Positive Technologies is participating at AVAR 2023, the 26th edition of the AVAR International Cybersecurity Conference hosted by Dubai from November 28 to December 1. Members of the PT Expert Security Center (PT ESC) team will share their experience in developing open-source projects, using the DRAKVUF agentless sandbox as an example, and details of a new wave of attacks by the Space Pirates group.
Behavioural analysis in Linux operating systems is a challenge due to a broad variety of distributions, a lack of user-friendly tools, and incomplete data that these tools provide. All of this helps threat actors remain invisible to protection systems, including sandboxes. Aleksey Kolesnikov, Malware Detection Specialist at PT ESC, describes the benefits of the DRAKVUF open-source project from a fundamental malware analysis perspective and the issues that the experts had to overcome while developing a hypervisor solution.
“Originally a small-scale research project, DRAKVUF grew through community contributions to become a full-fledged business project. We contributed substantially to its development as well, with dozens of plugins for both Windows and Linux created and reworked over time with the help of Positive Technologies experts. The technology has now proved itself as part of our own product, it is running smoothly and fundamentally, essentially better than other similar systems,” says Kolesnikov.
Denis Kuvshinov and Stanislav Rakovsky, cyberthreat researchers at PT ESC, address a new wave of attacks by the Space Pirates hacker group.
“The group still has its sights on espionage and confidential data theft, but their interests have grown broader. According to our data, in 2022–2023, Space Pirates successfully attacked a minimum of 16 organisations in Russia, targeting public, defense, aerospace, and other sectors,”Kuvshinov says. “Little changed about the group’s tactics over the period, but it did improve its legacy tools while creating new ones that implemented unconventional techniques, one example being Voidoor. The group probably also exploited vulnerabilities we had not observed earlier.”
In 2023, Positive Technologies became the first Russian organisation to be accepted into the Association of Anti-Virus Asia Researchers (AVAR), one of the world’s most reputable malware research associations. AVAR was established in 1998 as an independent non-profit organisation with the mission of preventing the spread of malware and the damage caused by it, promoting cooperation among Asian cybersecurity professionals. Today, AVAR is comprised of experts from 17 Asia-Pacific countries.
In recent years, Asian countries which have emerged as global leaders in technology innovation have seen an increased need for developing and implementing sustainable cybersecurity strategies. This is why in 2023, Positive Technologies experts conducted a series of studies on cyberthreats relevant to Asia, with a focus on six countries (China, India, Thailand, Malaysia, Vietnam, and Indonesia) and two key regions: the Middle East and the GCC (Gulf Cooperation Council).
The objective of these studies is in-depth research into the cybersecurity landscape of Asia—the region that accounted for a third of the global number of cyberattacks in 2022—with the aim of improving data protection technology and sharing recommendations on boosting the cyber resilience of organisations.
Discussion about this post