Using Geopolitical Conflicts for Threat Hunting - How Global Awareness Can Enable New Surveillanceware Discoveries
2019-05-17, 14:15–15:15, Conf 2

Geopolitical decisions are based on digital espionage; awareness of foreign affairs and human elements behind surveillance campaigns greatly assists in understanding and finding new surveillance-ware.

When on the hunt for new malware, the digital connection to the physical world can often be overlooked. We’re constantly reminded in the news of political struggles and physical warfare, with adversaries targeting each other through sanctions or military action. However, a large portion of these real world decisions are driven by digital espionage, which is evolving at an exponential rate - even ‘traditional’ digital espionage like desktop malware and phishing campaigns are being supplemented by state sponsored mobile surveillance-ware. This talk will highlight 4 real world mobile espionage campaigns tied to political and physical conflicts, allowing attendees to get a broader understanding of the targeting and intelligence collection techniques of global actors, as well as tool development to evade (repeated) detection, and hopefully use these characteristics to enhance threat hunting efforts.

Kristin Del Rosso is a member of Lookout's Threat Intelligence Team in San Francisco, where she hunts for nation state malware and targeted surveillanceware. She recently spoke at BlackHat Europe on a state-sponsored malware campaign, and continues to work with her team to map out attacker infrastructure and better understand the actors and motives behind these mobile threats. Her happy place combines history, languages and security intelligence.