Adi Ikan and Ori Hamama

Adi Ikan and Ori Hamama

Speaker
Network Research & Protection Group Manager at Check Point Software Technologies. NRPG is focused on analyzing the threat landscape, and developing the relevant security coverage to our customers. Prior to Check Point, I served as an Officer in the IDF Intelligence Corps 8200 Unit in various research and development positions - From Product Manager through Security Researcher to Software Engineer. In addition, I Hold an M.Sc. in Financial Mathematics (Graduated cum laude) and B.Sc. in Applied Mathematics (Graduated while high school studies) at Bar-Ilan University. I have already presented our research in conferences, such as BSides San Francisco, CircleCityCon, and CPX Vienna. Ori Hamama is a software engineer and security researcher. He has been writing code from the age of 12 and has worked at various startups and enterprises ever since. Today he is Research Team Lead at Checkpoint, discovering interesting campaigns. Ori specializes in web security and network technologies.

DarkCrewBot – The Return of the Bot Shop Crew

Check Point Researchers recently discovered an ongoing, evolving campaign from a known hackers’ group, “DarkCrewFriends.” This campaign targets PHP servers, focusing on creating a botnet infrastructure that can be leveraged for several purposes such as monetization and shutting down critical services.

DarkCrewFriends has been quite active over the last few years. The group offers a variety of services ranging from bots to traffic services for websites, and was mentioned as the party responsible for causing a data breach in an Italian news site. The attack chain of the current campaign includes exploiting an unrestricted file upload vulnerability, uploading a malicious PHP web shell, and communicating with a C&C server using an IRC channel. The attackers can leverage the malware’s capabilities for various scenarios, such as DDoS attack types and shell command execution.

In the presentation we will present our findings, from detailed entire attack chain walk through to sharing unique insights on the threat actors.



Schedule : September 24, 2020 - 02:20 PM