The Ex-Robotos BEC Scam Investigation
In a time span of several months a person or group has conducted several campaigns against Office365 with the target to compromise credentials. The purpose of these attacks is to use that very same access that is being obtained through these campaigns to login and conduct BEC (Business Email Compromise) fraud.
In this presentation we shall follow the MO of the attackers behind these campaigns, show how we were able to consistently take down all the malicious domains (more than 3000 over the past 3 months) and give insight about the infrastructure and the kit being used to do these attacks. We shall also try to follow the breadcrumbs and eventually get an idea about who’s behind these massive waves of attacks against enterprises, educational institutions and public services in Denmark and elsewhere.
Peter Kruse
CSIS security Group A/S
Peter Kruse cofounded the Danish IT security company CSIS in 2003 and currently leads its eCrime department, which provides services mainly aimed at the financial sector. His ability to combine a keen appreciation of business needs and a profound technical understanding of malware has made CSIS a valued partner of clients not only in Scandinavia but also in the rest of Europe.
Today, Peter is by far the most quoted IT security expert in Denmark and considered among the most recognized in Europe. He has a long history of active participation in several closed and vetted top IT-security communities and has numerous international connections in the antivirus and banking industries, law enforcement and higher education institutions.
Sponsors and Supporting Organizations
Diamond Sponsors
Platinum Sponsor
Networking Lounge Sponsor
Supporting Organization
Associate Sponsors