Black Hat Asia 2018: Cryptomining on the Rise
Black Hat’s 2018 world conference tour kicked off in Singapore with Black Hat Asia: two days of Trainings, followed by two days of Briefings and the Business Hall. Cisco Security is now a full Technology Partner of Black Hat, with Cisco Threat Grid for malware analysis, Cisco Umbrella for DNS and Cisco Visibility for threat intelligence; supporting the Network Operations Center’s (NOC) Security Operations.
The focus of the NOC is to provide secure and open Internet access to the conference presenters, attendees and sponsors. Many of the Trainings, Briefings and demonstrations require access to malicious files and domains; so the NOC do not block such traffic. Rather, we focus on the security of the conference assets and ensuring there are no internal or external attacks that would disrupt the educational and collaborative conference.
Cisco Threat Grid is integrated with RSA NetWitness Packets, for network forensics and investigation. The RSA team does full packet capture and its Malware Analysis component sends potentially malicious .exe, .dll, .pdf and .rtf files to Threat Grid for dynamic malware analysis. An important new integration, right before the conference, was Cisco Umbrella’s domain reputation intelligence piped directly into Threat Grid. Now, if a sample contacts a domain that is known to belong to a malicious or potentially harmful Cisco Umbrella category, this triggers a Behavioral Indicator in Threat Grid; which in turn contributes to that sample’s Threat Score and appears in the analysis report.
This is another way that you can effectively utilize broader Cisco threat intelligence to help identify malicious behaviors and to improve overall threat detection. Here is the list of the Network DNS Category indicators and their detections:
– network-dns-category-adware – Cisco Umbrella Categorized Domain As Adware
– network-dns-category-cnc – Cisco Umbrella Flagged Domain As A Command & Control Server
– network-dns-category-driveby-exploit – Cisco Umbrella Flagged Domain As Hosting An Exploit
– network-dns-category-dynamic – Cisco Umbrella Categorized Domain As A Dynamic DNS
– network-dns-category-harmful – Cisco Umbrella Categorized Domain As Potentially Harmful
– network-dns-category-new – Cisco Umbrella Categorized Domain As A Newly Seen Domain
– network-dns-category-p2psharing – Cisco Umbrella Categorized Domain As P2P/File Sharing
– network-dns-category-phishing – Cisco Umbrella Flagged Domain As Phishing
– network-dns-category-proxy – Cisco Umbrella Flagged Domain As A Proxy Or Anonymizer
– network-dns-category-urlshortener – Cisco Umbrella Categorized Domain As A URL Shortener
– network-dns-category-webspam – Cisco Umbrella Categorized Domain As Web Spam
– network-dns-cnc-category – Cisco Umbrella Flagged Domain As A Command & Control Serve