2024-10-31, 11:30–12:00 (Europe/Amsterdam), Main stage
Imagine facing a list of the most commonly used malware variants for initial access. As the Dutch Police, where would you begin your investigation? In this talk, I will guide you through one of the investigations from Operation Endgame, where we began with just the name of the malware: IcedID. I will illustrate the complexities involved in tracking and dismantling the malware infrastructure, as well as apprehending the cybercriminals behind it.
Operation Endgame was a collaborative effort involving international law enforcement agencies, judicial authorities, and private industry, aimed at dismantling several key botnets that played a critical role in cybercrime. This operation enabled us to simultaneously take down these botnets and disrupt the infrastructure used by cybercriminals.
Initially designed as a banking Trojan, IcedID has expanded its capabilities to include credential theft, financial fraud, and serving as a delivery mechanism for secondary threats such as ransomware. In this talk, I will provide a detailed analysis of its architecture, focusing on its modular design, command-and-control (C2) infrastructure, and our investigative findings.
I will also highlight the collaborative efforts between law enforcement agencies and cybersecurity professionals in effectively combating the threat posed by IcedID. This includes the importance of threat intelligence sharing and the role of international cooperation in dismantling cybercrime networks.
Ilse works at the Dutch Police for almost 5 years as part of the regional Cybercrime Unit of Midden-Nederland. She is working as a digital forensic examiner on different kind of cybercrime cases, from hunting botnets and their creators to different kinds of banking fraud.