05 October 2017
0800–0900 |
Breakfast |
|
0900–0930 |
Welcome and Introduction Technology Director, Don Smith and Chief Threat Intel Officer and SVP Col. Barry Hensley (Ret.) |
|
0930–1015 |
“What, you don't
think I’d go into combat with loose change in my pocket do you” CyberCrime trends and
emerging criminal threats This
session will explore key observations of cybercrime threat landscape and emerging
criminal trends from the last 12 months. |
Senior
Researcher: Aaron
Shelmire |
1015–1100 |
“We got more holes
in us than a horse trader's mule” Tales from the trenches: Third
party risks in the wild A review of a complex and
long-running incident in which a managed service provider’s network was
compromised to access their client’s data. |
Senior
Researcher: Ryan
Cobb |
|
Break |
|
1120–1200 |
“You've got to give the enemy credit for
organization and planning.” Exploration of the Point of
Sale threat In
this session Senior Researcher Eric Jenko will offer a candid overview of the
point of sale (PoS) threat, an expose of a highly active and capable PoS
threat group and how we can expect this threat to evolve in the future. |
Senior
Researcher: Eric
Jenko |
1200–1230 |
“Well boys, I reckon
this is it – toe to toe with the Roosskies” An overview of the Russian
threat in 2017 We
will delve into recent Russian cyber operations, and examine the capabilities
and motives underpinning recent disruptive campaigns. |
Senior
Researcher: Tom
Finney |
|
Lunch |
|
1330–1415 |
“How often do we
read of banks adding three zeros to a hundred dollar deposit?” Wire Wire: The African
Persistent Threat How
crime syndicates steal billions from organizations worldwide via Business
Email Compromise (BEC); leveraging off-the-shelf malware, social engineering
and persistence. Senior researcher will also advise on how to avoid being a
victim to these - at times – elaborate money-making schemes. |
Senior
Researcher: James
Bettke |
1415–1445 |
“There’s no fighting
in the war room” A
series of quick fire sessions highlighting key lessons learned from
real-world threats and incidents observed by SecureWorks® in the last 12
months: · “I was just going to say, as long as the weapons exist, sooner or
later something's going to happen….” A
review off-the-shelf tool use and the increasing use of commodity tools in
targeted attacks. Senior
CTU Researcher: Mike McLellan · “They dang sure ain't gonna spot us on no radar screen!” Threat actors are continuing to evade security
controls and technologies. We will review some of recent examples we have
observed in the wild. Senior CTU Researcher: Aaron Shelmire · “The enemy may come individually or he may come in strength” An overview of a targeted campaign affecting
vulnerable routers globally. Senior
CTU Researcher: Mike McLellan |
Various
speakers |
1445–1515 |
“Gee. I wish I had
one of them doomsday machines” An overview of the threat
from North Korea in 2017 This
session will unpick DPRK’s recent money making and disruptive campaigns, and explore
the role cyber operations are likely to play as international pressure
increases on Pyongyang. |
Senior
Researcher: Rafe Pilling |
|
Break |
|
1530–1615 |
“We’ll meet again” Tales from the trenches: Threat
actor reentry Will
explore the game of ‘cat and mouse’ between incident responders and threat
actors during an eviction, and the lessons we have learned from evicting
threats over the years. |
Senior
Researcher: Mike
McLellan |
1615–1645 |
“I can no longer sit
back and allow Communist infiltration..” A summary the China threat in
2017 In
this session we will review a surge of China-linked intrusions over the last
year: how some capabilities may be evolving, but the intent ultimately remains
the same. |
Senior
Researcher: Matt
Webster |
1645–1700 |
Closing comments / Dinner announcements |
Chief Threat Intel Office and SVP Col. Barry Hensley (Ret.) |
1700–2030 |
Reception |
|
06 October 2017
0800–0900 |
Breakfast |
|
0900–1000 |
Special Guest
Speaker |
|
1000–1030 |
“Baby, I told you
never to call me here, don't you know where I am?” An overview of significant
Iranian campaigns in 2017. This
session will review the state of the Iranian cyber threat and unravel a
long-running social engineering operation laced with intrigue and seduction. |
Senior
Researcher: Allison
Wikoff |
|
Break |
|
1030–1100 |
“We don't want to be vulnerable to
saboteurs calling up and pretending to be different people” The Continued Threat of
Banking Malware This session will investigate how banking
malware undermines the integrity of infected endpoints, intercepts and
manipulates web sessions, harvests credentials, and allows unfettered remote
access to high-value targets. |
Senior
Researcher: Keith
Jarvis |
1100 –1145 |
“Mein Fuhrer, I can walk!”: Breaking the cycle of
failure in cyber security If
the crawl – walk – run analogy of defensive maturity applies, are we walking
yet? In this session Chris Yule will conclude the summit with the victim’s
perspective: what are the most important detection, prevention and response
lessons we have learned to better break the cycle of failure in cyber
security? |
Senior
Researcher: Chris
Yule |
1145–1200 |
Closing comments and
depart |
Chief
Threat Intel Office and SVP Col. Barry
Hensley (Ret.) |