How Mapping and Visualizing the Web Leaves Advanced APT’s Nowhere to Hide

background image

RiskIQ's Internet Intelligence graph defines the web's composition by mapping web pages and the many different remote resources that come together to create them, including SSL certificates. With this information, RiskIQ can link infrastructure showing the interconnectivity of various entities across the web, identifying each web asset's dependencies and pathways. Recently, RiskIQ researchers leveraged these connections while investigating OceanLotus activity to uncover a considerable swath of new infrastructure the cyber espionage group used in operations across Europe.

In this webinar, RiskIQ VP of Strategy Brandon Dixon and Maltego's Florian Murschetz will demonstrate how RiskIQ PassiveTotal and its integration with Maltego help researchers and analysts identify and visualize relationships in attacker infrastructure. By tapping into the internet intelligence graph and visualizing its connections, even advanced, well-funded APTs can't hide for long.

Watch our panel cover:

  • How a unique SSL certificate associated with the espionage group's infrastructure helped us correlate it with more than 70 IP addresses, which helped reporters from German Publications BR24 and Zeit Online track Ocean Lotus activity across Europe.
  • How this custom certificate and its associated IP addresses led to the infrastructure, OceanLotus uses to deploy Windows-based malware.
  • How similarities between campaigns—tactics, malware, and even infrastructure—can be a strong indicator that a particular IP Address is associated with a certain APT.
  • How unique data sets in RiskIQ PassiveTotal combined with Maltego’s visualization capabilities can help researchers and analysts quickly enumerate infrastructure related to seemingly disparate campaigns to paint a vivid picture of the threat landscape targeting their organization.

Speaker Bios

Brandon Dixon
Co-Founder of PassiveTotal & VP of Strategy for RiskIQ
Twitter / LinkedIn

Brandon has spent his career in information security performing analysis, building tools, and refining processes. As VP of Strategy, he is responsible for aligning RiskIQ to the market, influencing product strategy and furthering partnerships. Prior to RiskIQ, Brandon was the co-founder of PassiveTotal (acquired by RiskIQ) where he led development and product direction. Throughout the years, Brandon has developed several public tools, most notably PDF X-RAY, and NinjaJobs. His research and development on various security topics have gained him accolades from many major security vendors and peers in the industry.

Florian Murschetz
Subject Matter Expert, Maltego

Florian is a IT and security specialist of more than 10 years of professional experience. He supported internal and customers in vulnerability management, pentesting, incident handling and IT-Forensics. Besides his day job, he is active in "telnet community", a local hackspace and is a fellow in the CCC community.

Watch the Webinar