Simon Conant
[Palo Alto Networks Unit 42]
Simon is a Principal Researcher in Palo Alto Networks’ Unit 42 threat research group.

He draws upon a quarter-century of international experience in the fields of malware & infrastructure analysis, networking, and information security, including several years in the Microsoft Security Response Center. He was involved in founding Microsoft's CSS Security & Internet Crime Investigation teams, and the International Botnet Task Force.

Subsequently he has worked in threat intelligence and analysis in the financial sector, for an international law firm, and now researches malware, campaigns and actors, with Unit 42.

A native of New Zealand, Simon is based out of Seattle USA.

Imminent Monitor - a RAT Down Under

Technical Level (3 being the highest score): 2

Imminent Monitor is a commodity RAT (Remote Access Tool/Trojan), offered for sale since 2012. We have collected over 65,000 samples of Imminent Monitor malware, and observed it used in attacks against over 115,000 Palo Alto Networks customers.

Over 2 years ago, Palo Alto Networks, Unit 42 attributed the actor behind this RAT, an Australian, and referred it to the US Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP).

This presentation will detail this RAT, and unmask the veil of purported legitimacy of its features. We'll share how Unit 42 identified the author, allowing us to refer it to law enforcement. The AFP subsequently worked together with Europol and over a dozen national Law Enforcement agencies, going after not only the author, but also his coconspirators, and notably the customers of his malware with a coordinated action late November 2019, which continues to this day.

This is a case study of the value and success made possible by public/private partnerships and international law enforcement cooperation.

Reference links:

https://unit42.paloaltonetworks.com/imminent-monitor-a-rat-down-under/
https://www.afp.gov.au/news-media/media-releases/rat-trap-international-cybercrimeinvestigation-shuts-down-insidious
https://www.europol.europa.eu/newsroom/news/international-crackdown-rat-spywarewhich-takes-total-control-of-victims’-pcs

Secure your place now!