Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin....
Transcript of Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin....
![Page 1: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/1.jpg)
![Page 2: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/2.jpg)
![Page 3: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/3.jpg)
![Page 4: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/4.jpg)
~ ₹8000
![Page 5: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/5.jpg)
![Page 6: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/6.jpg)
![Page 7: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/7.jpg)
The state of Malware from the Eye of the Tiger
Martijn Grooten, Virus Bulletin
Nullcon, Goa, March 2019
![Page 8: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/8.jpg)
Source: F-Secure
![Page 9: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/9.jpg)
About me
I am not a reverse engineer
I have never done security ‘in the real
world’
I have never been to Black Hat or
Defcon
I am a mathematician, but never
finished my PhD
I believe in facing the imposter
syndrome head-on
@martijn_grooten
Virus Bulletin
![Page 10: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/10.jpg)
Phone support scams
Lessons learned
Social engineering is effective
Don’t ignore economy when focusing
on cybercrime
![Page 11: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/11.jpg)
Necurs
Source: Trustwave
![Page 12: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/12.jpg)
Necurs has not actively spread for years
![Page 13: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/13.jpg)
![Page 14: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/14.jpg)
‘Dumb’ things to do with a botnet
Spamming
DDoS
Cryptocurrency mining
Proxy network
![Page 15: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/15.jpg)
Necurs getting smart
Source: Trend Micro
![Page 16: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/16.jpg)
NecursDumb botnets focus on quantity
rather than quantity
Typical infections are poorly secured
devices (old/unlicenced Windows,
IoT, etc)
Even dumb botnets have smart parts
Lessons learned
![Page 17: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/17.jpg)
Emotet
Source: The Hindu Business Line
![Page 18: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/18.jpg)
2014: just another banking trojan
Source: Trend Micro
![Page 19: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/19.jpg)
2018: a very clever downloader
Source: Kryptos Logic
![Page 20: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/20.jpg)
![Page 21: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/21.jpg)
Source: SANS Internet Storm Center
![Page 22: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/22.jpg)
A brief history of macro malware
1990s: macro viruses very prevalent
2000s: Microsoft disables default
execution of macros
2010s: malware authors “kindly ask”
victims to enable macros
![Page 23: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/23.jpg)
Emotet
Downloaders are what malware
attacks pivot around
‘Mass-market malware’ is increasingly
prioritizing quantity over quality
Social engineering works
Techniques are barely distinguishable
from those used by APT groups
Lessons learned
![Page 24: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/24.jpg)
Patchwork
Source: Cymmetria
![Page 25: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/25.jpg)
APTAdvanced-enough Persistent Threats
![Page 26: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/26.jpg)
Source: Volexity
![Page 27: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/27.jpg)
Source: Microsoft
![Page 28: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/28.jpg)
Source: open
![Page 29: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/29.jpg)
BITTER APT group
Source: Palo Alto Networks
![Page 30: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/30.jpg)
Emotet et al vs Patchwork et al
(not very targeted)
Downloader
Final payload
(depends on
target)
(very targeted)
Downloader
Final payload
(determined in
advance)
![Page 31: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/31.jpg)
Emotet et al vs Patchwork et al
(not very targeted)
Downloader
Final payload
(depends on
target)
(very targeted)
Downloader
Final payload
(determined in
advance)
![Page 32: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/32.jpg)
Downloadersgive code execution on the machine
![Page 33: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/33.jpg)
![Page 34: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/34.jpg)
PatchworkLessons learned
APTs aren’t that different from the
more advanced commodity malware
Exploit gullible humans and
unpatched systems
It’s all about the downloader
![Page 35: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/35.jpg)
Source: The Citizen Lab
Pegasus
![Page 36: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/36.jpg)
Zero-days
Source: The Citizen Lab
![Page 37: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/37.jpg)
PegasusLessons learned
Zero-days are used in some targeted
attacks
Zero-days are often poor ROI
Defending against zero-days is often*
poor ROI
* but not always
![Page 38: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/38.jpg)
Stalkerware
Source: The Economic Times (and Nullcon 2018)
![Page 39: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/39.jpg)
Source: Motherboard
![Page 40: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/40.jpg)
Abusive relationshipsThey’re abusive.
And they’re relationships.
![Page 41: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/41.jpg)
Stalkerware Just because something is outside our
standard threat model, doesn’t mean
it can’t cause serious damage.
Lessons learned
![Page 42: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/42.jpg)
The malwareability chart
social engineering
vuln.
explo
itatio
n
![Page 43: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/43.jpg)
The malwareability chart
social engineering
vuln.
explo
itatio
n device
![Page 44: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/44.jpg)
The malwareability chart
social engineering
vuln.
explo
itatio
n devicegap
![Page 45: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/45.jpg)
The malwareability chart
social engineering
vuln.
explo
itatio
n devicegap
![Page 46: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/46.jpg)
The malwareability chart
social engineering
vuln.
explo
itatio
n Win10
![Page 47: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/47.jpg)
The malwareability chart
social engineering
vuln.
explo
itatio
n Win10Linux
![Page 48: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/48.jpg)
The malwareability chart
social engineering
vuln.
explo
itatio
n Win10Linux
IOT
![Page 49: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/49.jpg)
The malwareability chart
social engineering
vuln.
explo
itatio
n Win10Linux
Android
IOT
![Page 50: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/50.jpg)
The malwareability chart
social engineering
vuln.
explo
itatio
n Win10Linux
Android
IOT
iOS
![Page 51: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/51.jpg)
The world’s best antivirus
![Page 52: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/52.jpg)
The world’s best antivirus
![Page 53: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/53.jpg)
![Page 54: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/54.jpg)
Source: Quartz
![Page 55: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/55.jpg)
Security ‘training’
social engineering
vuln.
explo
itatio
n
![Page 56: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/56.jpg)
Patching
social engineering
vuln.
explo
itatio
n
![Page 57: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/57.jpg)
Rooting
social engineering
vuln.
explo
itatio
n
![Page 58: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/58.jpg)
Antivirus
social engineering
vuln.
explo
itatio
ndevice
![Page 59: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/59.jpg)
YMMVyour mileage may vary
![Page 60: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/60.jpg)
A third dimension‘Scalability’
![Page 61: Lapsed Ordinary | Martijn's blog · Source: F-Secure. About me ... @martijn_grooten Virus Bulletin. Phone support scams Lessons learned Social engineering is effective Don’t ignore](https://reader035.fdocuments.us/reader035/viewer/2022071015/5fcdbd5debbb6111570a5061/html5/thumbnails/61.jpg)
Conclusion
Large botnets mostly used for ‘dumb’
things
For more ‘interesting’ attacks, it’s all
about the downloader
Zero-days do matter, but only for
some
Vulnerabilities and social engineering
both matter
Lessons learned