Thomas Roccia

Thomas Roccia is security researcher on the McAfee Advanced Threat Research team. He works on threat intelligence, tracking cybercrime campaigns and collaborating with law enforcement agencies. In previous his role, Roccia worked on the McAfee Foundstone team, performing worldwide incident response, malware hunting, and penetration testing. He has helped customers during major outbreaks and managed highly critical situations. Roccia has developed workshops, training courses, and presentations. His work in security research includes malware, reverse engineering, vulnerabilities, and car hacking. He speaks regularly at security conferences. Twitter: @fr0gger_

Subscribe to Thomas Roccia Blogs

More from Thomas Roccia

McAfee Labs

Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study

Executive Summary Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the dominant categories of evasion is anti-sandbox detection, simply because today’s sandboxes are becoming the fastest and easiest way to have an overview of the threat. Many companies use these kinds ...

McAfee Labs

Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423

In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft’s Jet Database Engine. Microsoft released a patch in October 2018. We investigated this flaw at that time to protect our customers. We were able to find some issues with the patch and reported ...

McAfee Labs

McAfee ATR Aids Police in Arrest of the Rubella and Dryad Office Macro Builder Suspect

Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a victim to open the document and enable the embedded macro. This macro then proceeds to pull in a whole array of nastiness ...

McAfee Labs

Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems

Last week the McAfee Advanced Threat Research team posted an analysis of a new wave of Shamoon “wiper” malware attacks that struck several companies in the Middle East and Europe. In that analysis we discussed one difference to previous Shamoon campaigns. The latest version has a modular approach that allows ...

McAfee Labs

Shamoon Returns to Wipe Systems in Middle East, Europe

Destructive malware has been employed by adversaries for years. Usually such attacks are carefully targeted and can be motivated by ideology, politics, or even financial aims. Destructive attacks have a critical impact on businesses, causing the loss of data or crippling business operations. When a company is impacted, the damage ...

McAfee Labs

Triton Malware Spearheads Latest Attacks on Industrial Systems

Malware that attacks industrial control systems (ICS), such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that manage large-scale industrial processes. An essential danger in this threat is that it moves from mere digital damage to ...

McAfee Labs

Rapidly Evolving Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation

The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will examine the latest version and how the authors have improved the code (and in some cases have made mistakes). McAfee gateway and endpoint ...

McAfee Labs

Today’s Connected Cars Vulnerable to Hacking, Malware

The McAfee Advanced Threat Research team recently published an article about threats to automobiles on the French site JournalAuto.com. Connected cars are growing rapidly in number and represent the next big step in personal transportation.

McAfee Labs

Free Ransomware Available on Dark Web

The McAfee Advanced Threat Research team recently analyzed a ransomware-as-a-service threat that is available for free and without registration. This malware was first seen in July 2017 with the extension .shifr. It has now appeared in recent detections with the extension .cypher. Ransomware-as-a-Service Ransomware-as-a-service is a cybercrime economic model that allows ...

McAfee Labs

Emotet Trojan Acts as Loader, Spreads Automatically

Since the middle of July, McAfee has observed new updates of the Emotet, a Trojan that was first discovered in 2014. This malware harvests banking credentials. Early variants used Outlook contact harvesting to spread via malicious spam. The latest variants act as loaders and use several mechanisms to spread over ...

Subscribe to McAfee Securing Tomorrow Blogs