Unraveling MICI-BICA: Cybercriminals making money in 2023 using tactics from 1999

by Pau Cutrina Vilalta (CERN), Romain Wartel (CERN)

Thursday 28 Sept 2023, 11:00 → 12:00 Europe/Zurich

503/1-001 - Council Chamber (CERN)

This presentation focuses on a threat actor that impacted the Research & Education community in the last 3 years. It caused significant damages at victim organisations, including WLCG sites. What is striking is that this actor is leveraging basic, old, technologies (IRC, etc.) and did not demonstrate any particular technical skill. Yet it managed to earn thousands of euros in cryptomining, and easily gained access to hundreds of servers at Research & Education organisations.

 

How is this possible in 2023?

 

The tools, tactics, techniques, and procedures employed by this threat actor will be detailed, and the measures that should be put in place to stop the attack will be discussed.

 

This presentation is organized to provide to both technical and non-technical audiences, aiming to foster an understanding of the intricate dynamics of criminals and cyber threats.

 

NOTE:

There will be no Zoom/webcast/recording offered due to the sensitive nature of the subject.