Technical level: Medium

Supply chain attacks have become increasingly dangerous, growing exponentially every year both in terms of numbers and sophistication. The point has now been reached where supply chain attacks do not exclusively belong to the APT realm, but other threat actors such as cybercrime groups are capable of successfully exploiting supply chains for financial gain. High profile cases such as Solarwinds or Moserpass have kept researchers and incident responders around the world awake at night, to save the day. This talk will take you through several real-world supply chain attack scenarios, focusing on exclusive insights gained and lessons learned by CSIS experts about the current state of the supply chain threat, as seen from the first line of large-scale supply chain incident response and cyber threat intelligence.

Non-Technical

Agency for Governmental IT (Statens It) has existed since 2010, when it was created through a merger of several government it departments. Since then the agency has grown to cover the majority of departments in Danish government. The agency’s primary tasks are it-operations, service management and infrastructure management. Cybersecurity has grown to be a strategic priority due to the growing threat level and our increased footprint in the Danish government’s critical it-infrastructure. Michael Ørnø will walk through the major initiatives and principles that drives the cybersecurity agenda. The topics will cover technical, organizational, process and compliance activities.

Technical Level: Low

There are many new security pitfalls you need to be aware off when moving your infrastructure and applications to the cloud. In this presentation we will cover these pitfalls and how they map into MITRE ATT&CK.

Technical level: Low

Over the past few years, we witnessed the increased impact of supply chain compromises carried out by nation states. In this talk, we will examine what constitutes a supply chain compromise, explore their distinct operational elements and establish a new taxonomy to model these threats. By exploring the overlaps between these campaigns, we will learn to better understand the forces driving these incidents, in order to help us better respond in the future.

Technical level: Low

The data-driven industrial revolution that is taking place right now is doing so more rapidly than any tech innovation in history and it is gradually impacting every sector of the global economy. With everything – and everyone – computerized, cybersecurity is one of the main concerns for numerous businesses and organizations. Today’s cybersecurity is about more than just protecting endpoint devices – it is critical part of business and production processes. The current cybersecurity landscape requires a drastically different approach – a transition from ‘cybersecurity’ to ‘cyber-immunity’, where the cost of a cyberattack is greater than the cost of the damage. Information systems should be designed and built to secure an ecosystem where everything is connected.

Non-Technical

Technology shapes the world. The more successful a new technology becomes, the more reliant we will become of it. This has always happened and will happen in the future too. In many ways, internet is the best and worst innovation done during our lifetime. How did we get here? And where will we go next?

Technical level: Low

Artificial Intelligence (AI) is often designated as a game changer when it comes to prevention and detection of cyber attacks. However, AI is also attractive for the attackers: Whether they are using data driven approaches to improve the efficiency of e.g. phishing emails, or if they are circumventing detection systems by either cheating the algorithms or poisoning the models with false data. In this talk we take the attackers perspective and understand how beneficial AI really is from their side, and we discuss how we can prepare ourself against this development.

Technical level: Medium

Get your feet wet in the sea of cyber threat intelligence and learn how CSIS attempts to derive meaningful insight from a plethora of disparate observations while minimizing lead time from initial data ingestion to final decision. We’ll cover some pitfalls, our learnings, some use cases and how one central system is now currently underpinning most of our intelligence.

Technical Level: Low

It has long been the practice within managed secure networks to monitor and filter network traffic to discover threats via endpoint behaviour and to avoid those and other threats using firewall and other policy. The infrastructure service most in need of such security enhancements is the Domain Name System (DNS), and there are several modern technologies by which a Security Operations team can monitor and protect their DNS. In this talk, Dr. Paul Vixie, CEO of Farsight Security, will explain the motives, methods, and obstacles to deployment of Protective DNS in a managed secure network. He will also discuss the benefits and hazards of outsourced (cloud) DNS compared to on-premise / on-network DNS, and the trade-offs of open source vs. appliance solutions.

Technical level: Low

Non-Technical

Stiennon uses the examples of supply chain attacks in Athens in 2004, FLAME, the TAO Catalog, NotPetya, and SolarWinds, to demonstrate that we are not prepared for future attack scenarios. He examines the mythical Farewell Dossier incident from last century where the US gives itself credit for destroying a Soviet pipeline. He concludes by painting a picture of what would be required to defend an organization from these types of attacks.

Non-Technical

The fight against the fraudsters can be compared to an arms race: criminals are constantly developing their methods in their attempts to find weaknesses in both systems and human nature. In the financial sector, Danske Bank is trying to make use of the shared knowledge, data and latest technology to both protect its customers while fighting the criminals. Global Head of Fraud Management, Ketil Clorius, will give you an introduction to his department, how it operates and share the latest fraud trends which challenges Danske Bank and its customers in 2021 and how we should fight them.

Technical level: Low

Based on our telemetry, popularity of using Android monitoring applications and customers’ willingness to pay and trust of these vendors, we decided to inspect over 80 the most popular vendors to analyze their security. Since these applications are known to monitor its users and gather, transmit and store user PII. Considering employee uses the smartphone not only for personal but also corporate related tasks, this means that data leaks might impact both parties significantly. We discovered vulnerabilities in these products, once exploited, could result in serious impact such as account takeover, user data leaks, removing accounts without authorization, credentials leaks over the network and on-device, admin console access without restriction or even using fabricated data to frame the monitored person. We reported various security issues to affected service providers; only around 12% has fixed these issues. This talk will help to create an accurate picture of these apps, security issues, and the developers’ lack of responsibility to their clients and their data.

Technical level: Medium

The group of individuals around the Conti Ransomware as a Service first entered the threat landscape in mid-2020. It has since grown its business with numbers of affiliates and with such a pace that it is now considered one of the major threats when it comes to ransomware. Besides encrypting victims’ data, it uses a human-operated “double extortion” approach that consists in harvesting data and threatening the victims to leak it if the ransom is not paid. This obviously puts further pressure on the victim. Conti makes use of an inhouse implementation of AES-256 that utilizes up to 32 individual logical threads, which highly increases the speed of encryption compared to other ransomware variants. This makes it very efficient in the encryption process with the change of a large number of impacted endpoints before symptoms of a mass compromise occur. In August 2021, an unknown and possible affiliate of the Conti RaaS decided to leak a lot of internal documents, software and manuals shared amongst affiliates as part of the Conti RaaS service. This material clearly shows a high level of business matureness and professionalism in the away the service is operated and maintained. Conti has hit many companies in Denmark causing significant loses and damage to brand reputation. This presentation will look at Conti based on gathered threat intelligence, analysis of leaked documents and software and case stories on how the criminals penetrate and gain elevated rights in a Microsoft environment. It will also focus on what to do to avoid becoming a victim of ransomware crooks and how the constantly expanding business of cybercrime continues to impact enterprises worldwide.

Technical level: Medium

Ransomware gangs are cybercrime enemy number one for businesses today. Gone are the days when you can hope for a flaw in their encryption setup that would allow for creation of a decryption tool. When combined with highly targeted attacks and the new added extortion of data leakage, defending against modern ransomware gangs is an extremely difficult task. In this talk we’ll examine the details of techniques, tactics and procedures of a ransomware gang active since at least March 2020, which despite some opsec failures, still manages to put more than 100 billion dollars of revenue at risk. We’ll share the developments of the current investigations, trends and tools they use to compromise networks and victimise companies worldwide. Using this group as a case study for this entire trend, you’ll learn how groups like this operate, which tools they use, for which purpose, what to expect from this model and what weaknesses can be used to better defend your company against similar ransomware groups models.

Technical level: Low

This presentation will give you an insight into how people are being frauded by IT-criminals. The presentation contains details from some of the latest attacks CSIS have been investigating including audio recordings with the fraudsters and the ECO system they build to support the scams.