Law Enforcement, Cybercrime, Real World Threats, Policy, Data Privacy<
Pawan Kinger is the Director of Threat Research at Trend Micro. He is based in Canada. He has more than 15 years of experience in information security, most of it in defending threats. He has spent most of his career in threat research, vulnerability protection, vulnerability assessment, endpoint and network security. His team delivers protection against the latest vulnerabilities and threats. Recently, he has been exploring threats in cloud and containers eco system and how to defend against those. His recent passion is MITRE ATT&CK framework. He has been an internal evangelist at Trend Micro to spread the word and coach folks about this framework. While not at work he enjoys travelling, reading, biking, skiing and nature walks. He loves his camera.
Security Group speak a common language: MITRE ATT&CKIn a SOC, triaging alerts generated by Deployed Security products is a tier 1 job for an analyst. The threat intel, analysis and defences (security products) use different severity, message for the same incident, which complicates the security Analyst’s job in Alerts Triage. MITRE has simplified the work of security Analyst and Security Managers with the new ATT&CK Framework. Industry-wide acceptance of the MITRE ATT&CK Framework has enabled security product vendors to integrate it into their product line. MITRE ATT&CK Framework also enables the security vendors to evaluate their products against various TTPs as used by an adversary in an attack chain. In this session, we would like to go through how MITRE ATT&CK Framework will enable security Analyst to act fast and correlate the different Alerts to single Attack Chain and let's see in doing so if we identify any campaign activity. Fun times threat hunting with a common language.
Suraj Sahu is a Technical Lead within TrendMicro Threat Research Labs Team and working closely with Trend Micro Deep Security Product. Suraj has more than 8 years of experience in Information Security as a Blue team member. Suraj's primary focus is on analyzing emerging threats, architect security features in the product, integration of MITRE Framework in the product. While not with his laptop he enjoys swimming, reading and cooking.
Security Group speak a common language: MITRE ATT&CKIn a SOC, triaging alerts generated by Deployed Security products is a tier 1 job for an analyst. The threat intel, analysis and defences (security products) use different severity, message for the same incident, which complicates the security Analyst’s job in Alerts Triage. MITRE has simplified the work of security Analyst and Security Managers with the new ATT&CK Framework. Industry-wide acceptance of the MITRE ATT&CK Framework has enabled security product vendors to integrate it into their product line. MITRE ATT&CK Framework also enables the security vendors to evaluate their products against various TTPs as used by an adversary in an attack chain. In this session, we would like to go through how MITRE ATT&CK Framework will enable security Analyst to act fast and correlate the different Alerts to single Attack Chain and let's see in doing so if we identify any campaign activity. Fun times threat hunting with a common language.
Currently the senior manager of the Forward-Looking Threat Research team in Bio: APAC, Ryan Flores has had more than 14 years of experience in antivirus and IT security under his belt. He has held various positions in Trend Micro, starting as an antivirus engineer in charge of malware analysis, detection, and removal. He was heavily involved in malware sourcing and honeypot development and deployment as a member of Trend Micro Incident Response Team. His current position requires him to research on botnets, cybercrime and underground activities, as well as emerging technologies.
Ryan is a regular contributor to the Trend Micro Security Intelligence blog. He has written several research papers, and has also spoken at various international security conferences.
TIndustry 4.0 touts many advantages, savings and efficiencies Abstract: and is being hailed as one of the next big things. But, at what cost? Every technological evolution comes with rewards and risks, and what gets lost behind the buzzwords are the things we should consider and worry about.
This session presents how the industrial environment is merging with the IT environment, and highlights the many issues arising from such mergers. From competing mental models, equipment lifecycle to the very definition of security itself. This session aims to enlighten the audience on the various issues they’d encounter in their road to implement industry 4.0.
Marvin is a senior threat researcher with TrendMicro CSS team in Taiwan, and Bio: holds a Bachelor of Science degree in Computer Engineering. A seasoned malware reverse engineer, APT and cybercrime analyst, forensic investigator, and incident responder for over 15 years in this industry. He is an active member of local security community and regularly appears at high-profile international conferences such as HITB, BlackHat, Defcon, Hitcon and many others. Marvin also invented and filed several patents and trade secret for TrendMicro where he is currently working as a security solution consultant.
Fraud Wars
In this talk, I will discuss the current fraud landscape. I will cover how buy-online-pickup-In-store (BOPIS) concept are being taken advantage by fraudsters or the card-not-present (CNP) fraud that is now on the rise. Of course, a quick look on return-policy abuse, gift card scam, fraud rings, underground fraud forums and a host of other frauds and scams will also be tackled.
I will also deal on laws and regulations that could affect current state of fraud like the latest Payment Service Directive (PSD2) on requiring strong customer authentication (i.e. MFA authentication). In addition, discussion on how mundane policy changes like the use randomized SSN enable fraudsters to use (manufactured) synthetic identity is causing problems to fraud detection companies.
From the perspective of e-commerce merchants and business owners, the growth of fraud coupled with the high level of friction and/or false card decline that their customers are experiencing is already affecting their bottom line. As study shows, falsely rejected card is 13x more costly than the actual fraud itself.
Finally, a quick glimpse on how fraud & transaction security companies are addressing the current problems and how the use of AI/ML in this field, just like in other industry, is changing the fraud landscape.
David Sancho joined Trend Micro in 2002, having fulfilled a variety of Bio: technical security-related roles. Currently, his title is Senior Anti-Malware Researcher, and he specializes in web threats and other emerging technologies. In his more than 18 years of experience in the security field, David has written and published a number of research papers on malware tendencies, has been featured in the media, and has participated in customer events where he has presented on business issues and malware-related topics. His interests include web infection methods, vulnerability exploitation, and white-hat hacking in general.
IoT in the Underground
Whether it involves taking over a car’s steering controls or Abstract: proving that children’s toys are spying on them, hackers love to share their latest IOT hacks. But the media has amplified the stories even more, creating dangerous myths around these technologies. While Miraibased attacks have been successful, cybercriminals have yet to heavily monetize IOT vulnerabilities outside the business model of extortion and DDOS attacks.
This presentation shares insights about what IoT attacks will look like 2-3 years from now. Through research into online cybercriminal forums, we have determined what level of interest and possible criminal opportunities there may be for IoT-specific attacks. Our research covers current IoT trends in cybercriminal undergrounds forums for Arabic, Japanese, English, Russian, Portuguese, and Spanish languages.
Find out which devices cybercriminals are most interested in hacking. Discover what they are thinking in terms of attacking existing IoT infrastructure. Finally, before IoT attacks become the norm, we will explain the challenges LEA and forensic professionals should be aware of in order to better protect their organizations.
Vladimir Kropotov is a researcher with Trend Micro FTR team. Active for over Bio: 15 years in information security projects and research, he previously built and led incident response teams at Fortune 500 companies and was head of the Incident Response Team at Positive Technologies. He holds a masters degree in applied mathematics and information security. He also participates in various projects for leading financial, industrial, and telecom companies. His main interests lie in network traffic analysis, incident response, and botnet and cybercrime investigations. Vladimir regularly appears at international conferences like FIRST, CARO, HITB, , PHDays, ZeroNights, POC, Hitcon, BlackHat EU.
Attacks on Telco’s in the transition to 5G Era: the view from Title: the cyber-underground
Telecom networks should be considered as a backbone for many Abstract: industries including Finance, Hi-Tech, Hospitality and Government. And in our research into the cyber-underground has consistently shown it as a unique place where many things, including pretty sensitive PII, financial transactions, electronic copies of documents are freely traded. That is why telecommunication companies, their infrastructures and services are often targeted by underground actors.
This presentation will be focused on services related to attacks and abuses of telecom networks offered on the cyber-underground forums. We walk through examples and case studies which cover different type of cyber-criminal activities including: voice and SMS DoS attacks on sensitive phone numbers, Calls, SMS landing and interception, customised tools like special versions of SIM Cards, Phones and 4G routers, location tracking, call and SMS records of the subscribers, and much more. In the conclusion we will discuss, how transition to the 5G world will affect the threat landscape and provide recommendations and suggestions for telecom companies and their customers how to deal with these threats.
Julie Cabuhat is an Incident Response Analyst for the Managed Detection and Bio: Response Group in Trend Micro. She has years of experience performing digital forensic investigations across various industries. Upon joining Trend Micro, she monitored and analysed high-profile malware families, specifically focusing on arrival vectors and distribution methods. She also created in-depth technical malware family reports and provided insights for security blogs. She is a GIAC Certified Forensic Analyst (GCFA). She also currently holds the EnCase Certified Examiner (EnCE) , AccessData Certified Examiner (ACE) certifications in the field of Computer Forensics.
[I]ncident [R]esponse through MxDRToday’s cyber-attacks are designed to evade detection. They are complex, stealthy, and often built specifically for its target. And while there is no such thing as 100% protection against attacks, being able to detect and respond to them as soon as possible helps prevent minimize their impact. In this session, an Incident Response Analyst from the Trend Micro Managed X Detection and Response (MxDR) team will discuss the evolution of traditional incident respose to incident response done through MxDR.