Skip to main content

CCCC 2021 Presentations for Download

Ketil Clorius, Danske Bank

Silas Cutler, CrowdStrike

Peter Kruse, CSIS

Robert McArdle, Trend Micro

Jens Myrup Pedersen, Aalborg University Copenhagen

Lukas Stefanko, ESET

Richard Stiennon, IT-Harvest

Paul Vixie, Farsight

Christian Rykov, CSIS/Frederik Stengaard Hansen
Fellowmind

Fighting the fraudsters with a holistic approach

Modeling Chaos: Rethinking Supply Chain Compromise

A deep dive into the Conti RaaS business model

The evolution of a modern ransomware Group

AI – Why the attackers are winning the race, and what we can do about it

Android employee monitoring apps: Not all of them protect the business

We Are Not Prepared for Technology Supply Chain Attacks

Using Protective DNS to Disrupt Online Criminal Infrastructure

Securing a cloud journey 1.1

The download file is password protected. The password was sent to all conference participants after the event. In case you attended the conference, but can’t find the password anymore, please, send an email to mah(@)csis.dk in order to have it resent.

The Changing Face of the Cybercrime Threat

Neil Mullins, National Crime Agency UK

Non-Technical

An overview of the serious and organised cyber crime threat and how it continues to evolve, with cybercriminals adapting their business models and taking advantage of every opportunity, both domestically and internationally, to perpetrate cyber crime. And what Law Enforcement in the UK are doing to evolve our response, working in partnership with national, regional, and foreign law enforcement agencies and private industry partners to tackle the threats.


Supply Chain Attacks – Real World Scenarios and Lessons Learned

Stefan Tanase, CSIS

Technical level: Medium

Supply chain attacks have become increasingly dangerous, growing exponentially every year both in terms of numbers and sophistication. The point has now been reached where supply chain attacks do not exclusively belong to the APT realm, but other threat actors such as cybercrime groups are capable of successfully exploiting supply chains for financial gain. High profile cases such as Solarwinds or Moserpass have kept researchers and incident responders around the world awake at night, to save the day. This talk will take you through several real-world supply chain attack scenarios, focusing on exclusive insights gained and lessons learned by CSIS experts about the current state of the supply chain threat, as seen from the first line of large-scale supply chain incident response and cyber threat intelligence.


Cyber Security as a strategic priority for Danish Governmental IT

Michael Ørnø, Statens It

Non-Technical

Agency for Governmental IT (Statens It) has existed since 2010, when it was created through a merger of several government it departments. Since then the agency has grown to cover the majority of departments in Danish government. The agency’s primary tasks are it-operations, service management and infrastructure management. Cybersecurity has grown to be a strategic priority due to the growing threat level and our increased footprint in the Danish government’s critical it-infrastructure. Michael Ørnø will walk through the major initiatives and principles that drives the cybersecurity agenda. The topics will cover technical, organizational, process and compliance activities.


Securing a cloud journey 1.1

Christian Rykov, CSIS Security Group
Frederik Stengaard Hansen, Fellowmind

Technical Level: Low

There are many new security pitfalls you need to be aware off when moving your infrastructure and applications to the cloud. In this presentation we will cover these pitfalls and how they map into MITRE ATT&CK.


Modeling Chaos: Rethinking Supply Chain Compromise

Silas Cutler, CrowdStrike

Technical level: Low

Over the past few years, we witnessed the increased impact of supply chain compromises carried out by nation states. In this talk, we will examine what constitutes a supply chain compromise, explore their distinct operational elements and establish a new taxonomy to model these threats. By exploring the overlaps between these campaigns, we will learn to better understand the forces driving these incidents, in order to help us better respond in the future.


Cyber Immunity for Cyber Age

Eugene Kaspersky, Kaspersky
 

Technical level: Low

The data-driven industrial revolution that is taking place right now is doing so more rapidly than any tech innovation in history and it is gradually impacting every sector of the global economy. With everything – and everyone – computerized, cybersecurity is one of the main concerns for numerous businesses and organizations. Today’s cybersecurity is about more than just protecting endpoint devices – it is critical part of business and production processes. The current cybersecurity landscape requires a drastically different approach – a transition from ‘cybersecurity’ to ‘cyber-immunity’, where the cost of a cyberattack is greater than the cost of the damage. Information systems should be designed and built to secure an ecosystem where everything is connected.


Cyber Disruption

Mikko Hyppönen, F-Secure

Non-Technical

Technology shapes the world. The more successful a new technology becomes, the more reliant we will become of it. This has always happened and will happen in the future too. In many ways, internet is the best and worst innovation done during our lifetime. How did we get here? And where will we go next?


Artificial Intelligence: Why the attackers are winning the race, and what we can do about it

Jens Myrup Pedersen, Aalborg University Copenhagen

Technical level: Low

Artificial Intelligence (AI) is often designated as a game changer when it comes to prevention and detection of cyber attacks. However, AI is also attractive for the attackers: Whether they are using data driven approaches to improve the efficiency of e.g. phishing emails, or if they are circumventing detection systems by either cheating the algorithms or poisoning the models with false data. In this talk we take the attackers perspective and understand how beneficial AI really is from their side, and we discuss how we can prepare ourself against this development.


Get your feet wet in the sea of cyber threat intelligence

Martin Lynge Hansen, CSIS
Søren Bjerregaard Vrist, CSIS

Technical level: Medium

Get your feet wet in the sea of cyber threat intelligence and learn how CSIS attempts to derive meaningful insight from a plethora of disparate observations while minimizing lead time from initial data ingestion to final decision. We’ll cover some pitfalls, our learnings, some use cases and how one central system is now currently underpinning most of our intelligence.


Using Protective DNS to Disrupt Online Criminal Infrastructure

Paul Vixie, Farsight Security, Inc

Technical Level: Low

It has long been the practice within managed secure networks to monitor and filter network traffic to discover threats via endpoint behaviour and to avoid those and other threats using firewall and other policy. The infrastructure service most in need of such security enhancements is the Domain Name System (DNS), and there are several modern technologies by which a Security Operations team can monitor and protect their DNS. In this talk, Dr. Paul Vixie, CEO of Farsight Security, will explain the motives, methods, and obstacles to deployment of Protective DNS in a managed secure network. He will also discuss the benefits and hazards of outsourced (cloud) DNS compared to on-premise / on-network DNS, and the trade-offs of open source vs. appliance solutions.


RDPwned: Largest Underground Marketplace Disruption

Vitali Kremez, Advanced Intelligence LLC

Technical level: Low

 


We Are Not Prepared for Technology Supply Chain Attacks

Richard Stiennon, IT-Harvest

Non-Technical

Stiennon uses the examples of supply chain attacks in Athens in 2004, FLAME, the TAO Catalog, NotPetya, and SolarWinds, to demonstrate that we are not prepared for future attack scenarios. He examines the mythical Farewell Dossier incident from last century where the US gives itself credit for destroying a Soviet pipeline. He concludes by painting a picture of what would be required to defend an organization from these types of attacks.


Fighting the fraudsters with a holistic approach

Ketil Clorius, Danske Bank

Non-Technical

The fight against the fraudsters can be compared to an arms race: criminals are constantly developing their methods in their attempts to find weaknesses in both systems and human nature. In the financial sector, Danske Bank is trying to make use of the shared knowledge, data and latest technology to both protect its customers while fighting the criminals. Global Head of Fraud Management, Ketil Clorius, will give you an introduction to his department, how it operates and share the latest fraud trends which challenges Danske Bank and its customers in 2021 and how we should fight them.


Android employee monitoring apps: Not all of them protect the business

Lukas Stefanko, ESET

Technical level: Low

Based on our telemetry, popularity of using Android monitoring applications and customers’ willingness to pay and trust of these vendors, we decided to inspect over 80 the most popular vendors to analyze their security. Since these applications are known to monitor its users and gather, transmit and store user PII. Considering employee uses the smartphone not only for personal but also corporate related tasks, this means that data leaks might impact both parties significantly. We discovered vulnerabilities in these products, once exploited, could result in serious impact such as account takeover, user data leaks, removing accounts without authorization, credentials leaks over the network and on-device, admin console access without restriction or even using fabricated data to frame the monitored person. We reported various security issues to affected service providers; only around 12% has fixed these issues. This talk will help to create an accurate picture of these apps, security issues, and the developers’ lack of responsibility to their clients and their data.


A deep dive into the Conti RaaS business model

Peter Kruse, CSIS Security Group

Technical level: Medium

The group of individuals around the Conti Ransomware as a Service first entered the threat landscape in mid-2020. It has since grown its business with numbers of affiliates and with such a pace that it is now considered one of the major threats when it comes to ransomware. Besides encrypting victims’ data, it uses a human-operated “double extortion” approach that consists in harvesting data and threatening the victims to leak it if the ransom is not paid. This obviously puts further pressure on the victim. Conti makes use of an inhouse implementation of AES-256 that utilizes up to 32 individual logical threads, which highly increases the speed of encryption compared to other ransomware variants. This makes it very efficient in the encryption process with the change of a large number of impacted endpoints before symptoms of a mass compromise occur. In August 2021, an unknown and possible affiliate of the Conti RaaS decided to leak a lot of internal documents, software and manuals shared amongst affiliates as part of the Conti RaaS service. This material clearly shows a high level of business matureness and professionalism in the away the service is operated and maintained. Conti has hit many companies in Denmark causing significant loses and damage to brand reputation. This presentation will look at Conti based on gathered threat intelligence, analysis of leaked documents and software and case stories on how the criminals penetrate and gain elevated rights in a Microsoft environment. It will also focus on what to do to avoid becoming a victim of ransomware crooks and how the constantly expanding business of cybercrime continues to impact enterprises worldwide.


From RATs to extorting multibillion companies: The evolution of a modern ransomware group

Robert McArdle, Trend Micro

Technical level: Medium

Ransomware gangs are cybercrime enemy number one for businesses today. Gone are the days when you can hope for a flaw in their encryption setup that would allow for creation of a decryption tool. When combined with highly targeted attacks and the new added extortion of data leakage, defending against modern ransomware gangs is an extremely difficult task. In this talk we’ll examine the details of techniques, tactics and procedures of a ransomware gang active since at least March 2020, which despite some opsec failures, still manages to put more than 100 billion dollars of revenue at risk. We’ll share the developments of the current investigations, trends and tools they use to compromise networks and victimise companies worldwide. Using this group as a case study for this entire trend, you’ll learn how groups like this operate, which tools they use, for which purpose, what to expect from this model and what weaknesses can be used to better defend your company against similar ransomware groups models.


Investment scam and the psychology behind it

Jan Kaastrup, CSIS Security Group
Michael Sjøberg, Human Advisor Group

Technical level: Low

This presentation will give you an insight into how people are being frauded by IT-criminals. The presentation contains details from some of the latest attacks CSIS have been investigating including audio recordings with the fraudsters and the ECO system they build to support the scams.


        CSIS Security Group A/S, Vestergade 2B, 4th floor, 1456 Copenhagen