Speakers

Take Control

Law Enforcement, Cybercrime, Real World Threats, Policy, Data Privacy

Vladimir
Kropotov

E-shopping Fraud, The View From Cybercriminals Step-by-Step Guides and Underground Discussions

Senior Researcher, Forward-Looking Threat Research
Trend Micro

Vladimir Kropotov is a researcher with Trend Micro FTR team. Active for over 15 years in information security projects and research, he previously built and led incident response teams at Fortune 500 companies and was head of the Incident Response Team at Positive Technologies. He holds a masters degree in applied mathematics and information security. He also participates in various projects for leading financial, industrial, and telecom companies. His main interests lie in network traffic analysis, incident response, and botnet and cybercrime investigations. Vladimir regularly appears at high-profile international conferences such as FIRST, CARO, HITB, Hack.lu, PHDays, ZeroNights, POC, Hitcon, Black Hat EU and many others

E-shopping Fraud, The View From Cybercriminals Step-by-Step Guides and Underground Discussions

Many cybercriminals in the world now focused on monetization, but they want to look cool and don’t want to spend too much money and efforts for this. They commit e-shopping fraud to either resell or use delivered goods. This presentation will focus on the underground findings related to e-shopping fraud and highlight topics like how hackers collect and monetize credit cards, what tricks they use to avoid antifraud system, how hackers trick logistics companies to deliver goods. Security Tips and suggestions to the industry & e-shopping customers. Highlights on evolution of the “cat and mouse game” related to industry and community efforts to stop these hackers.

Ryan
Flores

More Than Protection: Working with Law Enforcement to Disrupt Cybercrime

Senior Manager, Forward-Looking Threat Research
Trend Micro

Currently the Senior Manager of the Forward-Looking Threat Research team in APAC, Ryan Flores has had more than 15 years of experience in IT security under his belt. He has held various positions in Trend Micro, from antivirus engineering, malware sourcing, threat hunting and honeypot development. His current role requires him to research on botnets and cybercrime and underground activities.

More Than Protection: Working with Law Enforcement to Disrupt Cybercrime

Trend Micro's vision of having "a world safe for exchanging digital information" does not end when we detection malicious files, emails or websites. We also routinely work with law enforcement to bring down cybercriminals. In this session, we will share a few cases that not only resulted in successful arrests, but also enhanced our understanding of the cybercrime underground.

JV
Roig

Password Security, Psychology, Smartness, and Gigabytes of Hashes: Results and Experience from an Organization-Wide Password Analysis

Director, Advanced Research & Consulting
Asia Pacific College

JV Roig is an IT consultant specializing in software architecture, business process analysis, IT security, performance and optimization.
He is a graduate of Asia Pacific College, the institution which he represents today as its Director of Advanced Research & Consulting. He graduated summa cum laude twice, in both his undergrad and master's.
He has been an IT consultant for over a decade, with customers ranging from small to large enterprises, and from a variety of industries such as education, retail, manufacturing and government.

Password Security, Psychology, Smartness, and Gigabytes of Hashes: Results and Experience from an Organization-Wide Password Analysis

Taking a cue from the latest password guidelines from the National Institute of Standards and Technology (NIST, https://pages.nist.gov/800-63-3/) and the latest password guidance from Microsoft (https://www.microsoft.com/en-us/research/publication/password-guidance/), we designed an experiment to uncover relevant statistics about passwords used in the organization, to guide us in refining password policies from the classic, traditional policies to the newer ones as recommended by the NIST and Microsoft.
In this report, we share our experience and findings from a password analysis study that was conducted in late 2017 to early 2018. We start with a discussion of the the key characteristics and rationale behind the new password guidance from the NIST and Microsoft, focusing particularly on human-oriented, psychological factors. We then share very interesting findings we were able to uncover from our measurements during the study, as well as our efforts to improve user education with regards to the improved password guidance. Finally, we also share our methodology, particularly how we were able to establish the needed infrastructure and capability to implement one of the latest and most challenging guidelines from NIST and Microsoft: checking passwords against hundreds of millions of known weak/bad passwords taken from past breaches and exploits.

Augusto
Remillano


(Picture of) Crouching Tiger, Hidden Malware

Threat Research Engineer
Trend Micro

Augusto Remillano II is a Core Tech Engineer at Trend Micro. As a member of Threat Cleanup and Analysis Team, he is responsible for giving analysis and in-depth malware information for Trend Micro customers. A passionate learner, he stays updated with the latest emerging threats in the online world. He graduated with a Bachelor of Science in Computer Engineering at the University of the Philippines Diliman.

(Picture of) Crouching Tiger, Hidden Malware

Steganography has long been used by malware developers to hide malicious code inside files not normally scanned by Antivirus products. In addition, legitimate and trusted websites like GitHub and Pastebin were also leveraged to host malware. Recent efforts however, are now combining the two together by uploading images carrying malicious code on GoogleUserContent, a trusted hosting platform. In our presentation, we describe the process of hiding and executing code inside an image, the problems arising from malware-injected images hosted on websites with good reputation, and how to counter-act those problems.

Kiyoshi
Obuchi


(Picture of) Crouching Tiger, Hidden Malware

Threat Research Engineer
Trend Micro

Kiyoshi Obuchi, graduated from De La Salle University in 2017 with the degree BS Computer science with specialization in Network Engineering. He loves the IT security scene so much that he wrote a paper about rogue access points as part of his graduation requirement. Today, Kiyoshi enjoys reverse engineering files and talking about emerging threats. Kiyoshi has been part of Trend Micro since November 2017. Often mistaken as part of TS-JP, he is currently under the team, TCAT where he is a perfect fit.

(Picture of) Crouching Tiger, Hidden Malware

Steganography has long been used by malware developers to hide malicious code inside files not normally scanned by Antivirus products. In addition, legitimate and trusted websites like GitHub and Pastebin were also leveraged to host malware. Recent efforts however, are now combining the two together by uploading images carrying malicious code on GoogleUserContent, a trusted hosting platform. In our presentation, we describe the process of hiding and executing code inside an image, the problems arising from malware-injected images hosted on websites with good reputation, and how to counter-act those problems.

Joahnna
Hipolito

Behind Every Big Attack is an Employee Who Opened an Email

Technical Communications Manager
Trend Micro

JM Hipolito is a Technical Communications Manager from TrendLabs, the Global Technical Support and R&D Center of Trend Micro. She works closely with the company’s global network of threat experts and researchers in monitoring notable changes in the threat landscape, and designs robust communication plans and strategies. She has been with Trend Micro since 2007.

Behind Every Big Attack is an Employee Who Opened an Email

Email is still the primary infection vector used in prominent threats today. This comes as no surprise, as majority of communications within organizations are conducted through email. In the recent years we’ve seen cybercriminals and threat actors use email as their stepping stone to getting into organizations, whether it is to conduct espionage, intercept transactions, or attempt extortion through network-crippling ransomware. But what makes it the go-to channel for cybercriminals? In this talk, we’ll take at look how email and user behavior towards it played a part in the success of past attacks, and what employees can do to avoid being their organization’s weakest link.