CCCC 2016 Presentations for Download
Benjamin Särkkä, Nordea:
Robert McArdle, Trend Micro:
Lars Bo Langsted, IECC:
Robert Lipovsky, Thomas Gardon, ESET:
Michael Hopp, Plesner:
Per Thorsheim:
Thomas Siebert, Marc Ester, G DATA:
Dr. Stefan Lüders, CERN:
From Perfect Security to Waiting for the Breach: Defend – Detect – Act
Targeted Attacks: More FUD than APT
Legal Disruption: IoT and Criminal Law
The SBDH Espionage Toolkit
The Consequences of GDPR for the Use of Modern Technologies
Bypassing and Securing Passwords, PINs and Digital Authentication
Ransomware as a Targeted Attack
6 Challenges to Secure the LHC
The download file is password protected. The password was sent to all conference participants after the event. In case you attended the conference, but can’t find the password anymore, please, send an email to mah(@)csis.dk in order to have it resent.
5 Challenges Securing the LHC
Dr. Stefan Lüders, European Organization for Nuclear Research (CERN)
The Large Hadron Collider (LHC) at the European Organization for Nuclear Research is a unique one-off prototype within the particle physics community. The accelerator itself and its attached experiments are development, managed and operated from a world-wide community of physicists, engineers and technicians. As such, “one-off prototype” and “world-wide community” plus the general attitude of an academic environment present particular challenges in securing the multitude of different control systems deployed for running the LHC and its experiments. This presentation will focus on the five most serious challenges and how they were overcome.
Bypassing and Securing Passwords, PINs and Digital Authentication
Per Thorsheim
Technical level: Low
At some point in time any individual or organisation are faced with the challenge of forgotten passwords, lost tokens, encrypted data and a need to regain control of an account. At the same time, in an ever-increasing global threat landscape, our need for properly securing our data are getting higher as well. How can we cope in a world where the need of forensic access collides with a need of properly securing our data?
From Perfect Security to Waiting for the Breach: Defend – Detect – Act
Benjamin Särkkä, Head of NITSIRT, Nordea
Technical level: Low to Medium
For a period of roughly 70 years in the beginning of the 19th century, the world experienced a period of perfect security. The threat landscape of today is vastly different, and even the best defenses only slow down a persistent threat. Find out about what threats we see at Nordea and what we do to mitigate them.
How to Battle an Uninvited Guest?
Michael Warrer, NRGi
Technical level: Low
In September 2015, NRGi was unexpectedly paid a visit by a hacker. Several hundred servers were destroyed and one thousand employees were not able to work. In the first hours we didn’t know what had hit us, but one thing was certain, it was not just ransomware. The emergency plan was taken out of the drawer and a large clearing and restoration work started. What was it that struck us and how did we come through it in relation to the media, employees, etc.? What did we subsequently do to protect us even better and what impact did it have on our customers, employees, IT department and the daily IT behavior?
If You’ve Got It, They Want It!
Ryan D. Pittman, NASA
Technical level: Low
The United States’ National Aeronautics and Space Administration (NASA) has been on the front lines of space exploration and scientific endeavor for over 50 years. And, although the Space Shuttle Program is no longer active, NASA continues to stay engaged in relevant projects, both terrestrial and otherwise. However, as a result, NASA is often the subject of cyber attacks aimed at compromising its networks and systems, driven by a wide range of motivations and objectives. In today’s supremely connected environment, simply having information of value makes an organization a target, leaving network defenders, incident responders, and law enforcement officers anticipating the next breach. In this presentation, a representative from the NASA Office of Inspector General will briefly discuss NASA’s history, some of its current projects, why it is such a target for external attackers, and how international cooperation is key to detecting, mitigating, investigating, and prosecuting cyber security incidents.
Legal Disruption: IoT and Criminal Law
Lars Bo Langsted, International Economic Crime and Cyber Crime Research Centre (IECC)
Non-Technical
Legal challenges to the criminal law and criminal procedures: are legal frameworks geared to cross-border digital crimes in the physical world through the use of IoT?
Multivariate Solutions to Emerging Passive DNS Challenges
Paul Vixie, Farsight Security
Technical level: Medium
These days, most threat intelligence analysts know how to use passive DNS to pivot on initial indicators: given one bad domain, analysts will routinely use passive DNS to identify other domains using the same IP address or name servers, etc.
Less discussed are the corner cases that make simple passive DNS methods hard to successfully employ. For example, if a domain’s name servers are shared with 100,000 other domains (including many legitimate domains!), “guilt by association” based solely on name server commonality can become difficult.
Fortunately, it is still possible to identify related bad domains by employing passive DNS along with various other attributes rather than just focusing on a single screening factor such as shared name servers.
Audience members will learn about the emerging challenges to using Passive DNS and specific steps they can take to successfully overcome them.
New Data Protection Laws: A Risky Business
Ruth Boardman, Bird & Bird
Non-technical
The General Data Protection Regulation is now in force: it will be applied as from 25 May 2018. This session will share the likely impact of the Regulation on IT professionals, with new requirements around security and the impact on system design. In many cases, whether and how provisions apply is dependent on risk assessment: we will also discuss the new requirements in this category.
Apart from that, we will also include an update on the EU-US Privacy Shield.
Ransomware as a targeted attack
Thomas Siebert, Marc Ester, G DATA
Technical level: Medium
While ransomware as an attack form dates back as far as 1989, the attention to these attacks grew significantly since the emergence of the CryptoLocker ransomware in 2013, a ransomware that encrypts files and charges money for the decryption key. Originally, mostly private end-users were targeted by ransomware. But recently cybercriminals started to leverage this kind of attacks specifically against companies and other large organizations. Even critical infrastructure is not being spared, as proven by the attacks against the Hollywood Presbyterian Medical Center and other hospitals in early 2016.
To gain entrance to an organizations network, the attackers use methods typically seen in conventional APT attacks, like spear phishing or RDP brute-forcing. Once started, the ransomware searches for network shares and tries to wreak as much havoc as possible by encrypting files on the shares. If the attackers gained access to an administrative user in the course of the attack, depending on the circumstances enough data may be inaccessible to effectively shut any organization down.
In this talk, we will show examples and common patterns for these kind of ransomware attacks. We will also discuss means to detect and prevent these attacks.
The Consequences of GDPR for the Use of Modern Technologies
Michael Hopp, Plesner
Non-Technical
In this presentation, we will address how modern technologies like biometrics, RFID, IoT and hardware identifiers are covered by the regulation and identify the implications for the processing of data generated by the information technologies.
The Dark Ages of Cybersecurity
Eugene Kaspersky, Kaspersky Lab
We’re living in the Dark Ages of Cybersecurity. The number and scale of high-profile cyberattacks are on the rise. Despite all the efforts of our industry, the damage from intrusions and data breaches is growing.
Some of them are so massive they represent a threat to global peace and security. Cybersecurity experts are working hard to secure the confidentiality, integrity and accessibility of data inside systems that were never designed with the possibility of an attack in mind.
In his speech, Eugene Kaspersky argues that the IT sector in general needs a paradigm shift to make the interconnected world less inherently vulnerable, and that the cybersecurity industry in particular needs to take the lead towards a safe and secure cyber-Enlightenment.
The Growth of Organised Cybercrime Against Global Financial Institutions and how Barclays Mitigate that Threat
Troels Oerting, Barclays
The increase in quantity and quality of organised cybercrime against global financial institutions and how Barclays Plc mitigate that threat.
The SBDH Espionage Toolkit
Robert Lipovsky, Thomas Gardon, ESET
Technical level: Medium
Over the course of the last year, we detected and analyzed several instances of a toolset that was used for targeted espionage. Among the victims were governmental and public institutions, including but not limited to ones focused on economic growth and cooperation.
The malware was targeting countries in Central and Eastern Europe, with a particular focus on the Visegrad Group. The malware also features unique capabilities, available control channels and exfiltration techniques, which also make it interesting from a technical viewpoint.
In our presentation, we will cover the evolution of the malware, analyze its components including techniques used to avoid detection and to bypass firewalls, and reveal clues that may point to its unforeseen origins.
The Worm in the Router and the Bug in the Fridge
Peter Kruse, CSIS Security Group A/S
Technical level: Low
The Internet of Things (IoT) refers to various devices mostly network- and Linux OS based. The number of intelligent Internet connected devices like smart TVs and phones, cameras, IHC (intelligent house control), fridges, cars, weight scales, toilets, watches, etc. is rapidly growing. The majority of users taking them into their private networks without securing them properly is becoming a serious problem and security risk. So the key question is whether the same trend applies to corporate businesses too. According to a recent Gartner report, it is expected that the market for Internet of Things devices will explode and reach nearly 21 billion connected devices by 2020. This should not be taken lightly as many of these devices are based on very new technology and could pose several risks, mainly when related to such a volume.
IoTs needs to work across networks, the cloud and data centers. But the diversity and scale of the IoT rightfully put topics such as security, integrity assurance, functionality and privacy into the digital limelight.
This presentation will sum up the state of IoT and demonstrate why it could become a hazard to your business and to your privacy.
Targeted Attacks: More FUD than APT
Robert McArdle, Trend Micro
Technical level: Low
When we think of Targeted Attacks thoughts immediately race to state-level “spy vs spy” scenarios, with weapons grade malware designed to do things like take a power plant offline. APTs are the new equivalent of the suitcase nuke from every 90’s spy movie. But is that the reality, or maybe – just maybe – could it be that someone would want to specifically target your organisation, and not just because the New World Order plan to rule the future with your data.
In this talk I’ll layout a bit more of what I see as the reality in Targeted Attacks today, drawing on several Trend Micro case studies, showing how the world has evolved to the stage we are at today – and finally how you can best defend your organisation from such attacks.