Bio: Bio: Mark Lechtik is a Senior Security Researcher at Kaspersky`s GReAT (Global Research & Analysis Team), based in Israel. After working as a researcher and manager in Check Point’s malware research team, he is focused mainly on analysing malware of all shapes and forms, digging up its underlying stories and profiling the actors behind it. Today he is tasked with breaking down implants and campaigns in the realm of APT and putting it all into intelligence reports for Kapserky’s customers. Mark has previously presented some of his work at known security conferences including REcon, CCC, CARO Workshop, AVAR and TheSASCon.
Mark Lechtik 🗣 | Or Eshed 🗣
Abstract (click to view)
In a World where oil is scarce and people click mail attachments they really shouldn’t, One Man sets out on an epic journey for glory, conquest, and other people’s money. So begins the amazing tale of the “Oil bot” campaign: a tale of a single man who ran a sting operation on a good share of the industrial sector, armed with nothing but his supply of off-the-shelf RATs, his very subpar OPSEC standards, and his Nigerian hutzpah. The talk will follow the entire course of Check Point’s investigation into this affair – from the few emails that didn’t add up, through the campaign’s not-so-intricate C&C infrastructure, to the point where we were inside the campaign, looking at all the incredulous details. How do you scam people into scamming other people? What leads a fraudster to leave a trail of incriminating footprints?
And what does a Nigerian scammer want with an energy company, anyway? One thing’s for sure: In this brave new world, the Nigerian prince is no longer happily calling to inform you that you should transfer your money to them; it is you who is angrily calling your bulk provider, asking where all your money went.