Speakers
Michael Anti - Cyber Security and Censorship: The Unconventional War
Bio
Michael Anti (a.k.a. ZHAO Jing) is a veteran journalist and popular political columnist for various of Chinese and English media outlets. He won M100 Sanssouci Media Award in 2011. He was a Chinese war reporter in Baghdad in March 2003 and then worked with Beijing Bureau of the New York Times for 4 years. His well-known MSN blog on Chinese politics was removed by Microsoft in December 2005 under the pressure of Chinese government. He also received Wolfson Press Fellowship at Cambridge University (2007), Nieman Fellowship at Harvard University (2008), and was a visiting scholar at University of Tokyo. As a public advocate for Internet freedom and online public diplomacy, he is one of the most influence bloggers in China. He was also a TEDGlobal speaker in 2012.
Candid Wüest - Targeted attacks: How sophisticated are they really?
Symantec
Abstract
A lot of media do report on targeted attacks or so called APTs, but how sophisticated are those attacks really? Stuxnet & co. are only the tip of the iceberg. Most of the attacks are not so smart at all, but nevertheless successful. We will elaborate on the common methods of targeted infections & exfiltration of data, happening every day around the globe. Those attacks do happen to all kind of companies as size does not matter here. We will highlight the methods and tools used by the attackers with real life examples and show why they successfully bypass most security tools and analyse where these attacks differ from the common malware flood.
Bio
Candid Wüest holds a master of computer science from the Swiss Federal Institute of Technology (ETH) and various certifications. He works for Symantec's global security response team, where he has been going far beyond anti virus signatures during the last ten years. He researches new threat vectors, analyses trends and formulates new mitigation strategies. During three years he was working as a Virus Analyst in the anti malware laboratory of Symantec in Dublin/Ireland, analysing malware and creating signatures. He has published various articles and appeared in magazines and TV shows. He is a frequent speaker at conferences like VB, RSA and #days. He learned coding and the English language on a Commodore 64.
Dr. Thomas Maillart - On the Importance of Human Timing for Quantitative
Cyber Risks Management
Swiss National Science Foundation Fellow, UC Berkeley School of Information, California, USA
Abstract
Human timing is a critical aspect for the future of Internet security. With concrete examples, I show how harnessing the time dimension helps quantify and forecast cyber risks at various levels, ranging from IT security to corporate management to insurance and governments.
Bio
Thomas Maillart has a PhD in Science from the Department of Management, Technology and Economics, ETH Zurich and a Master Degree in Engineering from EPFL. He is currently a Swiss National Science Foundation Fellow at UC Berkeley School of Information, developing scientific methods to model and forecast the dynamics of Internet attacks at large scales. Thomas is well known in the (re)insurance business for having demonstrated the extreme nature of cyber risks in 2008.
John Matherly - Internet Cartography: Using Shodan to explore uncharted territory
Bio
John Matherly is the founder of Shodan, the first comprehensive search engine of devices connected to the Internet. John, born in Switzerland, graduated from University of California, San Diego, with a bachelors degree in bioinformatics, with research done in the field of hydrogen-deuterium exchange mass spectrometry . Prior to creating Shodan, John worked at the San Diego Supercomputer Center as a programmer/ analyst on the Protein Data Bank project. The idea of Shodan was born in 2003, and it has evolved into a tool that searches for and catalogs every IP address on the Internet, ranging from individual home desktops to industrial automation systems. Shodan also performs automatic Internet-wide surveys, analyzes large amounts of data and makes security tools more accessible to the community.
Dr. Timo Steffens - An in-depth analysis of Advanced Persistent Threats campaigns
Abstract
In this presentation, we will show relationships between several APT campaigns that were either discussed publically in security blogs or were reported to CERT-Bund. The identified relationships are based on technical data and are categorized into three levels of confidence. A link between two APT campaigns is considered strong if command-and-control servers are shared or hash sums of involved malware binaries are identical. If the same (rare) malware family is used, a link is considered to be of medium confidence. Other commonalities are considered as weak links. Analyses published on APT campaigns usually focus on activities of one group of actors only. Some researchers, for example, track the domain names used by the Comment Crew. In our presentation, we provide a more abstract view and look at relationships between different APT campaigns. While some relationships between campaigns such as Aurora and Elderwood or HTran and the Comment Crew have been discussed in blogs already, combining information on many additional other small links results in a much more comprehensive picture.
Bio
Dr. Timo Steffens has a background on artificial intelligence and data analysis. After doing projects on early-warning systems he found his way into the field of IT-security. He is the vice head of the National IT-Situation Center and CERT-Bund at the German Federal Office for Information Security (BSI).
Stefanie Frey - Implementing the National Strategy for Protection of
Switzerland against Cyber Risks
Abstract
The present efforts to combat cyber risks are currently being addressed by the Swiss Federal Council, who has approved the National Cyber Strategy (NCS) on 27 June 2012. The strategic aim of the strategy is threefold: early warning of cyber threats and risks; increased resilience within critical infrastructures; overall reduction of cyber risks. Through the increased use of the internet and mobile networks, the number of cyber attacks has also increased exponentially and has touched on all facets of society. It has become a reality that each conflict, which occurs in either the political, economic or military sphere has today also a cyber component. These cyber attacks range from minor hacker attacks, to cyber crime and cyber espionage, as well as cyber war. Cyber crime in one form or the other has become a daily reality and poses a clear and present danger. Thus, the NCS has defined 16 concrete measures, in order to address cyber threats. These range from the creation of risk and vulnerability analysis, to a solid situation analysis, to continuity and crisis management. The designated federal agencies should implement these measures within the context of their existing mandate by the end of 2017. Partners from authorities, the private sector and society are to be integrated into this implementation process.
Bio
Dr. Stefanie Frey has a PhD from the Department of War Studies, King's College London. She worked on several projects on defence and security policy, war related topics, current affairs, as well as early warning and crisis management. She is currently working on Cyber Risk and Defence at the Reporting and Analysis Centre for Information Assurance (MELANI) at the Federal Department of Finance FDF.
Yaron Blachman - Cyber Threat Intelligence – Buzzword or Real Thing?
Abstract
In recent months, the term Cyber Threat Intelligence has attracted a lot of attention. While it is often just used as a buzzword, experts are certain that it is a crucial element in cyber defense. In this talk, we present our understanding of Cyber Threat Intelligence and discuss how Cyber Intelligence works. Finally, we discuss how an organization can make use of Cyber Threat Intelligence to enhance its cyber defenses.
Bio
Yaron Leads PwC Israel's Security and Forensics line of services. He founded PwC's Cyber Center of Excellence and has an overall responsibility on its global operations. The PwC’s Cyber Center of Excellence develops tools and methodologies to assist organizations in combating todays cyber threats and cyber challenges. Yaron started working with the PwC security consulting group in 2002 where he has been providing security consulting services to the fortune 500 clients. Yaron has a great deal of experience in the financial sector, working with major banks and insurance companies - globally and in Israel. During 2006-2008, Yaron was on secondment to PwC’s California offices at San-Francisco & San-Jose. During this period, he provided technology and information security advisory services to local Silicon Valley and San Francisco based clients such as Microsoft, Google, Visa, Levi’s, eBay, Meryl-Lynch, CISCO and others. Prior to working with PwC, Yaron has been working as an IT consultant with Paragon Consulting (Israel) and has been a captain in the Israeli Air-Force, managing large scale IT software projects. Yaron is an electrical and computer engineer (Ben-Gurion University) and is a Certified Information System Security Professional (CISSP) since 2002.
Michael Pilgermann - Implementing a Cybersecurity Strategy in CIIP
Abstract
The German federal Government has adopted its Cybersecurity Strategy in Feb. 2011; since then the implementation of the strategy has been pursued with priority. Critical Information Infrastructure Protection (CIIP) is one of the top priority work modules of the Cybersecurity Strategy. I will explore on the CIIP mechanisms in Germany, the national intensifications due to growing Cybersecurity impacts as well as the international perspective.
Bio
Michael Pilgermann has a doctorate in Computer Science with focus on Information Security. He had worked in industry for several years as an IT-Security consultant. In his current position as a technical advisor in the Federal Ministry of the Interior (MoI) he is taking care of the national and international CIIP activities and the European Union aspects of Cybersecurity/NIS.
Oliver Münchow & Manuel Krucker - APT live – An in-depth example
of an professional inside-out attack
Abstract
In this live hacking session, we will show you an inside out attack, a common APT method. We plan a stepwise presentation of the live hacking session and every step being separately explained, performed and interactively discussed with the audience.
The attack uses a combination of two hacking methods. First, an innocent looking spear-phishing email, with to the victim seems like a genuine and harmless email. Sometimes attackers create webmail or social media accounts using names of colleagues or they spoof sender address of the email completely. Cyber-attackers use this social engineering method because it is a low-cost, easy to launch and very effective. Second, a software vulnerability which is used to take control of the victim’s machine. Some investment is necessary to obtain information on latest vulnerabilities (i.e. as close to zero-day as possible). In our inside-out attack we initiate a network connection from the trusted (corporate) to the untrusted (Internet) network. The attack requires an “insider” execute code to bypass security restrictions.
We will show you that an attacker with certain technical skills who wants to have access to internal data could currently not be stopped nor could he be detected. It has to be said that such attacks are not expected to origin from Script Kiddies or hobby hackers. Only hackers with a specific motivation and financial background are likely to conduct such structured APT attacks.
Bio Oliver Münchow
Oliver Münchow works as a Senior Security Consultant at InfoGuard AG. He has a background of over ten years’ experience in Penetration Testing, Security Audits and Vulnerability Assessment. He studied information security at the Lucerne University of Applied Sciences and Arts. Oliver achieved his Lic. Rer. Pol. (summa cum laude) at University of Fribourg.
Bio Manuel Krucker
Manuel Krucker works as Senior Security Consultant at InfoGuard AG. He is an experienced Security Analyst holding a Master of Science in Computer Science ETH Zürich and is a certified OSSTMM Professional Security Analyst and Tester.
Dr. Stefan Lüders - Why SCADA security is NOT like Computer Centre security
Bio
Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and infrastructure control systems against cyber-threats. Subsequently, he joined the CERN Computer Security Incident Response Team and is today heading this team as CERNs Computer Security Officer with the mandate to coordinate all aspects of CERNs computer security (office computing security, computer centre security, GRID computing security and control system security) whilst taking into account CERNs operational needs. Dr. Lüders has presented on these topics at many different occasions to international bodies, governments, and companies, and published several articles.
Mark Tibbs - The Industrialisation of Cybercrime
SOCA (UK)
Abstract
The trade and sale of personal data for use in fraud is big business in the cyber underground economy. This presentation looks at the emergence of automated websites and the data that they are selling, the way international law-enforcement are targeting these criminals and using new and innovative methods alongside traditional investigations to disrupt and dislocate these markets.
Bio
Mark Tibbs is a Team Leader from the UK Serious Organised Crime Agency's Cyber and Forensics Department. He currently leads a team of intelligence officers tasked with developing intelligence on cybercriminal groups for prosecutions and prevention opportunities. He has led intelligence operations into a range of cybercrime-related topics, including pursuing Malware developers, Carders and Money Launderers.
Mykola Ilin - Indirect methods of targeted malware detection in enterprise
environment
Abstract
Deployment of malware detection and mitigation technologies is complex process. It may require significant modification of existing enterprise environment, which is not always possible. In some cases additional end-user antivirus/IPS technologies actually reduce security, because client-side exploitation of bugs in high-privileged components of security software give full control over end-user system. On other side usage of only indirect methods such as corporate internet gateway logs analysis may reduce detection rate, and may not help against targeted attacks because of low spreaded (or unique) binary malware samples. In this work we propose improved indirect methods of targeted malware detection. It is possible to increase malware detection rate using real-time correlation of behavioral information obtained from open malware samples exchange services (such as VirusTotal behavioral information analysis, VirusShare.com and Malware.lu samples databases), domain blacklists (such as malwaredomains.com, abuse.ch/zeustracker, DShield and Spamhaus DROP list) and consolidated logs from enterprise edge devices (DNS servers, HTTP proxies, traffic dumps). Proposed methods are integrated in decision support system based on Splunk, and can be easily integrated to existing network monitoring Splunk-based solutions.
Bio
Mykola Ilin is scientific researcher in department of information security in National Technical University of Ukraine "KPI". He is co-founder of DefCon-UA group (DEF CON 02139 international) and leader of DCUA ctf team. He has a backgroud of over ten years in technical security audits.