IoT, Machine Learning, Artificial Intelligence, Critical Infrastructure
Brian Cayanan has been in the anti-malware industry for more than 10 years and has gained genuine knowledge and expertise in the field of computer and network security. He has started his career as one of Trend Micro's Malware Analyst developing skills in malware reverse engineering and malware forensics. Over the years, he has taken up a number of different roles within the company such as Threat Researcher, Big Data Analyst, and Operations Team Lead. He is currently head TrendLabs’ Machine Learning Group responsible for research and development of machine learning and AI use cases in the computer security industry.
A Look At Trends, A Glimpse Of InsightEach day, Trend Micro detects a very large number of samples all over the world. Along with this, we are able to see the trends in our detections for various malware as they try to infect customer’s machines in different countries. A large variety of malware in the current threat landscape also means a large number of trends. If we understand these trends, we might gain insights about which malware samples are related, and possibly, those who are used in the same campaigns or distributed by the same threat actors. In this study, we apply unsupervised machine learning to cluster the trends of detection counts through these last months. We investigate the distribution of detection counts of samples belonging to the same malware families and countries, and see if we can get insights or spark interest for further investigation once novel clusters are found.
Jon Oliver is a data scientist who's been doing Artificial Intelligence and Machine Learning for 30 years. In focusing on machine learning, Jon has worked on a diverse set of fields. One of his achievements is working on the rock analysis for the Mars Lander. He's been in Trend Micro for 11 years and has recently been focusing on applying Machine Learning for security.
The Role of AI and Machine Learning in Cyber SecurityThere have been an ongoing evolution of the malware and security landscapes. In the last few years, we have seen the wide spread adoption of machine learning (ML) into endpoint security solutions. In response to this, we have seen changes in the methods adopted by malware authors to evade security solutions. Prior to wide spread use of ML, it was standard for malware to be packed or involve extensive randomization, poly-morphism, meta-morphism, etc etc. Nowadays, some of the dominant malware groups (such as coinminers) attempt to blend in. This type of malware uses traditional software development techniques and is far more similar to legitimate software. In this talk, I look at this ongoing evolution of security and malware. Understanding the interaction between malware and security solutions can help maximise the benefits of ML based security.
Philippe Lin is a threat researcher at Trend Micro. He works in data analysis, machine learning, fast prototyping and software defined radio. He was a BIOS engineer in Open Computing Project. Active in open source communities, he is also a hobbyist of Raspberry Pi and Arduino projects.
Seeing is Believing? How to Secure Your Wireless HorizonPeople talk about Internet of Things and you think every wireless gadget speaks TCP/IP. Before the age of 5G, LoRa or Sigfox kicks in, however, we are still living with a wide variety of customized proprietary radio protocols. This talk will bring you back to the wireless big west, from watchmen’s walky-talky, radio watches, pagers in medical centers and critical facilities, to common appliances at home, such as thermostat, remote controllers and keyfob keys. The talk covers demodulation of selective digital signals and how Trend Micro’s research secures your wireless horizon. You may be familiar with radio broadcasting, and you will be familiar with the ubiquitous digital radio. Disclaimer to attendees in the session: Hacking your neighbor’s wireless gadgets is illegal.
Akira Urano is a Senior Researcher based in Tokyo, has 4 years working experience in the field of computer security, 17 years of military background. Akira focuses on research such as cybercrime, future threat, underground community, currently working on a specific industry and radio devices.
Discovering Exposed IoT Systems Using Commercial Feeds and Image Analysis Techniques
IoT systems, like common IT systems, need remote access for operations, maintenance and IT support, commonly using RDP and VNC. However, many IoT systems are exposed to Internet due to insecure RDP or VNC access. Such exposure could leak a lot of sensitive information, or, give full control privilege of IoT systems to hackers.
Every day, there are over 10,000 exposed RDP/VNC hosts found Shodan, which is a search engine for Internet of Things. Whereas, 96% of exposed RDP/VNC hosts just normal desktop machines with remote login window, 4% are highly valuable exposed IoT systems. Finding a proper method to filter out valuable but small amount of IoT systems from the noise is quite a challenge.
In this talk, we will introduce our techniques of discovering exposed IoT system by image content analysis. We use Shodan for images (screenshots) for data acquisition, and then apply image content analysis, using both open source libraries and commercial AI solutions, to enrich the data. Using these information and techniques, we are able to easily identify interesting (or scary) exposed systems, like control panels for public utility, farming, food production and building automation among others.
Tim Yeh has been working at Trend Micro Core Tech APT Team as a threat researcher for more than 8 years. He has wide cybersecurity experience and is focusing on APT and IoT research, including hardware and software reversing and hacking, malware campaign finding, and penetration testing.
IoT malware beasts and Where to Find ThemThe internet security of IoT infrastructures is getting more and more important. Unlike PE files, tools that help finding and analyzing IoT malwares are not quite much and fully developed. In this session, we will share our experience when sourcing and research IoT malware and a prototype IoT malware sandbox/classification system to speed up our research.