Friday, July 29, 2016

Feedly:Understanding Java Code and Malware | Malwarebytes Unpacked. The IPExpo / Infosec Europe / Blogger Awards roundup



from Understanding Java Code and Malware | Malwarebytes Unpacked

For the last few months, Malwarebytes has been representing at some of the biggest security events in England, along with a couple of additional happenings thrown in for good measure.

In May, we paid a visit to Manchester for IP Expo. Held in a converted railway station, security talks galore sat alongside the usual assortment of booths and giveaways.

I took part in a Keynote debate which was pretty much an open-mic session with the audience – no set topic or gameplan, just “Ask us things and see what happens”. As it turns out, we had a great time with occasional sparks flying. Fellow panelists included Paul Ducklin from Sophos and Lee Barney from M&S.

A fun time was had by all, even if I did consider just moving out of the way so Paul and Lee could crank up the no holds barred approach. Topics included liability for data breaches, regulatory issues, home security and potential drawbacks to various Government practices involving data and biometrics. You can watch the full thing below:

A week later, the Malwarebytes convoy rolled into the Chelsea FC stadium and combined a tour of the ground (which I missed – whoops) with a number of talks about popular threats doing the rounds at the moment. For my part, I highlighted some of the dangers related to Malvertising and the increasing headache of CFO fraud. Also, the football ground is a nightmare to reach and I’m here if you need to talk to me about “Why is this train going the wrong way” woes.

 

A brief pause until June, and the juggernaut that is Infosec Europe. The aforementioned event is one of the biggest security trade shows of the year, taking place alongside the ever awesome BSides London. The Malwarebytes team spent 3 days on the booth, dispensing security related information, daily talks, and a whole pile of t-shirts. Last but not least, we also had an awesome robot to hand for all your photography related needs:

I gave a talk on all three days on some of the biggest threats currently causing headaches for businesses and people at home (and indeed, people who run a business FROM home. You don’t get off the hook from scammers that easily!)

One of the days was streamed on Periscope and recorded, and if you’re interested please feel free to take a look. All the usual caveats – incredibly noisy space, people talking, recorded on someone’s phone, I’m yelling over the sound of someone smashing up servers with a sledgehammer – no, really – apply. A Kurosawa movie, this isn’t:

http://ift.tt/2aBfoBQ

The topics included Malvertising, Ransomware (on desktop and mobile), and CFO fraud / CEO fraud / BEC scams / Business Email Compromise / whatever random name it’s being called this week. I tend to stick with CFO fraud because out of all the alternatives, it’s the only one I can consistently remember without grasping at thin air for word cues.

Also, this happened:

Sadly, The Queen doesn’t generally walk around security conferences shaking hands with people but as fake Queens go, that’s a pretty good one.

On day two, I spoke to Dan Raywood about the perils of Ransomware and some of the new directions this persistent piece of Malware may end up moving in. Bonus points to the still image Youtube is using for the clip, as it makes me look like a thoroughly entertaining chap doing an “And another thing…” routine.

Once a second day of working the booth was over, some of the Blog Team made our way to the 2016 Infosec Blogger Awards which took place at – you’ve guessed it – Infosec Europe 2016. There was some tough competition present across all categories, from Sophos and Bitdefender to Troy Hunt and Heimdal Security. We’ve been fortunate enough to win some awards previously [1], [2], so the pressure was indeed on.

The Awards themselves celebrate the hard work done by researchers, bloggers, podcasters and videomakers over the last 12 months – and there were certainly a lot of candidates to choose from. Would Graham Cluley nab the best video award? Could a newcomer win the best personal blog? How about Brian Honan adding to his Hall of Fame induction with a best EU Tweeter award?

Well, wonder no more. I’m pleased to announce that as a result of your votes, Malwarebytes Labs won Best Corporate Blog 2016!

2016 best corporate blog: Malwarebytes

Photo © Infosecurity Europe 2016

Here is the full list of results:

Best Corporate blog – Malwarebytes Labs Blog

The Best European Corporate Security Blog – Sophos Naked Security

Best European Security Podcast – Securing Business

Best Security Podcast – Risky Business

Best Security Video Blog – Graham Cluley

Best Personal Security Blog – Jack Daniel’s Uncommon Sense Security

Best European Personal Security Blog – Security Affairs

Most Entertaining Blog – Troy Hunt

Most Educational Blog – Heimdal Security

Best New Security Blog – Info Sec Guy Blog

Best EU Security Tweeter – Mikko Hypponen

Grand Prix Prize for Overall Best European Security Blog – Bitdefender Hot for Security

We do our very best to provide you with the latest breaking news regarding exploits, scams, malvertising, and more besides – and we’ll continue to do so over the next 12 months.

All in all, it’s been a busy few months for the team and I’m happy to report everything went according to plan. The next time you’ll likely hear me talking about things on a stage will be VB 2016 in Denver, Colorado alongside my good colleague Jerome Segura on the subject of Malvertising.

For now, I’ll leave you with a radio ramble about the attraction of Pokemon GO for scammers, because we can all do with a bit of creature-collecting security advice in our lives. Thanks again for your votes, and safe surfing!

Christopher Boyd

Web Analytics