Speakers

Each day, Trend Micro detects a very large number of samples all over the world. Along with this, we are able to see the trends in our detections for various malware as they try to infect customer’s machines in different countries. A large variety of malware in the current threat landscape also means a large number of trends. If we understand these trends, we might gain insights about which malware samples are related, and possibly, those who are used in the same campaigns or distributed by the same threat actors. In this study, we apply unsupervised machine learning to cluster the trends of detection counts through these last months. We investigate the distribution of detection counts of samples belonging to the same malware families and countries, and see if we can get insights or spark interest for further investigation once novel clusters are found.

There have been an ongoing evolution of the malware and security landscapes. In the last few years, we have seen the wide spread adoption of machine learning (ML) into endpoint security solutions. In response to this, we have seen changes in the methods adopted by malware authors to evade security solutions. Prior to wide spread use of ML, it was standard for malware to be packed or involve extensive randomization, poly-morphism, meta-morphism, etc etc. Nowadays, some of the dominant malware groups (such as coinminers) attempt to blend in. This type of malware uses traditional software development techniques and is far more similar to legitimate software. In this talk, I look at this ongoing evolution of security and malware. Understanding the interaction between malware and security solutions can help maximise the benefits of ML based security.

People talk about Internet of Things and you think every wireless gadget speaks TCP/IP. Before the age of 5G, LoRa or Sigfox kicks in, however, we are still living with a wide variety of customized proprietary radio protocols. This talk will bring you back to the wireless big west, from watchmen’s walky-talky, radio watches, pagers in medical centers and critical facilities, to common appliances at home, such as thermostat, remote controllers and keyfob keys. The talk covers demodulation of selective digital signals and how Trend Micro’s research secures your wireless horizon. You may be familiar with radio broadcasting, and you will be familiar with the ubiquitous digital radio. Disclaimer to attendees in the session: Hacking your neighbor’s wireless gadgets is illegal.

IoT systems, like common IT systems, need remote access for operations, maintenance and IT support, commonly using RDP and VNC. However, many IoT systems are exposed to Internet due to insecure RDP or VNC access. Such exposure could leak a lot of sensitive information, or, give full control privilege of IoT systems to hackers.
Every day, there are over 10,000 exposed RDP/VNC hosts found Shodan, which is a search engine for Internet of Things. Whereas, 96% of exposed RDP/VNC hosts just normal desktop machines with remote login window, 4% are highly valuable exposed IoT systems. Finding a proper method to filter out valuable but small amount of IoT systems from the noise is quite a challenge.
In this talk, we will introduce our techniques of discovering exposed IoT system by image content analysis. We use Shodan for images (screenshots) for data acquisition, and then apply image content analysis, using both open source libraries and commercial AI solutions, to enrich the data. Using these information and techniques, we are able to easily identify interesting (or scary) exposed systems, like control panels for public utility, farming, food production and building automation among others.

The internet security of IoT infrastructures is getting more and more important. Unlike PE files, tools that help finding and analyzing IoT malwares are not quite much and fully developed. In this session, we will share our experience when sourcing and research IoT malware and a prototype IoT malware sandbox/classification system to speed up our research.