Martijn Grooten
Last known affiliation: Internews
Bio: Martijn Grooten is a digital security researcher with more than 15 years of experience working in cybersecurity. He spent many of those years at Virus Bulletin, where he was the main organizer of the Virus Bulletin conference for six editions, and worked as a product tester and ad hoc security researcher. He spoke at several international conferences, including RSA, Black Hat, NorthSec, TROOPERS and Botconf (twice). In recent years, he has focused on digital threats against vulnerable groups. He co-founded the Coalition Against Stalkerware and has done other work on tech abuse. He was part of the team that developed the Ford Foundation’s Cybersecurity Assessment Tool and as of early 2022 has been working as digital security technologist at Internews. Martijn lives in Athens, Greece and loves cooking, running and reading – or just thinking about the good old days when he did all those things.
Martijn Grooten 🗣
Abstract (click to view)
This presentation will discuss digital threats against civil society groups outside the West: journalists and independent media organizations, human rights activists, defenders of minorities’ rights, women’s rights organizations etc. On top of the digital threats that any organization around the world faces – phishing, malware, business email compromise etc. – these organizations face more targeted threats related to their activities. These vary from the technically very advanced, including zero-day using spyware like Pegasus, from the technically mundane but really impactful, like social media accounts being hacked or banned.
The first part of the presentation will discuss the context in which civil society groups operate in the digital world, then discuss the threats they are facing, including the support they receive in responding to these threats. The second and main part of the presentation will cover real-world examples of such threats and focus on the real-world impact these threats have, including the psychosocial impact. The final part will cover what can be done to support civil society in the rest of the world and in particular what the Botconf audience could do to help.
Martijn Grooten 🗣
Abstract (click to view)
Malspam’ (an umbrella term for spam campaigns that deliver malware or send users to phishing sites) has long been the prominent way for individuals and organisations to get themselves infected. These campaigns are opportunistic (i.e. non targeted), which distinguishes them from very targeted spear-phishing campaigns. Yet these malspam campaigns also differ in a number of fundamental ways from ordinary spam, which positively affects their effectiveness and negatively affects our ability to analyse them. In this talk, I will explain how most malspam campaigns differ from ordinary spam, based on years of studying the email part of such campaigns in our lab. I will discuss how this makes them a lot better at bypassing email filters and how this affects their visibility.
Martijn Grooten 🗣 | João Gouveia 🗣
Abstract (click to view)
Mevade (also known as Sefnit) is a botnet that engages in click-fraud and cryptocurrency mining. Mevade is noticeable for two reasons. Firstly, it is huge: at some point, several millions of computers had been infected. And secondly, when it hosted its C&C servers on Tor hidden services, it almost took down the Tor network. In this presentation we will give an overview of what is known about Mevade and how the botnet has evolved over time. A large part of the presentation will focus on the research performed on the non-Tor C&C communication and the somewhat unusual choice of domain names for C&C communication. We will also discuss about links between Mevade and other kinds of adware and malware. We are actively following this botnet and the developments around it and will of course present any developments taking place in the months prior to the conference.
Outline of presentation:
- History of Mevade
- Overview of the malware
- Click-fraud
- Cryptocurrency mining and the Stratum mining protocol used by Mevade
- Network communication Using Tor for C&C
- Links to other kinds of botnet and malware
- New developments