What’s hot at RSA Conference 2023: 6 must-see malware analysis and threat hunting talks

by Paul Roberts on April 18, 2023

RSAC-2023-Must-See-Malware

The RSA Conference is happening next week in San Francisco and bringing some of the top minds in information security together to meet, mingle, deal — and also learn. The event started more than 30 years ago as a confab for cryptographers. These days, it doesn’t have the “zero-day cachet” of conferences like Black Hat, DEF CON or CanSecWest with its Pwn2Own competition. But it makes up for that with a steady and impressive parade of executives, top-shelf policy makers and subject matter experts.

The agenda for this year’s show is vast, spanning everything from cloud security; to privacy, law and policy; to malware and threat actors. The annual Sandbox competition – a beauty competition for cybersecurity startups — is a favorite.

Here are the must-see talks your malware and threat-focused team should attend at RSAC.

The Industrial Cyberthreat Landscape: Year in Review Report with Updates

Cyber attacks on operational technology (OT) systems including industrial control and SCADA systems aren’t a new thing – but they are becoming more common and more serious. Sophisticated adversaries, many affiliated with nation-states, are honing their craft and planting their feet inside sensitive networks. Rob Lee, the CEO of the firm Dragos, is one of the world’s top experts on OT cyber threats and actors. He’s hot off testifying to Congress about risks to the U.S. electrical grid and other critical infrastructure. Check him out at RSA where he’s going to review the latest intelligence on OT threat groups as well as reveal previously undisclosed vulnerability and incident response insights. This is one you don’t want to miss!

Sponsorships Available

When: Monday, Apr 24, 2023 9:40 – 10:30 AM Pacific

REvil: Riches to Rags – The Rise and Takedown of a Cybercrime Empire

The REvil group is one of the most prodigious cybercriminal gangs in recent years. It famously was “taken down” by Russian authorities in early 2022 – a rare instance of Russia cooperating with Western governments to take out a cybercriminal gang operating from its territory. In this talk, John Fokker, the Head of Threat Intelligence at the firm Trellix goes deep on the REvil gang to analyze its unique skills and tactics, the mistakes the group made that eventually led to its downfall and how private-public partnerships played a role in bringing REvil to justice.

When: Monday, Apr 24, 2023 10:50 – 11:40 AM Pacific

Making oRat go…further

The threat landscape has changed considerably in the past 20 years, but one thing hasn’t changed: the vast majority of malware still is designed to target machines running versions of Microsoft’s Windows operating system. That’s beginning to change, however, as non Windows and mobile operating systems proliferate. This talk is a chance to see one of the preeminent researchers focused on malware for the Mac operating system, Patrick Wardle, talk about a newly discovered threat, oRAT, with ties to an APT group. Even more interesting is Wardle’s strategy for analyzing oRAT’s functionality, which involves standing up a custom command and control (C2) server to trick the malware into revealing its capabilities.

When: Monday, Apr 24, 2023 10:50 – 11:40 AM Pacific

Reconsidering Ragnarok: The Cyber Threat Terrain After the Ukraine Invasion

In the ramp up to Russia’s invasion of Ukraine, the consensus among western officials was that the first and most devastating assaults on Ukraine would come from Russia’s vaunted military and intelligence based hacking units. After all, Russia had been trying out its stuff on Ukraine for years, including attacks on the Ukrainian electrical grid and the NotPetya wiper attack on Ukraine’s public and private sector. It was a surprise (and a foreshadowing), then, when Russia’s cyber assault on its neighbor went off with more of a whimper than a bang: a couple of novel wiper attacks that caused minimal damage and were quickly shrugged off. In this presentation, moderated by Christopher Ott, FBI Assistant Special Agent in Charge at the FBI and Unit 42 CTO and VP Of Engineering and Threat Intelligence Michael Sikorski talk about what happened, what didn’t happen and why. They also look ahead to what the future may hold for cyber warfare and conflict in Ukraine.

When: Monday, Apr 24, 2023 1:10 – 2:00 PM Pacific

The State of the Hack 2023: The NSA’s Perspective

The cyber threat landscape these days is complex: populated by international cyber criminal gangs, nation-state hacking groups, as well as lone operators leveraging turnkey ransomware- DDOS or data theft as a service. Even worse, the boundaries between different actors – profit- vs. ideologically motivated – is blurry. Who better to sort out the mess than Rob Joyce, the Director of Cybersecurity at the National Security Agency (NSA). Mr. Joyce will be presenting his views on the “state of the hack” on Wednesday, including reflections on the blurring lines between public and private networks for nation-state actors.

When: Wednesday, Apr 26, 2023 2:25 – 3:15 PM Pacific

The Rise of Malware Within the Software Supply Chain

For most of the last 25 years, managing malware was about managing users, whose poor OPSEC and click-happy ways made it easy for malware to slip into corporate networks in the form of email attachments or via compromised websites. But as detection and monitoring have improved, attackers are changing up their approach. A potent new tool in their tool belt? Malicious injections into open source and third-party software, as the recent 3CX attack shows. To protect themselves and their customers from this evolving threat, organizations need a way to combat malware within the software supply chain. Check out ReversingLabs Charlie Jones as he digs into a variety of strategies to protect, detect, and respond to this new malware attack vector.

When: Thursday, Apr 27, 2023 8:30 – 9:20 AM Pacific