CONTENTS OF LECTURES 2020
Cisco Talos - Comprehensive Security Information Engine
In 2018, a sophisticated threat actor took control of the DNS records for entire countries and top level domains. The attacker succeeded in redirecting a nation state’s ministry of foreign affairs domain records to point to systems under the malicious control. In this presentation learn how Cisco Talos spotted the attack within their telemetry and discovered the expanse of the attacker’s campaign, and how Talos’ expertise can protect your networks.
Digital assets and post-mortem privacy – theory, law and technology
Grieving parents of a dead teenager in Germany were denied access to their daughter’s Facebook account, but the German Federal Court of Justice ruled in favour of the parents in July 2018. Similar cases have recently happened in the UK, where Instagram refused to grant access to Molly Russell’s parents, following her unfortunate suicide, or where a court ordered Apple to provide widow access to her late husband's Apple account. There have been many similar cases around the world, but the laws once again have not been able to respond adequately to the issues caused by technology and social media.
In her research, Dr Edina Harbinja argues that the same autonomy and freedom to dispose of one’s physical wealth should extend online and enable individuals to decide what happens to their online “wealth” (mainly their personal data) when they die. One of the most significant vehicles that would enable this control is post-mortem privacy. In short, this refers to the right of a person to preserve and control what becomes of his or her reputation, dignity, integrity, secrets or memory after death.
In her talk, Dr Harbinja will explore post-mortem privacy from a philosophical, legal and technological angle. She will discuss the most recent case law, statutes, and offer ideas for ways forward in legislating the area around the world.
Hackers: United with COVID-19 we stand
In March and April a lot of companies in the EU were forced to quickly come up with solutions for work from home for large number of employees.
This opened new attack vectors were those employees now working from home became primary targets for attackers.
Since the beginning of the pandemics INFIGO IS worked on a dozen of incidents that affected medium and large size companies in the region.
This presentation will go through results of incident responses performed by INFIGO. We will take a look at some of the common and not so common tactics, techniques and procedures used by real-world attackers that were identified in attacks against companies in the region.
Hijacking an Insulin Pump: From Discovery to Disclosure
Hacking medical devices and cybersecurity in public health is the subject of recent discussions. The Federal Office for Information Security (BSI) aims to improve transparent communication regarding cybersecurity risks of networked medical devices. To this end, the BSI initiated the project ManiMed – Manipulation of Medical Devices to facilitate a trustful communication and cooperation between manufacturers, security researchers, and authorities. This study targets the current cybersecurity state of smart and connected medical devices and illustrates what kind of questions the medical device industry is facing by making their devices smart. This article focuses on security vulnerabilities identified in the DANA Diabecare RS insulin pump to illustrate what kind of questions the medical device industry faces by making their devices smart. The exemplifying vulnerabilities affected the pump's proprietary, Bluetooth Low Energy (BLE)-based communication and affected patient safety.
The assessment of medical devices is highly specialized and individual in terms of the device's medical use case, present interfaces, used technologies and assumptions to its environment. The device was assessed following a black-box approach. The proprietary communication protocol built on top of Bluetooth Low Energy (BLE) was reverse-engineered using the manufacturer's Android and iOS applications and captures of the communication between the pump and its mobile apps using elementary BLE prototyping hardware. In the scope of the assessment were applied cryptography, Man-in-the-Middle attacks, eavesdropping of the communication, as well as the authentication and pairing process. A coordinated vulnerability disclosure process (CVD) was initiated to keep the smart medical device on the market while ensuring that it no longer poses a threat to patient safety. The disclosure deadline was set with the constraint that measures must not harm the therapeutic purpose of the medical device. The Federal Institute for Drugs and Medical Devices (BfArM), as the national authority for vigilance in Germany, was notified and involved.
During the security assessment, client-side controls, weak generation of encryption keys, improper verification of the pump's identity, missing replay protection, the insecure transmission of cryptographic keys, and an overall weak authentication mechanism were identified. By hijacking the pump, an attacker can administer insulin boluses remotely, causing severe patient harm. The coordinated vulnerability disclosure (CVD) process was extended and lasted several months until a patch was rolled out to patients with a new pump firmware and major mobile application upgrades. The manufacturer released security advisories in the forms of a Field Safety Notice (FSN). A Medical Advisory (ICSMA) as well as CVEs were published by the Cybersecurity and Infrastructure Security Agency (CISA).
This example demonstrates that mature processes for handling cybersecurity vulnerabilities with safety impact on active medical devices are not yet common among all medical device manufacturers, even though recognized procedures based on pervasive community knowledge are in place.
How to create a balance between security and user experience?
Lecture is being prepared
Malware Beyond 2020
Prediction is speculation, lets talk about facts. It was not far away that we saw use of encrypted communication in malware, we saw use of artificial intelligence to outsmart the protection and spread on large scale, we still see that today. From malware developer point of view, this technical lecture will guide the audience trough today facts and deliver a view in the window of malware beyond 2020. I will be revealing new techniques in use, tactic movements and completely new type of malware just to make the window view clear beyond 2020.
As cyber security researcher, my goal is to share enough of my knowledge to alert the users and prepare them for what is coming.
Risk analysis - where is the trap?
Cybersecurity is no longer an IT problem to solve. Today, it’s a top priority for most business leaders, while customers expect companies to keep their information secure, and regulatory mandates increasingly add pressure to tighten controls. And with a massive shortage or cybersecurity talent, organizations need everyone to take responsibility for cybersecurity. We must think and act securely, bake security into designs, and become responsible stewards of risk, ensuring that cybersecurity solutions are value-driven benefits to business partners and customers. In this session, the presenter who is the co-author of the IIBA Cybersecurity Business Analysis Certification and exam writer will take you on a journey on risk analysis that will expand your horizon into security risk analysis – where is the trap?
Secure your PL/SQL database code
Pete will explore the common security issues that afflict most PL/SQL Oracle database code. This will be by demonstration of some of the common attacks such as SQL Injection, code abuse, resource and privilege abuse and also Pete will focus on how to detect bad PL/SQL database code and what to do to develop a policy or standards and also how to fix the issues.
State of Least Privilege Container Footprinting
There are many publications on the security of container runtimes and their isolation capabilities, many of which cover capabilities by the executed containers. In this talk, I will describe existing approaches to footprint containers to determine the capabilities they actually require to successfully run. The resulting insights can be used to integrate tooling into your CI systems to determine required capabilities during building and testing and then restricting containers during runtime to that exact set.
The importance of context in Infosec detection and response
The constant changes in IT environments require organizations to rethink and strengthen fundamental Cyber security capabilities in terms of visibility, effectiveness in detection, and context for given device to enable a comprehensive response.
In this session we’ll show how Qualys collects and combines multi-vector context to prioritize remediation of the most vulnerable surface, wherever it is.
Unprotect Project: The Malware Evasion Techniques Database
Malware evasion techniques or (Defense Evasion) are used to go undetected and make their analysis difficult during the infection process and at the time of the attack. There is a wide spectrum of techniques that allow malware to bypass existing security. Nowadays evasion mechanisms are very common and almost all malware in the wild use one of these mechanisms. There is a real need to bring a classification matrix to help the community understand how it works and how they can be detected. The Unprotect project is an open-source project that aims to provide a comprehensive classification of evasion techniques.
In this talk, we'll go over recent evasion mechanisms and show how the Unprotect database can be used to bolster your security.
Vertiv Solutions For Fast Digitalization
You've just been hacked! Now what?
It's a time when assuming your systems and applications are "unhackable" is one of the biggest mistakes you could do. While most people still think that prevention and maintenance remain a top priority in protecting yourself, building a clear process around how you will respond to attacks and data breaches during and after their occurrence is something often overlooked, or simply ignored.
The past few years have brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness.
Do you know how exposed you are when you're connecting to the hotel/restaurant/airport WiFi? Are you aware how fast clicking on a link can become a nightmare? Come down for a quick overview and live demos of some of the current cyber threats, especially as they pertain to social engineering vectors.
This session intends to bring the assume breach security posture into the spotlight. We'll be discussing recent trends in cybersecurity attacks (credential reuse, password spraying, insider attacks, 2FA-bypass, etc.) and look at the best ways to build your data breach incident response policy. Demos included.