Positive Technologies is participating at AVAR 2023, the 26th edition of the AVAR International Cybersecurity Conference hosted by Dubai from November 28 to December 1. Members of the PT Expert Security Center (PT ESC) team will share their experience in developing open-source projects, using the DRAKVUF agentless sandbox as an example, and details of a new wave of attacks by the Space Pirates group.

Behavioral analysis in Linux operating systems is a challenge due to a broad variety of distributions, a lack of user-friendly tools, and incomplete data that these tools provide. All of this helps threat actors remain invisible to protection systems, including sandboxes. Aleksey Kolesnikov, Malware Detection Specialist at PT ESC, describes the benefits of the DRAKVUF open-source project from a fundamental malware analysis perspective and the issues that the experts had to overcome while developing a hypervisor solution.

"Originally a small-scale research project, DRAKVUF grew through community contributions to become a full-fledged business project. We contributed substantially to its development as well, with dozens of plugins for both Windows and Linux created and reworked over time with the help of Positive Technologies experts. The technology has now proved itself as part of our own product, it is running smoothly and fundamentally, essentially better than other similar systems," says Kolesnikov.

Denis Kuvshinov and Stanislav Rakovsky, cyberthreat researchers at PT ESC, address a new wave of attacks by the Space Pirates hacker group.

"The group still has its sights on espionage and confidential data theft, but their interests have grown broader. According to our data, in 2022–2023, Space Pirates successfully attacked a minimum of 16 organizations in Russia, targeting public, defense, aerospace, and other sectors,"Kuvshinov says. "Little changed about the group's tactics over the period, but it did improve its legacy tools while creating new ones that implemented unconventional techniques, one example being Voidoor. The group probably also exploited vulnerabilities we had not observed earlier."

In 2023, Positive Technologies became the first Russian organization to be accepted into the Association of Anti-Virus Asia Researchers (AVAR), one of the world's most reputable malware research associations. AVAR was established in 1998 as an independent non-profit organization with the mission of preventing the spread of malware and the damage caused by it, promoting cooperation among Asian cybersecurity professionals. Today, AVAR is comprised of experts from 17 Asia-Pacific countries.

In recent years, Asian countries which have emerged as global leaders in technology innovation have seen an increased need for developing and implementing sustainable cybersecurity strategies. This is why in 2023, Positive Technologies experts conducted a series of studies on cyberthreats relevant to Asia, with a focus on six countries (China, India, Thailand, Malaysia, Vietnam, and Indonesia) and two key regions: the Middle East and the GCC (Gulf Cooperation Council).

The objective of these studies is in-depth research into the cybersecurity landscape of Asia—the region that accounted for a third of the global number of cyberattacks in 2022—with the aim of improving data protection technology and sharing recommendations on boosting the cyber resilience of organizations.

-Ends-

Positive Technologies is an industry leader in results-oriented cybersecurity and a major developer and vendor of products, solutions, and services that detect and prevent cyberattacks before they can cause non-tolerable damage to businesses and entire economic sectors. Our technologies are used by 3,300 organizations around the world.

Positive Technologies is the first and only cybersecurity company in Russia to have gone public on the Moscow Exchange (MOEX: POSI), with more than 185,000 shareholders.

Follow us on social media (Telegram, VK, Twitter, Habr), read our news at ptsecurity.com, and don't forget to subscribe to our Telegram channel IT's positive investing.

Media contact: