Skip to main content

CCCC 2023 Presentations

Bridging the Gap: Mitigating Ransomware Risks through Data and Risk Quantification

Erik Sørup Andersen, Gaffri Johnson 
Risk Measure


This talk focuses on ransomware attacks and emphasizes the important relationship between operational security and risk management. The speaker aims to provide the audience with valuable insights and key takeaways by utilizing data and risk quantification techniques. The talk will focus on the complexities of ransomware threats, explore strategies to bridge the gap between operational security and risk management, and emphasize the significance of data-driven decision-making. Practical approaches to assess, mitigate, and respond to ransomware incidents will be discussed, enabling organizations to enhance their security posture and protect against potential risks.

Incident Response – Do Too Many Cooks Really Spoil the Broth?

Mathias Fuchs, SANS Institute

Technical level: Medium

Mathias will talk about how large scale incident response can benefit from collaboration between a number of different entities like internal and external Responders, Government, Police, Communication Companies and legal Companies. Whenever multiple entities are involved, it’s important to clearly get the most out of every single player in the IR game. That requires a clever setup that leverages the strong points of every entity in the temporary organisation that automatically forms when working on large scale incidents. This talk will shed some light on strategies and little tricks that make sure that you’ll be able to create an environment that supports a fast resolution of major breaches in your network.

Information Sharing – Sounds like a good idea but where do I start and how do I get the approvals?

Errol Weiss, Health-ISAC, Inc.


Information sharing programs have many advantages. But how do you get started? How do you maximize the value for your company? We’ll cover guidelines and best practices for effective information sharing and address real and perceived barriers caused by laws, regulations, corporate policies and lack of support. Learn about the benefits of information sharing and how to work through obstacles to create an information sharing program. Basic case studies will show what information sharing looks like, plus we’ll cover practical implementations of information sharing happening today in Europe and globally. Attendees will receive a template to develop a custom Information Sharing program within their own organization.

Centralized, Normalized Cyber Threat Intelligence for Collaboration and Sharing

Søren Bjerregaard Vrist, CSIS Security Group


For 20 years the APWG has shown you can share cyber threat data at scale. The Security Industry, Government Agencies, Academia, Law Enforcement as well as both Country and Industry CSIRT/CERT groups, the APWG member organizations cover all aspects of cybersecurity. Much the same as the World Health Organization depends on global partners to track the spread and disseminate treatment information about pathogens, the APWG’s eCrime Exchange (eCX) provides a data sharing platform where malicious sites are tracked then provides that data to member for security purposes.  This session will showcase not only APWG’s eCX platform but also highlight different ways APWG works to promote cybersecurity.

Collaborating on Threat Data: When We Share We Protect More People

Foy Shiver, APWG (Anti-Phishing Working Group)

Technical level: Low

To build a resilient cyber security system, intelligence is key; both to understand the current threat landscape and to see how trends are leading to new threat scenarios in the future. This talk will focus on the different use cases throughout the security organization, with examples from current events. We will also discuss how automation of the “intelligence cycle” allows for more comprehensive intelligence collection and analysis at speed and at scale.

Cybersecurity Is a Crucial Part of ESG — and a Core Business Responsibility

Jan Ståhlberg, Trill Impact


Digital trust is already a key pillar supporting an organization’s success and effective contribution to its employees, customers, shareholders, and its wider ecosystem and, as such, it needs to be managed proactively and holistically.
The need for Environmental, Social & Governance (ESG) frameworks in business is well established and leading companies across all sectors have adopted them strategically and operationally. Yet while cybercrime is, more than ever, a pervasive and imminent threat that affects businesses, governments, and societies, cybersecurity is still and all-too-often seen as a domain for technically focused departments, leading to a fundamental disconnect and problematic silo effect.
Furthermore, considering the nature and extent of the damage inflicted by cyber-attacks, adequate cyber risk management and protection are key enablers without which a company cannot expect to operate successfully or sustainably. 
In a risk management context, businesses need to integrate cybersecurity into their ESG frameworks to ensure a proactive and impact-oriented approach. 
This is an urgent leadership responsibility.

Demystifying AI in Cyber Security

Marley Hasselbach, Darktrace


“AI” is undeniably a key term of our time. The media attention around ChatGPT highlights the rise of Offensive AI, and at the same time, security teams are stepping up in this fight, leading to a “cyber arms race.” Even so, the mystery remains: do we really understand AI in cybersecurity? The buzz around AI and machine learning is creating confusion, leaving security teams overwhelmed about the many options available. In this session,Marley Hasselbach will discuss the definition of true Artificial Intelligence and its capacity to revolutionise the security of the entire digital ecosystem.

Demystifying the MacOS Attack Chain and Empowering User-based Security.

David Jacoby, Sprinkler Security Sweden

Technical level: Medium

What actually happens when you click on a malicious link or open that attachment? What about the debate that MacOS is more secure than for example Windows? I will in my presentation go through an MacOS Attack Chain by doing a live hacking session attacking a fully up to date MacOS computer explaining what happens when and if your computer actually gets compromised. What can the hackers actually do with your computer? I will be bypassing password managers, extracting critical information, installing backdoors and much more. This presentation will demonstrate the consequences of bad security but also the importance of collaboration between employees and the it departments. To really achieve good security we cannot only rely on technology we also need to use the power of protection from our users too.

Posture of Identity Security in a Cybersecurity Program

Sami Mäkelä, ID North

Technical Level: Low

Having an overall and active Cybersecurity program is crucial in any organization to navigate today’s threat landscape. For an effective program you need to promote collaboration between the different security areas, e.g. network, application, data, identity, risk, and compliance, and ultimately the collaboration also needs to align with the business. A fundamental element facilitating the collaboration across the areas is Identity Security. This talk  covers how Identity Security supports Cybersecurity collaboration and how it brings value both from a security and business perspective.

Security Convergence: Combining Forces

Patrick Miller, Ampere Industrial Security


The worlds of Physical and Cyber Security used to be separate and distinct. Technology and practice are forcing them together, and soon, they will be hard to tell apart. Already, you don’t have Cyber Security without Physical Security. And if your Physical Security system is hacked, it’s useless or worse – used against you. Balancing the convergence can have challenges in operations, management and architecture. In this presentation you will hear successes, failures and forecasting on this new landscape for converged security.

Hacking Is a Race — We Need Fitness, Not Fear

Karsten Nohl, SRLabs

Technical Level: Medium

The methods used by hackers seem mysterious and guarantee exciting Hollywood moments. In the real world, we are making little progress towards effective hacking defense because we are individually afraid of hackers instead of joining forces in preparing to race them.

To manage hacking risks, we must replace exciting fiction with boring facts and regular cyber fitness trainings. Regular measurements and decentrally organized resilience initiatives de-mystify information security and reach the necessary level of cyber fitness.

We go over five basic processes that we can all contribute to and answer ‘what does good look like in cyber?’.

Building Cyber Resilience over the Long Term Is a Team Sport

Rasmus Rasmussen


Human nature is highly adaptable. So are organizations. In the face of a crisis, we react, we adapt, we resolve, we learn, and we move on. But do we always internalize what has happened? No, we don’t. Circumstances change, people change, priorities change. Maintaining focus on building cyber resilience over the long term is a challenge.

In 2019, Demant experienced a major cyber incident. Following the incident, Demant was very candid about sharing its insights, lessons learnt and its go-forward strategy. Now, nearly four years later, the company continues to evolve and execute on that strategy.

How has Demant ensured a continued focus on building cyber resilience?

What has it taken to build and maintain the internal alignment and organizational support required?

How does the company ensure that other priorities do not manifest to the detriment of cybersecurity?

Beyond a refresher on what happened in 2019, this presentation will provide insights to the questions above and others, helping develop an understanding of how organizations can ensure continued and long-term focus on cyber resilience.

Insights into the Cyberwar: Ukraine 2022-2023

Anton Cherepanov, Robert Lipovsky, ESET

Technical Level: Medium

Since before Russia invaded Ukraine, we have been witnessing firsthand the numerous cyber-operations supporting ground operations. Our presentation details the most notable cyberattacks against Ukrainian organizations by Sandworm, and other Russian APT groups.

We share our unique perspective of the evolution of these Russian hackers’ malware, TTPs, and modus operandi.

We examine the latest attack against Ukraine’s power grid using Industroyer2 and outline how we worked with CERT-UA to thwart the attack.

Next, we look at the evolution of Sandworm’s disruptive wiper and faux ransomware campaigns – from the HermeticWiper campaign that we discovered only hours before the invasion, to the more recent RansomBoggs attack.

With the end of the (cyber)war nowhere in sight, we will also cover any noteworthy developments we’ll uncover throughout 2023.

“What Goes Around, Comes Around” – the Power of Collaboration.

Andrada Son, CSA CPH


We live in a world that is going through constant change, and cybersecurity is a field that gets more and more challenging – but YOU ARE NOT ALONE! The people in this industry are driven by passion for their field, and will always be willing to share knowledge, ideas, experiences…  

With that in mind, the talk will shed light on the shared value of supporting and being active in cybersecurity communities and why companies should get involved. It will address the importance of either building your own community or joining existing ones. 

Advantages of Collaborating with Law Enforcement and Hosting Providers in IR Investigations

Anton Kalinin, Jan Kaastrup, CSIS

Technical Level: Medium

This presentation unveils a ransomware case study where the collaboration between law enforcement and hosting providers proved transformative in the investigation and risk assessment. Witness the game-changing impact of these partnerships, accelerating incident response and mitigating threats effectively. Join us to explore the power of collaboration, illuminating the benefits of working with law enforcement and hosting providers in IR investigations.

A Dark Market Disruption: An International Collaborative Effort

Brett Lerner, FBI

Technical Level: Medium

This presentation will provide a behind the scenes background into the collaborative efforts taken to take down a dark market, and the public and private sector partners that came together to make the actions possible.

A Study in Phishing Seen as a Nordic Financial Institution

Thomas Stig Jacobsen, Lunar

Technical Level: Medium

Both in 2022 and in 2023, phishing against Nordic financial institutions such as Lunar has been on a high. These attacks have been targeting both employees and customers. I will be presenting some of the significant campaigns we have seen and how the trends have changed from the end of 2022 to 2023. 

So You Got Ransomware! What You Gonna Do Now?

James Kwaan, Lloyds Banking Group
Michael Sjøberg, Delta Crisis Management

Technical Level: Medium

When an incident happens what do you do next ? We will discuss what threats and evolving challenges you need to worry about ? We will go deeper behind the current threats. A case study will demonstrate essential points to consider for effective collaboration when a cyber incident hits your organization. Finally, a summary of potential recommendations which you can consider for your organization.

A study on Cloud Incident Response

Frederik Stengaard Mehlsen, Fellowmind


As an organization adopt more and more cloud services, responsibilities in case of an attack changes. This session will guide you through real life examples of incident response in hybrid infrastructures and show how cloud vendors have helped organizations recover through close collaboration.

The Future of Cybersecurity. Are We Clutching at Straws?

Peter Kruse, Clever


Being in this business for more than two decades, have taught me a lot. The topic for Cyberhagen this year, is collaboration. But this can perhaps only be achieved with community- and individual trust and a strong public/private collaboration.

How do we improve in a situation where the criminals are getting more and more organized, and the battlefield has become the Internet?

What weapons do we have at hands to make a change?

        CSIS Security Group A/S, Vestergade 2B, 4th floor, 1456 Copenhagen