NorthSec 2021

Warren Mercer

Warren Mercer joined Talos coming from a network security background, having previously worked for other vendors and the financial sector. Focusing on security research and threat intelligence, Warren finds himself in the deep, dark and dirty areas of the Internet and enjoys the thrill of the chase when it comes to tracking down new malware and the bad guys! Warren has spent time in various roles throughout his career, ranging from NOC engineer to leading teams of other passionate security engineers. Warren enjoys keeping up to speed with all the latest security trends, gadgets and gizmos; anything that makes his life easier in work helps!

The speaker's profile picture

Twitter account (full URL)

https://www.twitter.com/SecurityBeard

Website (full URL)

https://blog.talosintelligence.com

What is your company/affiliation(s)?

Cisco Talos

What is your title?

Security Researcher


Sessions

05-21
10:50
30min
Blurred lines - The mixing of APTs with Crimeware groups
Warren Mercer, Vitor Ventura

State-sponsored actors and APT groups are not necessarily the same. A state-sponsored actor can be defined as an APT that is supported in some way by a state. This does not automatically make all APTs state-sponsored. APT actors that provide hacking-as-a-service are not necessarily a state-sponsored actor because they can’t be tied to a specific state — they will work for whoever pays the most. But this doesn’t mean that they shouldn’t be considered an APT. These lines get even blurrier when an actor has the characteristics and behaviour we observe in Gamaredon and Prometium groups. These groups whose main interest has been espionage, without any indications of being interested in using crimeware techniques to monetize their activity. Which should put them outside the crimeware gang definitions, however their behavior certainly resembles a crimeware gang rather than an APT.

Malware
Main stream
05-21
11:25
40min
Malware & geopolitics
Warren Mercer, Marc-Etienne M.Léveillé, Vitor Ventura, David Décary-Hétu, Ofir Shaty, Sam Quinn, Sarit Yerushalmi

Q&A and discussion for the malware block, hosted and moderated by Marc-Etienne M. Léveillé. Questions will be gathered from the audience during the four prior talks.

Malware
Main stream