Targeted malware attacks are particularly dangerous to NGOs and other organizations that take real-world risks while often having little if any IT security budget. In this talk, Seth will describe a variety of targeted malware attacks observed in the wild against human rights organizations, and the techniques (both social and technical) that they use to be successful. Seth will then look at the technical details of a data exfiltration network: what information is being stolen, how it is leaving your network, and where it is going. The talk will conclude with observations on how this kind of targeted malware differs from those used for financial gain, and steps that organizations can take to defend themselves, even with very limited resources.
