Cyberhagen 2024 Presentations

Non-technical

Jysk Energi experienced a cyber incident that disrupted their operations. This case study explores the challenges faced by the company in maintaining business continuity, the technical measures implemented, and the lessons learned from the incident. It provides valuable insights into the importance of cyber security and incident response planning.

Technical Level: Low

In the digital arena where cyber threats loom large, the fusion of cybersecurity and identity security practices has become a strategic imperative. This talk unveils the critical juncture at which we stand—where identities are not just assets but the frontline in the war against cyber incursions. It’ll delves into the current landscape of identity security, unraveling the practical implications of an Identity Fabric approach and the pivotal role of Identity Threat Detection and Response (ITDR) in fortifying our digital defenses. Join us as we navigate the complexities of safeguarding our cyber assets in an era where identity is both the shield and the target.

Non-technical

Just as the threat landscape evolves and changes around us, so too must the role of the CISO. For a CISO to drive an effective agenda, the role must embrace complexity and understand the significance of implementing new methodologies to enhance cybersecurity practices, the necessity of aligning IT and OT interests for a secure infrastructure, and the value of repositioning security as a driver of business success rather than just a cost center. These key points can guide organizations in strengthening their cybersecurity strategies and aligning them with their overall business objectives. 

Technical level: Medium

Since the increasing integration of artificial intelligence (AI) into various popular technical solutions, including the adoption of ChatGPT, the AI revolution has gained significant momentum, accompanied by concerns. “Is there a risk that AI will become more intelligent and skilled than humans, potentially leading to a Skynet scenario?”

While AI brings numerous benefits, it has also attracted attention from criminals who see an opportunity to leverage AI for developing malware and orchestrating various types of fraud schemes. Some of these are now being offered as Crime as a Service.

This presentation will delve into the current malicious use of AI and showcase some of the services being offered, including the on-the-fly generation of malware and content for phishing.

Technical level: Medium

Currently cybersecurity is pretty much “one size fits all” with different policies often based on organizational or departmental groups combined with prioritized assets. It’s about time we approached Cybersecurity in a different way that takes into account the individual human risk as a key context factor.

Payload-less attacks such as Business Email Compromise are still a very costly problem and often leverage existing supply chain relationships and rely on certain users making exceptions – despite knowing better – that can be extremely costly.

In this talk we will take a closer look at the sequence of events in such an attack and how the individual human risk factor can help prioritize and increase efficiency both on a protection level, incident response and even preventive/behavioral level. We will also provide some best practice guidance to improve your risk management by focusing on risk quantification and loss avoidance.

Technical Level: Medium

Threat Analysis Group (TAG) tracks serious threat actors and works across Google and the industry to disrupt them. Some financially motivated actors are accumulating significant monetary gains by infecting millions of devices, yet they are rarely discussed by the security industry because their motivation does not revolve around credential theft or extortion.

This presentation will provide end to end details on some of the most widely distributed threats tracked by TAG. We will show how actors are monetizing infections through means that are not frequently discussed, including search hijacking, traffic proxying, accounts hijacking, and crypto wallet transaction hijacking.

This presentation will cover how malicious actors are investing significant efforts in bypassing multiple security mechanisms. Furthermore, we will present countermeasures, developed based on TAG’s analysis, that have been deployed across Google. These changes affect multiple products and help protect billions of users.

Technical Level: Low

Significant cybersecurity incidents are not only about forensics, technical restore and sending a form to the Data Protection Agency. They involve a broad range of dilemmas and issues that require a close collaboration between technical and non-technical functions. Understanding the technical as well as the non-technical issues related to an effective incident response makes a huge difference in practice, both operationally, financially, and legally. The talk will include real-life experiences from major cybersecurity incidents and provide insights into do’s and don’ts during emergency incident response cases, including when collecting evidence, notifying authorities, considering payment, assessing data exfiltration, and dealing with stakeholders with potential differing interests.

Technical level: Medium

Have you ever received a phishing SMS or mail to have a package redelivered? If so, you’ve likely been an intended victim of this group. Gain a deeper understanding of how the scam works (which is more complex than most people realize) by diving into the workings of this 3,000+ member Chinese-language smishing group involved in global targeting of victims by way of impersonating logistics providers, governments, ecommerce sites, and large institutions. Their activity, most visible from early-2023 represents the largest ongoing package redelivery phishing campaign we’ve ever observed. This presentation will cover the actor, campaigns, victims, cash out mechanisms, technical aspects of the kits, and more. Intended for both technical and non-technical audiences.

Non-technical

How do the Danish police contribute to international investigations against organized cybercriminals? The National Cybercrime Centre (NC3) from the Danish Special Crime Unit will introduce approaches to fighting cybercrime and share insights into recent cybercrime investigations. NC3 reflects on the right balance between a reactive, incident-based handling of ransomware attacks against Danish targets and a more proactive approach involving a strong collaboration between law enforcement authorities. Also, NC3 welcomes any reflections from industry on the need for a closer partnership between the police and the private sector in combatting cybercrime.

Non-Technical

Mental health has received a lot of attention in the media and on the organizational agenda given increasing levels of stress and burnout within the cybersecurity workforce. The stress level among CISOs has even reached a stage, where it is now considered one of the biggest threats to cybersecurity.

As stress is a well-known and greater societal challenge, present in other industries, what makes stress and burnout a significant challenge in cybersecurity? And why are CISOs and cyber leaders significantly exposed?

This talk will share insights on the above, addressing the state of mental health in cybersecurity and the increasingly complex role of cyber leaders. With offset in her investigation, available research, and conversations with cyber leaders as a cybersecurity talent broker, Camilla Treschow Schrøder will uncover why creating resilient cyber leaders is part of the answer in a time where retaining talents in the industry is ever more important.

Non-technical

Cyber insurance products have existed for several years now, but the offering has evolved a lot during that time and is likely to continue to change. We will share insights with you on where insurance has delivered value and where there have been important lessons learnt – based on real world examples. We will touch on topics like:

• How an insurance policy addresses cyber threats.
• The relevance of cyber insurance in today’s market.
• The relevance of cyber insurance policies and levels of accessibility.
•  Considerations when deciding on purchase a policy.
• Trends and expectations related to the future of the cyber insurance market and how product offerings might evolve.

Non-Technical

Has cybercrime made going online an unhealthy experience? This presentation uses research from multiple fields—including criminology, social value studies, epidemiology and environmental health science—to argue that cybercrime is causing serious harm to humans. As information security professionals we need to keep in mind that there are more frontlines than the ones we happen to be fighting on at any given time. By highlighting the frontline that is emerging at cybercrime’s point of impact with human health, the cybersecurity community can gain new ways—described in this talk—of pressuring governments and corporations to do more to reduce cybercrime, support its victims, and improve population health.

Technical level: Low

Ransomware has been a major cyber challenge for a decade with no signs of criminals ever running out of exploitable issues.

Do we keep waiting for technology vulnerabilities to somehow disappear, or is it time to claim back territory?

We decided to try and found that criminals also lack the magic wand that would make their IT hacking-proof.

We fought fire with fire — and found companies surprisingly reluctant to accept unsolicited help. How would you react?

Non-technical

Ransomware attacks are now disrupting entire industries from banking to agriculture to healthcare. This fireside chat will focus on the rise of attacks against the IT supply chain and how companies can protect themselves.

Non-technical

uly 27, 2023, in the middle of the summer holiday, disaster struck. We lost control of our data.

The coming weeks and months we fought what felt like a battle in the trenches slowly but surely taking back control.

In this talk we will share insights on how to:

• manage a critical cyberattack situation
• communicate with employees and customers
• getting help from partners
• deal with the authorities and attackers
• get out on the other side in a better and more secure shape

Technical level: Low

There are many opinions when it comes to communicating and even negotiating with Threat Actors (TA). Often, the victim is strongly recommended NOT to engage with the TA. This talk will give you a unique insight into examples from real-life cases where TA communication assisted the technical investigation and vice-versa. The talk will include technical and strategic elements within Incident Response, and you will understand why TA communication is not the same as paying a ransom. In fact, sometimes, TA communication is the only way to understand the entire risk set associated with the incident.