SciBabe's Guide to Surviving Fake News
Can you spot fake news when it pops up in your Twitter feed? Are you sure? Even the most ardent skeptics and trained scientists can have trouble separating landmark discoveries from hyperbolic writing or dry satire when reported in popular media. The new media landscape of sponsored content and fake news is making the simple act of deciphering a fact from an "alternative fact" a little more difficult.
Yvette d'Entremont (aka SciBabe) combines science and sardonic humor to cut through the BS in social media. With her background in analytical chemistry and forensic science, she will help you seek out accurate reporting on science and current events in our evolving media landscape with her Guide to Surviving Fake News.
When Good Software Goes Bad
Amidst all of the furor and noise about NSA exploits and failed patching efforts, this year’s NotPetya ransomware campaign also revived awareness of a potent and often underestimated means of compromise: software supply chain attacks. In truth, you don’t need to look far to find a surprising number of similar incidents over the past decade. And while this tactic shares some commonalities with watering holes and similar forms of attack, it also provides some unique benefits to an intruder seeking to jump-start a targeted compromise.
This presentation will begin with a brief history of software supply chain attacks, illustrating the scale of opportunity (realized or not) that each afforded to adversaries. It will draw distinctions among how attacks against end-user software compare to other forms of supply-chain compromise. Next, it will cover why typical enterprise security controls - ranging from automated prevention to detection and hunting - are often unable to to stop or detect these techniques. Finally, it will offer practical approaches to mitigate such attacks, and in the process, bolster defenses against other common sources of security risk.
Analyzing and Understanding the Criminal Ecosystem
The concept of capitalism thrives on the open market forces of supply and demand, and these same forces are driving the evolution of today’s Crimeware microcosm, where a close-knit ecosystem of independent actors offers goods and services based on demand from ongoing malicious campaigns.
In this discussion, RSA FirstWatch will discuss the various pillars of the Crimeware ecosystem, the market forces fueling their growing interdependence, and the evolution of proven business models/practices.
Infrastructure Security 2.0
Shopify has leveraged Kubernetes through Google Container Engine (GKE) to build its new cloud platform. This PaaS is currently serving the majority of the company's internal tools as well as business-critical production workloads. Moving to Kubernetes and a public cloud is no easy task, especially for a security team.
Given industry's limited experience with cloud computing and cloud native technologies, this talk hopes to demystify some of these core cloud concepts. We'll talk about containers: what they are, how to build them, how to secure them, and how to integrate security tooling into build and deployment pipelines.
Building a secure container is one thing, but how do we deploy containers to production? What does this mean? We'll introduce Kubernetes, an open-source system for automating deployment, scaling, and management of containerized applications. With Kubernetes we also have a number of security controls that we can implement to further restrict the operation of containers. We'll explore some of these primitives as they'll fit nicely with the context on container security.
Lastly, running on a public cloud comes with its own unique challenges. We'll explore some of the pitfalls we've encountered deploying infrastructure to a public cloud.
Cyber Warfare in the CAF
Canadian Armed Forces
The Canadian Armed Forces, as a result of the Defence Policy Review, is investing heavily in Cyber warfare. This includes the creation of a new occupation, developing new doctrine and establishing a new command structure to help the military take on this challenging battlespace. Master Warrant Officer Arndt will provide a high-level overview of what the Canadian military has done, is doing and will do in the Cyber environment and give some insights into the challenges that come with working in this emerging area of operations.
If I Had a Million Dollars
Privy Council Office
If you had a million dollars to spend on your IT security program, what would you invest in?
In today's fast-paced digital world, it can be challenging to know where to focus your priorities. IT security industry trends, recent headlines and the latest gadgets and tools can provide some enticing options but they don't necessarily lead to a coherent strategy. In this presentation, we will study examples of cyber incidents and how they might influence an organization's IT security program. Then we will discuss a number of other factors that should be considered when prioritizing investments and developing a sound IT security strategy tailored to your organization's needs.
No Ordinary Phishermen: The Rise of the “Mcrypt” Gang
Royal Bank of Canada
This talk will cover the research and work done to uncover the operations of a group of sophisticated phishers who have built a vast network of compromised servers to run their phishing campaigns. At the same time, this gang sells access to part of their infrastructure to other, low level phishers. Part of the presentation focuses on a tracker and a logger built to monitor their activities using their own artifacts. This tracker allows for information to be shared about the phishing campaigns before they go live, recover credentials and obtain tools and information about the attackers including one underground spam shop they operate. So far, six actors have been identified, plus an operator who is in charge of compromising new sites and uploading backdoors that are later used to arm the phishing campaigns. This work covers some human intelligence obtained from e-mail and Jabber conversations with some of the actual actors. Referred to as the “Mcrypt” gang, they keep evolving their tactics in order to defend their attacks from timely takedowns from Anti-Phishing companies, and this has forced the techniques used to monitor their activities to constantly require innovation and improvement.
The Cyber Threat Intelligence Matrix: Taking the Red Pill of Attacker Eviction
When you are responding to severe and targeted intrusions, it has been gospel for the past years to observe, scope and learn before attempting to evict the attacker. This is very sound advice, and probably the only way you can successfully evict an entrenched, determined and mission driven adversary from your networks. But when is the right time? When are you done scoping? When do you know enough to evict, and more importantly, resist immediate re-entry? Take the red pill and enter the Cyber Threat Intelligence Matrix.
Medical Device Security
The focus of this presentation is on the security of medical devices. Anything from enterprise hospital equipment to embedded gadgets that are available for patients. We will walk through all the layers of security starting from the hardware, firmware and RF. This talk is a story of our experiences and struggles when dealing with proprietary vendor specific equipment and the lessons we learned in the process. If you are looking to expand your skillset to medical devices or brush up on it this is the talk for you.
Healthcare hacked, the growing threat to internet connected medical devices in hospitals
The healthcare sector has been the industry with the highest number of data breaches, followed by the government and retail sectors. Hackers can invade hospital networks through insecure medical equipment in the ER and patient treatment rooms by gaining the same level of access as a member of hospital staff. According to Shodan data, over 158,000 medical devices are currently exposed on the internet, making this an easy target for hackers. Medical devices like insulin pumps, x-ray diagnostic machines, heart monitors are not always under HIPAA making security hard to monitor and many of these devices are not required to be FDA approved. With no governing body for cybersecurity standards hospitals are often in the dark about medical devices vulnerabilities.