military related
personnel
Once opened the document contacts control server to drop first stage of
malware
The document uses the DDE technique to invoke Powershell to download
Seduploader
10MCAFEE CONFIDENTIAL
A global industry
11MCAFEE CONFIDENTIAL
Outsourcing Operations
We've seen an increase in nation-states contracting private companies to accomplish hacking
operations and intelligence gathering. These groups operate with incredible sophistication, while
enjoying a cloak of semi-protected "status" for their malicious activities.
Source: Cybereason
12MCAFEE CONFIDENTIAL
Our work has just got harder
13MCAFEE CONFIDENTIAL
14MCAFEE CONFIDENTIAL
Fightback – still continues…..
10/4/2017
15MCAFEE CONFIDENTIAL
16MCAFEE CONFIDENTIAL
Crime Pays?
10/4/2017
17MCAFEE CONFIDENTIAL
Stay in touch
@Raj_Samani
18MCAFEE CONFIDENTIAL
McAfee, the McAfee logo and [insert <other relevant McAfee Names>] are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the U.S. and/or other countries.
Other names and brands may be claimed as the property of others.
Copyright © 2017 McAfee LLC.