ESET Research podcast

This is an ESET Research Podcast special, recorded at RSA Conference 2022, the world's largest conference devoted entirely to information security. It is also a double feature: first, ESET’s top machine-learning experts Juraj Jánošík and Filip Mazán discuss the use of artificial intelligence in the industry, and how it compares with the claims presented on the expo floor and in the talks they’ve seen; in the second section, ESET Specialized Researcher Cameron Camp offers his insights into the security of medical devices, another hot topic of this year’s RSAC.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guests: Juraj Jánošík, ESET Head of Automated Threat Detection; Filip Mazán, ESET Senior Machine Learning Engineer; Cameron Camp, ESET Specialized Security Engineer; Ondrej Kubovič, ESET Security Awareness Specialist
Read more @WeLiveSecurity.com and @ESETresearch Twitter
 

As Unified Extensible Firmware Interface (UEFI) replaced legacy BIOS as the leading technology embedded into chips of modern computers and devices, it became vital to the security of the pre-OS environment and to the loading of the operating system. It’s no surprise that such a widespread technology represents a tempting target for threat actors in their search for ultimate persistence.
Listen to the latest episode of ESET Research podcast to find out more about ESPecter, the latest real-world espionage malware targeting the UEFI space, namely the EFI System Partition.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guests: Jean-Ian Boutin, ESET Head of Threat Research, Martin Smolár, ESET Malware Researcher
Read more @WeLiveSecurity.com and @ESETresearch Twitter
Blogposts:
UEFI threats moving to the ESP: Introducing ESPecter bootkit

Long before the first Russian soldier set his foot on Ukrainian soil, the country has been a target of sophisticated digital operations, spying on its officials, and sabotaging its critical infrastructure and other sectors. It was even the initial ground for the most destructive cyberattack in history, known as NotPetya. 
That trend continues also during the current crisis as ESET researchers uncovered an array of new, advanced cyberthreats infiltrating Ukrainian organizations with a single goal - to cause as much damage as possible. Apart from describing their capabilities, we provide context and explain when such attacks against Ukraine started, how they evolved over time, which of them could be considered successful, and what to expect in the future.
Host:
Aryeh Goretsky, ESET Distinguished Researcher
Guests:
Jean-Ian Boutin, ESET Head of Threat Research
Robert Lipovský, ESET Malware Researcher
 
Read more @WeLiveSecurity.com and @ESETresearch Twitter
Blogposts and other resources:
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
Ukraine Crisis – Digital Security Resource Center

The first ESET Research podcast episode dives deeper into the previously unexplored waters of malware targeting Internet Information Services (IIS), Microsoft's web server software for Windows with an extensible, modular architecture. 
Threat actors misused IIS to intercept or modify network traffic already back in 2013 and in 2021 IIS backdoors are being deployed by both cybercriminals and APT groups. ESET research breaks down the anatomy of native IIS malware, extracts its common features and documents real-world cases, supported by its full-internet scan for compromised servers.
ESET researchers discovered as many as 14 malware families being deployed in the wild ranging from traffic redirectors to backdoors. We cover curious schemes to boost third-party SEO by misusing compromised servers, and IIS proxies turning the servers into a part of C&C infrastructure but also mitigation techniques and a whole lot more.
Host: Aryeh Goretsky, ESET Distinguished Researcher
Guest: Zuzana Hromcová, ESET Malware Researcher
Read the whole story @WeLiveSecurity.com. 
White paper:
Anatomy of native IIS malware
Blogposts:
IIStealer: A server‑side threat to e‑commerce transactions
IISpy: A complex server‑side backdoor with anti‑forensic features
IISerpent: Malware‑driven SEO fraud as a service