Exploring the cyber threat landscape: how to stay on top of the threat evolution
The threat landscape is ever-evolving, and the last few years we’ve seen it become even more crowded as the amount of threat actors strongly increase.
Date
19.10.2022
Time
9:00 AM - 11:20 AM
Location
Hotel Continental , Stortingsgata 24/26, 0117 Oslo
In an effort to meet this development CrowdStrike, our co-hosts this breakfast seminar, is currently tracking 185 of these adversaries, providing us with a unique insight into adversary techniques, verticals, nation-state affiliations and motivations.
Join mnemonic and CrowdStrike on Wednesday 19th of October to learn how the evolving threat landscape affects us and our customers, and how we strive to adapt and get in front of these developments. You will also gain insight into a selected few of the adversaries that CrowdStrike monitors closely, and mnemonic will introduce a new service offering based on CrowdStrike technology.
See you there!
Read more about mnemonic and CrowdStrike’s partnership
Agenda
08.00-09:00 Registration and breakfast
09:00-09:05 Welcome and introduction
09:05-09:35 How we found our unique detection rule for the Industroyer2 malware
with Rafael Lukas Maers, Reverse Engineering Team Lead, mnemonic
On December 17, 2016 there was an hour-long power outage in a fifth of Kyiv, Ukraine as a result of a cyberattack. The malware, known as Industroyer, had support for a network protocol used for high-level monitoring and controlling electrical power systems from control rooms to substations. On April 8, 2022 there was another cyberattack on the Ukranian power grid. This malware also had support for this protocol, and was aptly dubbed Industroyer2 due to code similarities. However, this time we were able to create unique, world-class detection capabilities.
During his presentation, Rafael will guide us through the process he and a cross-departmental team at mnemonic followed to analysed the malware to determine the kind of traffic it generated, identify unique patterns for detection, and finally, combined this knowledge with the power of Argus' detection capabilities to produce (as far as we know) the only general, robust and easy to deploy network detection rule for Industroyer2 in the world.
Technical level: 3/5
Language: Norwegian
09:35-10:15 Overview of the adversarial threat landscape
with Christian Heggen, CrowdStrike’s Strategic Threat Advisory Group
CrowdStrike will be providing a strategic-level overview of the main cyber security threats and trends that they have observed over the past 18 months, how nation-state adversaries have adapted their attack techniques, and how the ecosystem of financially-motivated eCrime actors has increased in size, complexity, and specialisation.
Additionally, CrowdStrike will illustrate the major threats that they are currently observing in Scandinavia and Europe as a whole, including profiles of the most active adversaries in the region.
Technical level: 2/5
Language: English
10:15-10:35 Break
10:35-11:20 Argus Endpoint Responder – Powered by CrowdStrike Falcon
with André Holvik & David Melbye Wechsler, mnemonic
Monitoring and protecting endpoints has never been more critical than today. Malicious adversary activity happens around-the-clock and according to CrowdStrike, average breakout time in 2021 was just 1 hour and 24 minutes. Detecting and responding efficiently requires a team with expertise and availability to manage and resolve critical incidents. Rapid response combined with isolation activities are becoming mandatory to keep organisations secure.
This session will detail how the Argus Endpoint Responder service helps organisations detect and respond to threats. In this session, mnemonic will also introduce their strategic partnership with CrowdStrike and what benefits the CrowdStrike Falcon adds to the Argus Endpoint Responder service. This new service introduces a 13 months raw log data retention, with the data centers being located in Norway.
Technical level: 2/5
Language: Norwegian