Thomas Roccia is senior security researcher on the Advanced Threat Research team. He works on threat intelligence, tracking cybercrime campaigns and collaborating with law enforcement agencies. In a previous role, Thomas worked on the McAfee Foundstone team, performing worldwide incident response, malware hunting, and penetration testing. He has helped customers during major outbreaks and managed highly critical situations. Thomas has developed workshops, training courses, presentations, he leads the Unprotect Project, an open-source database dedicated to malware evasion techniques. His work in security research includes threat intelligence, malware, reverse engineering, vulnerabilities as well as innovation and patenting. He speaks regularly at security conferences.
Thomas Roccia Blog FeedMore from Thomas Roccia
McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware
Executive Summary Cuba ransomware is an older ransomware, that has recently undergone some development. The actors have incorporated the leaking of victim data to increase its impact...
Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies
In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed...
Babuk Ransomware
Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises,...
Cybercriminals Actively Exploiting RDP to Target Remote Organizations
The COVID-19 pandemic has prompted many companies to enable their employees to work remotely and, in a large number of...
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study
Executive Summary Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the...
Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423
In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft’s Jet Database Engine....
McAfee ATR Aids Police in Arrest of Rubella & Dryad Office Macro Builder
Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an...
Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems
Last week the McAfee Advanced Threat Research team posted an analysis of a new wave of Shamoon “wiper” malware attacks...
Shamoon Returns to Wipe Systems in Middle East, Europe
Destructive malware has been employed by adversaries for years. Usually such attacks are carefully targeted and can be motivated by...
Triton Malware Spearheads Latest Attacks on Industrial Systems
Malware that attacks industrial control systems (ICS), such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that manage large-scale industrial processes. An essential danger in this threat is that it moves from mere digital damage to ...
- 1
- 2
