Last Day to Save $200 on Cutting-Edge Cyber Security Training at SANS Chicago 2019!

Copenhagen 2017

Copenhagen, Denmark | Mon, Sep 25 - Sat, Sep 30, 2017
This event is over,
but there are more training opportunities.

Lazarus APT vs The Banking Sector

  • Combining CTI & DFIR to Investigate APT Intrusions
  • Jess Garcia
  • Wednesday, September 27th, 7:00pm - 8:00pm

In 2016 the Lazarus APT Group, recently tied to the North Korean government, heavily targeted the banking sector worldwide. Near $100M were stolen from the Bank of Bangladesh (which were very close to become $1B), and several others followed. At the end of 2016 the Polish and Mexican banking sectors were targeted, only to be discovered 4 months later. Extensive Cyber Threat Intelligence (CTI) was published in Open and Closed Sources about these incidents, allowing Incident Responders in the affected organizations to properly address the Threat, illustrating the key role that CTI plays in DFIR today.

In this talk Jess Garcia, who was fighting some of these incidents in the trenches with his team at One eSecurity, will show you how to combine Cyber Threat Intelligence, Forensics and Malware Analysis to carry out an effective Incident Response in the context of an APT Incident.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Wednesday, September 27
Session Speaker Time Type
Adding Security to Your ICS Environment? Fine! But How?! Larry Vandeweele Wednesday, September 27th, 6:00pm - 7:00pm SANS@Night
Lazarus APT vs The Banking Sector Jess Garcia Wednesday, September 27th, 7:00pm - 8:00pm SANS@Night