CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
Because the Internet of Things is a major part of modern life, security threats are everywhere. Security incidents as well as the results of our many threat hunts have shown us that hundreds of millions of devices have been traumatized by attackers’ malicious actions, made part of large botnets, or disrupted through malicious programs taking advantage of zero-day or one-day vulnerabilities.
In order to reinforce detection and defensive capabilities against such IoT-ICS threats, we have deployed hundreds of automated threat hunting engines worldwide. In the past year, we have received and analyzed more than 25 TB of traffic, detected over 1.1 billion attacks from over 200 countries, and hunted 400 million plus suspicious IPs, 30 million plus suspicious domains, and over 1 million malicious files (RATs, trojans, worms, ransomware, and so on). Among those malicious files, more than 40% are unknown -- VirusTotal couldn’t recognize them. We also found that more than 1.1 million devices may have been assimilated into botnets. This talk will share in detail how we built an automated large-scale threat hunting system, and give a deep look into the overall threat situation and trends from 6 hunting examples from the past year. We will share the benefits and responses to the threats we found, and the next steps for our threat hunting project.
Mars Cheng (@marscheng_) leads TXOne Networks’ PSIRT and Threat Research Team as their Threat Research Manager, coordinating product security initiatives and threat research efforts. He is also the Executive Director for the Association of Hackers in Taiwan and General Coordinator of HITCON CISO Summit 2024, facilitating collaboration between enterprises and the government to bolster the cybersecurity landscape. Additionally, Mars serves as a Cybersecurity Auditor for the Taiwan Government. His expertise spans ICS / SCADA systems, malware analysis, threat intelligence and hunting, and enterprise security. Mars has made significant contributions to the cybersecurity community, including authoring more than ten CVE-IDs and publishing in three SCI journals on applied cryptography. Mars is a frequent speaker and trainer at numerous prestigious international cybersecurity conferences and has presented over 50 times, including Black Hat USA / Europe / MEA, RSA Conference, DEF CON, CODE BLUE, SecTor, Troopers, FIRST, HITB, ICS Cyber Security Conference Asia and USA, HITCON, NoHat, ROOTCON, SINCON, CYBERSEC, and many others. He has successfully organized several past HITCON events, including HITCON CISO Summit 2023, HITCON PEACE 2022, HITCON 2021, and HITCON 2020, demonstrating his commitment to advancing the field of cybersecurity.
Patrick Kuo is currently working at TXOne Networks in vulnerability research and technical development. His main responsibilities include analyzing network traffic, malicious programs, and developing Hunting Systems, Hunting Agents, and Threat Atlas to obtain the most up-to-date attack intelligence. In addition, he has spoken at BlackHat Europe, FIRST, CYBERSEC, and HITCON.