George Glass
George Glass is an associate managing director and EMEA lead in the Kroll Cyber Threat Intelligence team, based in London. George has more than eight years’ experience in building, deploying and operationalizing on-premise and cloud-based technologies and has a proven track record for optimizing and automating operations to reduce detection and response times.
He delivers analysis on vulnerabilities, malware and threat actors to hundreds of clients, including FTSE 50 companies, ensuring detection of the latest threats across multiple security information and event management (SEIM) and endpoint detection and response (EDR) solutions.
Session
The Kroll Cyber Threat Intelligence (CTI) team discovered new malware resembling the VBScript based BABYSHARK malware that we've called TODDLERSHARK.
The malware was used in post-compromise activity following exploitation of two vulnerabilities in ScreenConnect, which were responsibly disclosed by a Kroll analyst but quickly weaponised after detail of the vulnerability was published.
BABYSHARK has been associated, by several sources, with a threat actor Kroll tracks as KTA082 (Kimsuky).
The malware utilized legitimate Microsoft binary and alternate data streams and exhibited elements of polymorphic behavior.
This talk will detail how the exploits work, how Kimsuky was able to quickly operationalize a n-day vulnerability, a teardown of TODDLERSHARK and how simple detection methods were able to stop an APT group.