Ori Nakar

Security Researcher, Data Engineer, and Data Scientist at Imperva Threat Research Group. I specialize in application and database security, leveraging expertise in data analytics, data science, and automation to drive innovative security solutions.


Session

12-14
10:00
45min
Unmasking APT Malware Activity: Real-World Malware Campaign Tracking Using Big Data Analytics and Machine Learning Clustering
Daniel Johnston, Ori Nakar

Our talk introduces an innovative framework for automating the identification and handling of malware samples targeting web servers, leveraging big data analytics and machine learning to cluster and track active malware campaigns. We will demonstrate an innovative and unique framework that employs heuristic analysis to autonomously identify and process web-delivered malware samples. This framework enhances the efficiency and accuracy of malware detection in large data sets, reducing the reliance on manual intervention, and enabling near real-time threat hunting, and campaign tracking.

Building upon the collected malware data, we utilize big data analytics techniques to track and monitor malwares, cluster similar malware samples and associated network activity, to unveil patterns and connections between various campaigns. This clustering approach provides deeper insights into the tactics, techniques, and procedures (TTPs) employed by threat actors, facilitating the identification of overarching strategies and objectives.

We will conclude with a detailed analysis of notable real-world malware campaigns identified through this system. Attendees will gain insights into the operational methodologies of these campaigns, their impact and the defensive measures that can be employed. Case studies will highlight real-world applications and the effectiveness of our automated approach in enhancing cybersecurity posture.

Main talk track
Track 2