Kaspersky Latin America
Dmitry Bestuzhev serves as Head of Kaspersky’s Global Research and Analysis Team for Latin America, where he oversees the anti-malware development and investigations of the company’s experts in the region. He specializes in the analysis of large-scale malware incidents, cyberespionage and targeted attacks, as well as the investigation of cybercrime (of human and electronic components) that employs advanced social engineering techniques aimed at online banking attacks and data leaks.
Dmitry joined Kaspersky in 2007 as a Malware Analyst and was responsible for monitoring the local threat landscape and providing preliminary analysis before going on to become Senior Regional Researcher for the Latin American region in 2008. In 2010, he was appointed to his current role.
In addition to supervising all anti-malware efforts, he prepares reports and forecasts for the region and is frequently sought out by international media and organizations for his expert commentary on IT security. He also participates in various educational initiatives throughout Latin America.
Dmitry has more than 20 years of experience in IT security across a wide variety of roles and is fluent in English, Spanish and Russian.
This presentation is about hunting UEFI implants and another undocumented “”features”” running on the Ring -2, gaining an eternal persistence in all machines over the globe.
What do Sofacy and Hacking Team threat actors have in common? Both successfully developed and used ITW low level Ring -2 implants targeting victims over the globe. Are they the only one players using such techniques gaining an eternal persistence on the machines? How to deal with the situation when your machine is an UEFI malicious implanted one? Will some secure OS help? Unfortunately the answer is no. In my presentation I will practically show how to hunt for malicious implants in UEFI, what have we found so far and what are the weirdest things we see right now.