CCCC 2022 Presentations

Technical level: Low

Ransomware attacks are a big problem. Any company, any business, and IT infrastructure can potentially become the next victim of organized crime groups demanding to be paid to provide a tool for decrypting the files they kidnapped. And few targets are as vulnerable or as critical as hospitals. This talk covers a number of cases of ransomware attacks on hospitals, including the why, the gory (not bloody, though) details, and the facepalms.

Technical Level: High

In this talk we will dive into the investigation of one of our incidents from the initial attack to recovery from the incident. The topic will cover technical details including malware reverse engineering, writing decryptor for encrypted files and data recovery.

Technical Level: Medium

While spending a lot of time with creatures the infosec world refer to as EDRs, we’ve learned that they lack detections that leave their host (the organizations) open to major cyberattacks, as it relies on them to be its last frontier. Attack vectors of that nature (such as Webshells) are too often being used to bypass machine learning capabilities and lead to a fully blown security breach. Manually tuning every the EDR, generating rules and workflows is a long and tedious task. To speed up that process, we built a small engine we refer to as Autonomous Enrichment. Its main role is to analyze incidents and find accurate threat similarities (TTPs) to increase prevention capabilities. In this talk we will share what is enrichment, why is it needed and how you as an organization or company can boost your security solutions.

Technical level: Low

This presentation will be a case study based on USPS[.]com accounts which were recovered or found to be for sale on various dark web markets. We will discuss the controlled buy of a few of these accounts, followed by analysis of the purchased accounts in an attempt to determine the remaining accounts listed for sale on the dark web. We will discuss partnering with USPS to protect the customer and business by taking action on the identified accounts for sale on the dark web. We will also discuss the need to address dormant accounts in order to lower the exposure of the customer and the merchant in the event of future account takeovers or compromises.

Technical level: Low

To build a resilient cyber security system, intelligence is key; both to understand the current threat landscape and to see how trends are leading to new threat scenarios in the future. This talk will focus on the different use cases throughout the security organization, with examples from current events. We will also discuss how automation of the “intelligence cycle” allows for more comprehensive intelligence collection and analysis at speed and at scale.

Non-Technical

If we are to meet global climate goals, the global installed capacity of wind energy must grow from around 700  GW today, to around 8000 GW by 2030. To ensure a strong foundation is in place to support this growth, the digitalisation of renewables assets is rapidly increasing. Our networks of intelligent, connected devices are becoming larger and more complex, demand for remote asset management is growing, and the possibilities to make service solutions more efficient with digital innovation are more exciting than ever before. As these trends rapidly converge, how should business owners prepare for the cyber security threats that come with them? And how can a global organisation be effectively mobilised to respond under threat? Christian Venderby, Executive Vice President and Chief Service Officer at Vestas shares his insights. 

Technical Level: Low

This presentation will give the audience a unique insight into the different stages of a Conti ransomware attack.
It will reveal how sophisticated the ransomware attacks have become, and why communication with the perpetrator is paramount to stay in control.
Further, it will give an exclusive insight into how the perpetrator’s mind works.
This presentation has never been shown to the public before.

Technical level: Low

In recent years, resilience has become an important topic among many organisations as they strive to manage risks to their key services.  More than ever, the ability to prepare for and respond proactively to threats in a fast moving world need to be informed by what is on the horizon and in the external environment.  We are also operating in increasingly interconnected organisations where risks to supply chains and technologies are often shared.  This presentation will share learnings and experience from developing threat intelligence capabilities in a number of organisations and how intelligence can help to inform and manage risks to resilience.

Technical Level: Low

What goes on when you’ve been hacked, and what happens in the upcoming Incident Response? This talk recounts experiences made during past engagements that CSIS has had in the past, and which teachings they can provide.

What does an IR look like, and what goes on behind the scenes?
Which procedures are used, which steps are taken, and which steps you definitely shouldn’t take?
What does a timeline for an IR typically involve?

Non-Technical

Gender gap in the STEM area has been one of the major issue, both in education and among IT professionals. The attempt to bridge that gap is quite challenging, considering the low number of females applying for (and even less, finishing) their education in IT. We will explore how supportive community can fuel the change, by inspiring women to pursue education in IT and motivating and empowering them to continue their professional growth and development.

Technical Level: Low/Medium

As cyber-criminals continue to strive for increased resilience of their financial, social and technical infrastructure, the new dark web emerges as an opportunity for threat intelligence gathering. This talk will look at the evolution of the dark web, from the perspective of a cyber threat intelligence team and will tell the story of how CSIS is leveraging the new dark web to proactively hunt for fresh, high-confidence and actionable data.

Non-Technical

Digital Transformations often focus on external, customer facing aspects of a business but how do we create or modify internal processes, experiences, and culture in the information security domain? Marko will take you along on his journey to apply concepts of a digital transformation to the LEGO Group’s Counter Threat Unit to improve efficiency, value, and innovation and his thoughts on how to measure success in the context of the Unit’s detection and response mandate.

Non-Technical

The NIS2 directive was passed in May 2022. Critical infrastructure sectors now have until the end of 2023, to comply with the new guidelines for a common security level across the European union. This session will help you get an understanding of what this means for your Incident response procedures and digital resilience requirements.