Research Whitepapers 

AVAR 2017 China

 

1. The evolution of IoT threats, and drawing parallels with the conventional malware landscape

When it comes to CyberSecurity, one of the most agreed upon opinions is “change is the only constant”. The start of a CyberSecurity issue originates from researchers discovering methods to compromise technology and is usually done to increase awareness. However, with time, this theory is also implemented by attackers (with a motivation to cause destruction). To counter this, White Hat hackers and AV come up with certain measures. From here the race is between attackers and defenders, where the more evolved side “wins”. While such a scenario happened with Windows malware decades ago, we begin to see a similar young IoT CyberSecurity space rapidly evolving.

http://avar.skdlabs.com/index.php/speakers/

Virus Bulletin Whitepapers

2. The journey and evolution of God Mode in 2016 : CVE-2016 -0189

We publish a paper by FireEye researchers Ankit Anubhav and Manish Sardiwal, who thoroughly analyse this 'God Mode' vulnerability and explain what made it so popular in the cybercriminal ecosystem. Though this particular vulnerability may be on its last legs, it provides some important lessons, not just technically but also when it comes to understanding cybercrime.

 

https://www.virusbulletin.com/virusbulletin/2017/01/journey-and-evolution-god-mode-2016-cve-2016-0189/

3. The Journey of Evasion Enters Behavioural Phase

 

In a new paper (also available as PDF) published by Virus Bulletin, FireEye researcher Ankit Anubhav looks at a number of such techniques that were found in recent malware samples, from hiding malicious code called by Office macros in form fields to renaming the Windows StartUp folder to maintain persistence in a less obvious way.

 

https://www.virusbulletin.com/virusbulletin/2016/07/journey-evasion-enters-behavioural-phase/

4. Life after the apocalypse for the Middle Eastern NJRat campaign

Nearly a year after the Microsoft takedown of Vitalwerks’ dynamic DNS service No-IP, the NJRat malware campaign has re-spawned and has started making its way back to No-IP’s DDNS domains. This time, however, the malware authors are more cautious and they are finding several new ways to escape anti-virus detection. Abhishek Bhuyan and Ankit Anubhav take a close look at the Middle Eastern NJRat campaign.

 

https://www.virusbulletin.com/virusbulletin/2015/08/life-after-apocalypse-middle-eastern-njrat-campaign