Technical level: High

In nowadays, it’s difficult to find any hardware vendor who develops all the components present in its products. The big piece of it outsourced to OEM’s includes firmware too. That creates additional complexity and limits to hardware vendors to have full control under its hardware products. That creates not only additional supply chain security risks but also produce security gaps in the threat modelling process by design. In most cases hardware vendor separate threat model and security boundaries for each hardware component present on the platform but in reality, it misses a lot of details which is directly reflected on platform security. In this talk, we will look over the prism hardware and firmware forensics with threat intelligence souse.

Non-Technical

We’ve all heard the saying, “it’s not a matter of if you’ll be breached, it’s a matter of when.” Under GDPR, businesses must alert Data Protection Authorities (DPAs) within 72 hours of a data breach (with a potentially small exception). Understanding European requirements and taking a few important steps will help prepare your business to respond properly when a data breach does occur. You’re likely to be responding to a security incident if you need to deal with breach notifications. Businesses’ security infrastructure exists in a special place where we expect systems to be robust and are not able to view or judge their quality. This talk will also address security requirements to minimize your chances of a breach.

Technical Level: Low

In order to make a successful espionage campaign, we need a couple of things, mostly the idea of a good lure and infrastructure for both infection and exfiltration. Nowadays everyone was, is or will be moving their infra to the cloud so why not APTs? Why set up a costly dedicated server when we can use free PaaS hosting? Why not use a cloud-storage service for exfiltration with all of it unlimited quota and backups? Want to host some malware? Guess who gets you covered? Same goes for a lure, abusing the image of a trusted third party is a perfect way to trick the user to click where he shouldn’t. What about tools? Just swing by a popular code-sharing platform and choose a tool in the language of your liking! Code-based attribution won’t be a problem! 

In this presentation, we will show how to set up a successful campaign abusing publicly available services and tools. In order to do so, we will use campaigns conducted by Fishing Elephant as an example. Fishing Elephant is a newish set of targeted activities operating in South Asia we discovered last year.

Technical level: High

The need to scale up your operations is ever-growing, we can’t keep on just hiring more people to do forensics and incident response, we need to instead focus on codifying the knowledge of our current analysts. 

In this talk, I’ll walk through one example of how to achieve this utopia of ours of having our different forensics and response tools talk together. The talk will make use of dftimewolf, plaso, Timesketch and an open source SIEM solution to demonstrate how we can automate the collection, parsing, analysis and reporting of a security incident, helping analysts to speed up their investigations.

Technical level: Low

Online fraud affects the customers of banks, financial services companies, retailers, utility companies, telecommunications service providers and any other companies that have a significant online presence. Being successful in the fight against account takeover in the cyber age requires new types of analytical and technological capabilities.

This session will present a new fraud prevention analytical methodology. The presentation will include actual use-cases to demonstrate what can happen when cyber threat intelligence is gathered in volume, automated promptly and utilized in predictive models to stop fraudsters in their tracks.

Non-Technical

In the effort to shed light on how people steal, reship and sell stolen goods, the U.S. Postal Inspection Service will talk about how threat actors utilize technology to automate many components of their reshipping operation, how mules are recruited, and discuss search warrants that yielded an estimated 1 million dollars in stolen retail merchandise.

Non-Technical

In this session, Rasmus will talk about the huge Ransomware attack that hit Demant in 2019. Rasmus will also share some of the lessons learned and present the plans the Demant have made to improve the IT security setup.

Technical level: Medium

Connected pill bottles, glucose sensors and insulin pumps are not gadgets. They help people. Do cybercriminals care about our health? Probably not 😉 but they make money out of it. – Discover mobile malware which targets medical applications. – Understand the economy of underground markets with full health reports, medicine and organs.

Technical Level: High

Remember what you did on the 12th of May 2017? There are days that leave a lasting memory that never fades. The most recent of these events in our profession was the day WannaCry was set on loose rendering over 200,000 systems unusable. 

This worm was using one of the zero-day exploits leaked from NSA that was released by the mysterious Shadow Brokers group. Shortly after this devastating incident followed the more targeted destructive NonPetya attack. After these two incidents, a more quiet period came. One would think that the bad guys lost interest in the exploit, the world learned the lesson, and the vulnerable systems got patched: the threat is over. Nothing could be further from the truth. 

After the fireworks fade out, the time for the hard-working cybercrime groups comes. These groups are the SMB enterprises of the criminal world: they don’t have the resources that nation-state or high-end criminal groups have, but have capable coders, and what they lack in money compensate with creativity. They keep working on implementing these exploits in the malware distribution toolset. These efforts were dominated by cryptomining botnets (Powerghost, Lemon Duck, Mykings, just to name a few), but other high-profile malware, like Trickbot, also used the opportunity of a new infection vector. 

The presentation will cover the post-WannaCry era of the EternalBlue exploit, the most important campaigns using it, and the different approach the cybercrime groups were following in implementing the exploit (sometimes even borrowing ideas from concurrent groups). 

The presentation will cover the different approaches and solutions the cybercrime groups came up using to unlock Eternalblue. It is important to understand the sources they were using, their methods and their capabilities because it helps us prepare for future exploits and attacks.

Non-Technical

This year has surely been a turbulent one, but let us prepare for the year ahead. What threats do we need to be aware of? The presentation will cover topics like BEC, APT, Ransomware as disruption and attack engine, Financially motivated spear phishing attacks and Crime-as-a-service and the ongoing commercialization of the underground economy.

Non-Technical

While companies spend excessive amounts of money on cybersecurity, fraud, data leakage and virus protection for good reason there is one aspect that is often overlooked; the fact that 1 in 500 employees are using company assets and networks to consume child sexual abuse material (CSAM) 

While most people are aware that CSAM is produced and shared online, most people do not know how the material is consumed and shared and why the pattern of dissemination puts companies and organizations at risk.

The NetClean 2017 Report states that 65.5% of the police officers surveyed had worked on investigations where CSAM was found on workplace computers in the private sector and that there is a strong correlation between viewing CSAM and abusing children.

The NetClean 2018 report focuses not only on the insights on child sexual abuse crime from about 300 police officers around the world but also the experience and perspective of companies actively working with CSAM detection and the conclusions that can be drawn from more than 500 actual alerts that the surveyed companies have had in total.

This presentation will elaborate on how companies can display ethical leadership, strengthen company values and help plot a brighter future for children by working towards the requirements of Agenda 2030.

Non-Technical

By the end of 2020, a new Danish labelling scheme and seal for IT-security and responsible use of data will be launched and companies in Denmark will be able to apply for the seal. The labelling scheme will enhance IT-security and responsible data use and digital trust, by: – providing a solid boost of enhanced IT security, cyber security and responsible use of data to the Danish industry at large. – providing business value for the companies in question – creating increased trust among customers and consumers – making cyber security, responsible data use and digital trust a Danish & European position of strength The founding partners behind the initiative are the Confederation of Danish Industry, the Danish Chamber of Commerce, SMVdenmark and the Danish Consumer Council. The initiative is financially supported by The Danish Industry Foundation. The Danish Business Authority and The Danish Industry Foundation have an observer role on the board.

Non-Technical

This presentation builds on a real case, where a company was taken hostage by IT-criminals that were asking for a substantial ransom. The presentation will reveal how, by engaging with a professional negotiator, a company can gain significant ground compared to “going it alone”. The presentation will look into the psychological aspects involved in negotiation processes.

Technical level: Medium

In a time span of several months and person or group has conducted several campaigns against Office365 with the target to compromise credentials. The purpose of these attacks is to use that very same access that is being obtained through these campaigns to login and conduct BEC (Business Email Compromise) fraud. In this presentation we shall follow the MO of the attackers behind these campaigns, show how we were able to consistently take down all the malicious domains (more than 3000 over the past 3 months) and give insight about the infrastructure and the kit being used to do these attacks. We shall also try to follow the breadcrumbs and eventually get an idea about who’s behind these massive waves of attacks against enterprises, educational institutions and public services in Denmark and elsewhere.

Technical level: Low

While the world has struggled with the social and economic impact of the pandemic, it has become more apparent than ever that society’s woes are yet another opportunity for unscrupulous cybercriminals to exploit individuals and organizations alike. Cyber-attacks were rampant; a rapid growth in email fraud campaigns, for example, were seen the world over. Organizations around the world had to adapt their ways of working to a remote and virtual new normal. People all of a sudden became reliant on remote connectivity, access and communication/ collaboration for all aspects of their day-to-day work. The need for greater cyber threat awareness came into focus. IT Security teams, processes, procedures and infrastructure had to be re-thought, improved and hardened. Beyond a recap of some of the campaigns we witnessed, this opening conference presentation will look into an incident response case that the CSIS team worked on during this time, which will reveal some crucial insights and learnings about the things that organizations should consider as we continue to fight the good fight against cybercrime in this new reality.

Technical level: Low

It’s the start of a new decade (please no arguing about that, let’s just say it is.) The best way to start it off right is with a delightful educational rant. One of the most asked questions I receive is, “How do I become a Hacker?” I’ve been asked this so many times I literally created a webpage, iR0nin.com, on this very topic. Spoiler alert that hasn’t helped with people asking the question. So let’s not only address that topic for the next year with help from people in the industry, but there are some other things I would like to get off my chest as well, so why not lump them all together and get this party/decade started right! I promise there will be no war stories, but hopefully, some will be started with it! So prepare for some insights as well as information being delivered more loudly and probably more passionately than usual. The main objective is not to watch Jayson burn everything down to the ground, though it may appear that way, but to hear some unvarnished truth and knowledge shared for the benefit of the community we all are a part of.