Detecting Dedicated Infrastructure
Detecting the bulletproof hostings that make up the dedicated infrastructure used by Phishing and Malware actors involves a variety of creative techniques. A lot of things have changed since the time of RBN (Russian business network): abused and compromised hosters, their services and DDoS protection help bad guys just as well as cybercrime fighters making exposure and indictment a hard job. In this session, we will detail our approach to uncovering such systems at scale based off global DNS data while explaining the underlying architecture of phishing campaigns which already made more than $50 million. We will show what it takes to go from detection of the phishing domain to cooperation with Law Enforcement and taking down infrastructure and actors behind cybercrime campaigns.
Artsiom Holub is a Senior Security Analyst on the Cisco Umbrella Research team. Throughout the course of the day, he works on Security Threat Reports for existing and potential clients, works closely with the Customer Support Team, finds new threats and attacks by analyzing global DNS data coming from Cisco Umbrella resolvers, and designs tactics to track down and identify malicious actors and domains. Having undergraduate studies from National Technical University of Belarus, and currently earning an Associate in Science degree from City College of San Francisco in Computer Networking and Information Security with completed Security certificates along the way. Currently focused on tracking phishing, ransomware campaigns and other cybercrime related to cryptocurrency ecosystem.
Jeremiah O'Connor is a Senior Research Engineer on the Cisco Cloud Security team. Computer scientist interested in distributed systems, natural language processing, built information retrieval system which is able to analyze 120 billion DNS requests a day, and able to detect fraud and phishing attacks at scale. Current interests lie in Bitcoin security, blockchain technology and applied machine learning.