Swiss Cyber Storm take aways

My personal key take aways from the #SwissCyberStorm congress..

?Conclusions about "A Cyber Perspective on the Russian Invasion of Ukraine"

• Overall a tremendous increase in the number of cyber operations during the war, but no increase in the concessions, severity, difference in targets or methods of access was observed.
• Little evidence for coordination between cyber- and convential operations in the form of multidomain operations.
• Cyber Operations offer no shortcuts in war & do not dramatically aid in the undertaking of military operations.

?? I was really astonished about those statistics, I would have thought the cyber operations have had much more impact!

?

Worth to consider "What You Can Learn from Cyber Incidents to Improve Your Resilience"

...Cyber attacks happen everywhere, if you are able to get rid of vulnerabilities, the next ones are just around the corner... That's not new right? But honestly does your company consider what you'd do in case you got hacked? Have you documented the steps you would take in case of ransomware or similar attacks what we see every day in the news?

Could you explain to the board, all the activities you would trigger in the first hour?

?? Please don't say it's an IT-Problem, the IT-department has to solve it! That's not working out at all.

?

Ransomware evolves.. "Ransomware as Smokescreen for Nation State Sponsored Cyber Operations"

There is a general consensus around the financial motivation behind ransomware campaigns. While this holds true, by analyzing a series of unusual ransomware campaigns it was demonstrated that nation-states have jumped on the ransomware bandwagon and are increasingly using it as a smokescreen for purposes other than financial gain, such as espionage and sabotage. In these ransomware campaigns, nation-states can plausibly deny their involvement by hiding their identity and true goals behind a financially motivated ransomware threat actor.

?? Let us quickly have a glance to the anti-Ransomware Best Practises..

• DR, backup concept/process
• Vulnerability Management
• Awareness
• Security controls, increase your security posture
• Leverage cyber intelligence
• and some more :)

Are you ready?

?

Ever heard about "Detecting Cloud Command and Control"

Command and control is nothing new, but abusing comman cloud apps such as OneDrive, DropBox, Github, Google Drive, Teams, Twitter can be very tricky to detect!

Why? Both malicious and benign traffic is going to the same domain & traffic to the domain is often encrypted using the cloud providers certificate

Luckily anomaly-detection evolves as well, they look into the signals and detect unusual- entities, user agent for the user's machine, username used to login to the app & authentication methods

?? Well I do not wonder, why Security investments are potentially increasing over the next years to come, do you?