Advanced Threat Research

Increasingly, people around the world depend on technology for their daily activities. Making this technology trustworthy involves a deep understanding of how attacks work. By researching security vulnerabilities, the Advanced Threat Research (ATR) team in Intel Security discovers opportunities to drive toward more secure technology.

 
Home | Research | Threat Intelligence | CHIPSEC
 

News

Blog Post: Attacks on SWIFT Banking System Benefit from Insider Knowledge | 2016-05-20

ATR's Christiaan Beek dives into some malware samples used in recent attacks on the banking system. This malware was able to manipulate and read unique messages from SWIFT (Society for Worldwide Interbank Financial Telecommunication), as well as adjust balances and send details to a remote control server. The analysis reveals key capabilities and other SWIFT codes contained in the sample.

Details of the analysis of malware targeting the SWIFT banking system are posted on McAfee Blog Central.


Upcoming training: Security of BIOS/UEFI System Firmware From Attacker's and Defender's Perspective | 2016-04-18

Researchers from the ATR team will be teaching a 4-day training Security of BIOS/UEFI System Firmware From Attacker's and Defender's Perspective in June at RECon security conference in Montreal, Canada.

A variety of attacks targeting system firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, OS loaders and secure booting. This training will detail and organize objectives, attack vectors, vulnerabilities and exploits against various types of system firmware such as legacy BIOS, SMI handlers and UEFI based firmware, mitigations as well as tools and methods available to analyze security of such firmware components. It will also detail protections available in hardware and in firmware such as Secure Boot implemented by modern OSes against bootkits.

The training includes theoretical material describing a structured approach to system firmware security analysis and mitigations as well as many hands-on exercises to test system firmware for vulnerabilities. After the training you should have basic understanding of platform hardware components and various types of system firmware, security objectives and attacks against system firmware, mitigations available in hardware and firmware. You should be able to apply this knowledge in practice to identify vulnerabilities in BIOS and perform forensic analysis of the firmware.


Workshop: Security below the OS with CHIPSEC Framework | 2016-03-16

Researchers from the ATR team gave a 2-day workshop Security below the OS with CHIPSEC Framework in March at TROOPERS 16 security conference in Heidelberg, Germany.

A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, UEFI secure boot and OS loaders. This workshop provides a hands-on opportunity to learn how to use an open source CHIPSEC framework (https://github.com/chipsec/chipsec) to test systems for vulnerabilities in low-level platform firmware components, problems with firmware security protections as well as develop your own modules in CHIPSEC which test for known issues or implement tools identifying new issues.


Disrupting Adversarial Success - Giving the Bad Guys No Sleep | 2016-03-01

At the RSA Conference 2016, in their session Disrupting Adversarial Success - Giving the Bad Guys No Sleep, Christiaan Beek of ATR with Raj Samani deconstructed emerging attack campaigns and techniques, examineed pragmatic defense strategies and discussed what to expect in the future.

RSA Conference presentation.