0800–0900

Breakfast

0900–0930

Welcome and Introduction

Technology Director, Don Smith and Chief Threat Intel Officer and SVP Col. Barry Hensley (Ret.)

0930–1015

“What, you don't think I’d go into combat with loose change in my pocket do you”

CyberCrime trends and emerging criminal threats

This session will explore key observations of cybercrime threat landscape and emerging criminal trends from the last 12 months.

Senior Researcher:

Aaron Shelmire

1015–1100

“We got more holes in us than a horse trader's mule”

Tales from the trenches: Third party risks in the wild

A review of a complex and long-running incident in which a managed service provider’s network was compromised to access their client’s data.

Senior Researcher:

Ryan Cobb

Break

1120–1200

“You've got to give the enemy credit for organization and planning.”

Exploration of the Point of Sale threat

In this session Senior Researcher Eric Jenko will offer a candid overview of the point of sale (PoS) threat, an expose of a highly active and capable PoS threat group and how we can expect this threat to evolve in the future.

Senior Researcher:

Eric Jenko

1200–1230

“Well boys, I reckon this is it – toe to toe with the Roosskies”

An overview of the Russian threat in 2017

We will delve into recent Russian cyber operations, and examine the capabilities and motives underpinning recent disruptive campaigns.  

Senior Researcher:

Tom Finney

Lunch

1330–1415

“How often do we read of banks adding three zeros to a hundred dollar deposit?”

Wire Wire: The African Persistent Threat

How crime syndicates steal billions from organizations worldwide via Business Email Compromise (BEC); leveraging off-the-shelf malware, social engineering and persistence. Senior researcher will also advise on how to avoid being a victim to these - at times – elaborate money-making schemes.

Senior Researcher:

James Bettke

1415–1445

“There’s no fighting in the war room”

A series of quick fire sessions highlighting key lessons learned from real-world threats and incidents observed by SecureWorks® in the last 12 months:

·  “I was just going to say, as long as the weapons exist, sooner or later something's going to happen….”

A review off-the-shelf tool use and the increasing use of commodity tools in targeted attacks.  

Senior CTU Researcher: Mike McLellan

·  “They dang sure ain't gonna spot us on no radar screen!”

Threat actors are continuing to evade security controls and technologies. We will review some of recent examples we have observed in the wild.

    Senior CTU Researcher: Aaron Shelmire

·  “The enemy may come individually or he may come in strength”

An overview of a targeted campaign affecting vulnerable routers globally.

Senior CTU Researcher: Mike McLellan

Various speakers

1445–1515

“Gee. I wish I had one of them doomsday machines”

An overview of the threat from North Korea in 2017

This session will unpick DPRK’s recent money making and disruptive campaigns, and explore the role cyber operations are likely to play as international pressure increases on Pyongyang.

Senior Researcher:

Rafe  Pilling

Break

1530–1615

“We’ll meet again”

Tales from the trenches: Threat actor reentry

Will explore the game of ‘cat and mouse’ between incident responders and threat actors during an eviction, and the lessons we have learned from evicting threats over the years.

Senior Researcher:

Mike McLellan

1615–1645

“I can no longer sit back and allow Communist infiltration..”

A summary the China threat in 2017

In this session we will review a surge of China-linked intrusions over the last year: how some capabilities may be evolving, but the intent ultimately remains the same.

Senior Researcher:

Matt Webster

1645–1700

Closing comments / Dinner announcements

Chief Threat Intel Office and SVP Col. Barry Hensley (Ret.)

1700–2030

Reception

0800–0900

Breakfast

0900–1000

Special Guest Speaker

1000–1030

“Baby, I told you never to call me here, don't you know where I am?”

An overview of significant Iranian campaigns in 2017.

This session will review the state of the Iranian cyber threat and unravel a long-running social engineering operation laced with intrigue and seduction.

Senior Researcher:

Allison Wikoff

Break

1030–1100

“We don't want to be vulnerable to saboteurs calling up and pretending to be different people”

The Continued Threat of Banking Malware

 This session will investigate how banking malware undermines the integrity of infected endpoints, intercepts and manipulates web sessions, harvests credentials, and allows unfettered remote access to high-value targets.

Senior Researcher:

Keith Jarvis

1100 –1145

“Mein Fuhrer, I can walk!”:

Breaking the cycle of failure in cyber security

If the crawl – walk – run analogy of defensive maturity applies, are we walking yet? In this session Chris Yule will conclude the summit with the victim’s perspective: what are the most important detection, prevention and response lessons we have learned to better break the cycle of failure in cyber security?

Senior Researcher:

Chris Yule

1145–1200

Closing comments and depart

Chief Threat Intel Office and SVP Col. Barry Hensley (Ret.)