07-14, 11:00–11:50 (US/Eastern), Tobin 201/202
While some countries exhibit disproportionate aggressive behavior in cyberattacks, others show proxy-centric Internet traffic redistribution, and some experience higher frequencies of cyberattacks, leading to more compromised computers within their infrastructure. To investigate these patterns, Andréanne and Constance built a honeynet of RDP Windows servers in the cloud, collecting over 190 million events over three years. This dataset provides valuable insights into the origin of IP addresses, though attributing attacks to specific countries is complex. They found various data sources providing contradictory information about IP addresses and will explain how they used several tools to streamline access to this information, while leveraging open source information. The results reveal that different attack techniques vary by geographic origin, and evidence will be presented of shared hacking tools between cooperating countries, enhancing our understanding of global cyber threats.
Dr. Andréanne Bergeron is the director of research at GoSecure, specializing in online attackers' behaviors. Her expertise delves into the intersection of criminology and cybersecurity. In addition, Andréanne holds an esteemed position as an adjunct professor in the Department of Criminology of Montreal University, bridging academia and industry. Involved in the cybersecurity community, she is a board member of the Canadian Cybersecurity Network and the co-vice-president of engagement and outreach for Northsec.
linkedin
Constance Prevot is a software engineering undergraduate student at Concordia University in Montreal, specializing in cybersecurity. She actively participates in cybersecurity competitions, conferences, and events. She is currently doing an internship in the research department at GoSecure and works part-time as a SOC analyst at OnePoint. Additionally, Constance serves as the president of the computer science club at her university.
