SIGS Special Event – Why commercialization of Cybercrime requires a Next-Gen Defense

 

Target Audience Information Security Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/Integrators are only technical peoples allowed to take part. Vendors and people with a Sales/Marketing role are not authorized as participants.

CPE Credits Earn 4.25 CPE (Continuing Professional Education) for attending this SIGS Afterwork Event. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free park places available.
Train: railway station Zurich Airport – take the Hotel Shuttle

Date of Event 31st of May 2017
Language English, if non-German speaking people will attend, otherwise German
Schedule see agenda below
Participation Costs Fr. 55.— per participants
Organization, presentations, beverages and aperitif included

Agenda

2:00 – 2:30 Registration & Coffee
2:30 – 2:30 Welcome & Introduction by the moderator
2:30 – 3:15 lic. jur. Stephan Walder, stv. Leitender Staatsanwalt, Kanton Zürich, Direktion der Justiz des Innern, Staatsanwaltschaft II, Kompetenzzentrum Cybercrime

Cybercrime Strafverfolgung: Möglichkeiten und Grenzen (Präsentation in Deutsch)
Cybercrime ist in aller Munde und erfreut sich leider grosser Verbreitung. Die Strafverfolgungsbehörden sind stark gefordert, denn die klassischen Ermittlungsmethoden sowie die territoriale Ausrichtung sind sprichwörtlichen Grenzen unterworfen. Der Kanton Zürich betreibt seit 2012 das Kompetenzzentrum Cybercrime, welches sich hauptsächlich durch die räumliche Nähe der Ermittler und Techniker der Polizei sowie der Staatsanwälte und Assistenten der Staatsanwaltschaft auszeichnet. Trotz virtuellem Umfeld ist räumliche Nähe ein Erfolgsfaktor, weil damit einerseits der stetige Know-How-Austausch gewährleistet und andererseits ein sehr schnelles Handeln möglich ist. Diese Zusammenarbeit ist bestens etabliert und führte zu einigen Ermittlungserfolgen. Ein wichtiger Faktor ist aber auch der private Sector. Gemeinsam mit den jeweiligen Spezialisten von Legal und CERT können schnelle Sicherungsmassnahmen umgesetzt und entscheidende Erkenntnisse zur Täteridentifikation gewonnen werden.

Derzeit ist ein Trend zu Deliktskomplexen feststellbar, die einzig auf unrechtmässige Bereicherung ausgerichtet sind, wie bspw. die Phänomene Phishing, Ransomeware und praktisch alle Formen von Fraud, während sog. Skript-Kiddies und reine Hacktivists eher selten geworden sind. Es hat sich eine regelrechte Schattenwirtschaft gebildet, wo sich dienstleistende Täterschaften austauschen und organisieren. Diese Kooperationen funktionieren bestens, sind zum gegenseitigen Schutz anonym und generieren sehr hohe Schadenssummen. Um diese Täterschaften zu identifizieren und zu lokalisieren sind neben Know-How und genügenden Ressourcen das ganze Spektrum von strafprozessualen Zwangsmassnahmen nötig, namentlich geheime Überwachungsmassnahmen und verdeckte Ermittlungen/Fahndungen. Wenn auch im Gegensatz zu gewissen TV-Serien nicht in jedem Fall ein Treffer resultiert und stets auch eine Portion Glück willkommen ist, gelingt es mit entsprechendem Herzblut und einem erfahrenen, interdisziplinären Team regelmässig, eine Täterschaft aus dem vermeintlich „rechtsfreien“ virtuellen Raum hinaus zu reissen und einem sehr realen Strafprozess zuzuführen.

3:15 – 4:00 Gaetan van Diemen, Product Manager Cyber Threat Intelligence at Fox-IT

Evolution of the threat landscape – behind the scene
Financial malware, Remote access Trojans, targeted attacks, ransomware… These are among the common manifestations of cybercrime, but looking back at years of crime these incidents are part of cybercrime’s natural evolution.

This presentation will provide an overview on the whys and wherefores of the ongoing cat-and-mouse game between criminals and security experts.

4:00 – 4:30 Jörg von der Heydt, Channel Director DACH, Skybox Security

Commercialization of Crimeware Demands a New, Threat-Centric Approach to Vulnerability Management
A true understanding of vulnerability risk requires a comprehensive understanding of the attack surface paired with a focus on exploits circulating in the wild.

In recent years, cybercriminals have organized, automated and outsourced fraud techniques, resulting in an increase in commercial packages of complex threats. This productization of cybercrime is making it harder for organizations to keep up: the tools that overworked security teams rely on to discover and mitigate vulnerabilities don’t match the exploit tactics used by the criminals. So, what is the best approach in light of this dynamic threat landscape? How should security leaders stand up to the growing threat of industrialized cybercrime?

According to a 2016 Gartner report*, most organizations today follow a policy of “gradual risk reduction, with vulnerability and patch management policies focused on mitigating and patching a percentage of vulnerabilities in a given time frame.” For example, many vulnerability management programs use CVSS scores that are based on “low, medium, high and critical” risk values, often with thousands of vulnerabilities rated as “critical” that need to be remediated right away. This approach is ineffective because it turns vulnerability management into a game of chance, where risk is disconnected from what is truly being exploited in the wild or the context of the organization’s network.

Recent reports show that the majority of successful breaches are executed by threat actors that use and re-use a subset of old vulnerabilities whose exploits are being commercially exchanged in the “Dark Web.” By identifying these vulnerabilities — those for which exploits exist in the wild and are being used in attacks —and combining this information with CVSS scores and contextual intelligence of an organization’s IT environment, security leaders can change the game. They gain a true understanding of not only the potential impact and severity of a vulnerability but also the probability of exploitation. This threat-centric vulnerability management augments gradual risk reduction by considering multiple factors inside and outside the organization. It’s a new approach to vulnerability management that requires comprehensive understanding of an organization’s attack surface combined with the prioritization of vulnerabilities by potential, imminent and actual threat levels. Using this approach, security leaders gain the advantage of integrated intelligence, including what vulnerabilities are truly being targeted by adversaries and threat actors in the wild.

When you leave, you will understand:

  • How the commercialization of cybercrime has impacted organizations’ ability to understand the true risk of vulnerabilities and why CVSS scoring alone is no longer enough
  • Why it’s critical for organizations to change their approach to “threat-centric vulnerability management”
  • How augmenting gradual risk reduction (targeting a certain percentage of known vulnerabilities) with imminent threat elimination (vulnerabilities truly being exploited in the wild) enables security teams to better understand the true risk of a vulnerability to their organization
  • How to construct a “living vulnerability prioritization catalog” centered on those vulnerabilities being actively targeted in the wild
  • How to leverage security operations, analytics and reporting capabilities to automate threat-centric vulnerability remediation prioritization
4:30 – 5:00 Break
5:00 – 5:30 Dr. Christopher Brennan, Regional Director DACH at Skybox Security

Adaptive Security Through Complete Attack Surface Visibility – How changes in Business and Technology signal the need for security to change
In the battle for cyber security, the landscape is changing quickly. Enterprises are facing an onslaught of change from within and outside their walls that is shifting the landscape of cyber security. Innovations in business models and decentralization of technology are forcing security professionals to rethink how they deploy, manage and address security. Also, complying with the EU GDPR (General Data Protection Regulation) is an additional important, new concern for business leaders.

Today’s security landscape is being influenced by three key drivers: Changing business approaches, evolving technology and impact of a breach.

With this in mind, how do security leaders ensure their protections can handle the changes in business and technology, which are increasing the size and complexity of the attack surface, as well as the reality and potential impact of a breach?

Discuss questions such as:

  • I‘m vulnerable, but am I attackable?
  • Where are my real internal and external risks, and how do I prioritise remediation?
  • How to ensure compliance and segmentation of my network?
5:30 – 6:00 Oren Arar, Regional Director EMEA at OWL Cybersecurity

Cybercrimes Marketplaces – Darknet-led Threat Intelligence (DARKINT)
The Darknet has become one of the main marketplaces for hackers. This is where they buy and sell exploits, zero-days, hacked databases access, stolen credit cards, credentials and more. In many cases, the hackers dump a sample of this information on the Darknet or Pastebin and sell it to the highest bidder. Every company aims to improve it’s threat intelligence capabilities, and looking inside the Darknet can be a good start.

On this presentation, I’ll share best-practices on how to use DARKINT as part of a threat intelligence feed, give real-life examples of threats and what can be found on the darknet and discuss how monitoring the darknet can improve an organization’s defense strategy.

6:00 – 6:30 Panel Discussion moderated
6:30 – open end Apéro Riche & Networking
The speakers will be onsite for Q&A

 

The Sponsor of this event is:

This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

So don’t wait and register here if you have a XING account. If you don’t have or don’t like to have a XING account, just send us an email

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this specific platform.

Mobile Menu