Danny Adamitis
Danny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research team at Lumen Technologies. Danny has tracked nation-state adversaries and cybercriminals using both open-source and proprietary datasets in various roles for over a decade. More recently he has focused on threats to ISPs, including campaigns in which actors targeted networking equipment, Linux servers, and DNS infrastructure. Prior to joining Lumen Technologies, Daniel worked at Cisco Talos. Danny has a bachelor’s degree in Diplomacy and International Relations from Seton Hall University.
Session
the one-upmanship just keeps on coming. Last year we presented our research on the HiatusRAT malware, which infected small office/home office (SOHO) routers belonging to selected targets and quietly stole access credentials for use against downstream systems. Now we'd like to present our latest research on a new malware that appears to have been written by the same authors, showing enhanced function and a greater threat, as it appears to have been designed for environments where TLS has increasingly been adopted and assets are protected in the cloud. Cuttlefish is stealthy, and sits passively on the router until it sees the conditions it was made for - either sniffing traffic or hijacking DNS and HTTP requests to steal authentication material it can use to enter systems downstream of the infected device. This talk with address the roots of the malware design, how it was discovered and how it performs each of its tasks, including the weaponization of stolen credentials. I'll discuss the infection pattern, timeline, and what you can do to protect yourself against this or similar infections.