Thomas Roccia

Thomas Roccia is security researcher on the McAfee Advanced Threat Research team. He works on threat intelligence, tracking cybercrime campaigns and collaborating with law enforcement agencies. In previous his role, Roccia worked on the McAfee Foundstone team, performing worldwide incident response, malware hunting, and penetration testing. He has helped customers during major outbreaks and managed highly critical situations. Roccia has developed workshops, training courses, and presentations. His work in security research includes malware, reverse engineering, vulnerabilities, and car hacking. He speaks regularly at security conferences. Twitter: @fr0gger_
Destructive malware has been employed by adversaries for years. Usually such attacks are carefully targeted and can be motivated by ideology, politics, or even financial aims. Destructive attacks have a critical impact on businesses, causing the loss of data or crippling business operations. When a company is impacted, the damage can be significant. Restoration can ...
Read Blog
The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will examine the latest version and how the authors have improved the code (and in some cases have made mistakes). McAfee gateway and endpoint products are able to protect ...
Read Blog
The McAfee Advanced Threat Research team recently published an article about threats to automobiles on the French site JournalAuto.com. Connected cars are growing rapidly in number and represent the next big step in personal transportation. Auto sales are expected to triple between 2017 and 2022, to US$155.9 billion from $52.5 billion, according to PwC France. ...
Read Blog
The McAfee Advanced Threat Research team recently analyzed a ransomware-as-a-service threat that is available for free and without registration. This malware was first seen in July 2017 with the extension .shifr. It has now appeared in recent detections with the extension .cypher. Ransomware-as-a-Service Ransomware-as-a-service is a cybercrime economic model that allows malware developers to earn money ...
Read Blog
Since the middle of July, McAfee has observed new updates of the Emotet, a Trojan that was first discovered in 2014. This malware harvests banking credentials. Early variants used Outlook contact harvesting to spread via malicious spam. The latest variants act as loaders and use several mechanisms to spread over the network and send spam ...
Read Blog
Malware authors use a number of tricks to avoid detection and analysis. One of the most popular methods is to employ a packer, a tool that compresses, encrypts, and/or modifies a malicious file’s format. (Packers can also be used for legitimate ends, for example, to protect a program against cracking or copying.) All these tricks ...
Read Blog