Using Geopolitical Conflicts for Threat Hunting - How Global Awareness Can Enable New Surveillanceware Discoveries
2019-05-17, 14:15–15:15, Conf 2

Geopolitical decisions are based on digital espionage; awareness of foreign affairs and human elements behind surveillance campaigns greatly assists in understanding and finding new surveillance-ware.


When on the hunt for new malware, the digital connection to the physical world can often be overlooked. We’re constantly reminded in the news of political struggles and physical warfare, with adversaries targeting each other through sanctions or military action. However, a large portion of these real world decisions are driven by digital espionage, which is evolving at an exponential rate - even ‘traditional’ digital espionage like desktop malware and phishing campaigns are being supplemented by state sponsored mobile surveillance-ware. This talk will highlight 4 real world mobile espionage campaigns tied to political and physical conflicts, allowing attendees to get a broader understanding of the targeting and intelligence collection techniques of global actors, as well as tool development to evade (repeated) detection, and hopefully use these characteristics to enhance threat hunting efforts.