Goes Virtual
November 25-27

CyberCrimeCon 2020

Global Threat Hunting & Intelligence Conference
November 25-26ConferenceRegister
November 27Threat Hunting Game Find out more
2020

About CyberCrimeCon 2020

CyberCrimeCon brings together cutting-edge cybersecurity professionals and independent researchers from financial and tech sectors, large retail and industrial companies, and law enforcement agencies.

Its purpose is to present the latest research findings and share expertise in order to prevent, detect, and respond to security challenges.

CyberCrimeCon is intended for a variety of participants: CISOs, CIOs, threat hunters & threat researchers, incident responders and investigators, SOC experts, TI analysts, pentesters, and more.

The conference is an opportunity to learn and exchange practical ideas and technologies.

Day 1 (GMT +1)
Topic
Speaker
8:00-8:10
Introduction, Group-IB ecosystem overview
Nicholas PalmerVP International Business / Group-IB
Tim BobakBusiness Development Director / Group-IB
8:10-8:20
The Group-IB Manifesto
Ilya SachkovCEO & Founder / Group-IB
8:20-9:10
High-tech crime trends 2020-2021
Group-IB presents «High-Tech Crime Trends 2020/2021», the company’s annual overview of the evolution of the cyberthreat landscape. The comprehensive analysis is powered by world-class proprietary technologies and vast experience in incident response and cyber investigations. The report offers reliable strategic data; key trends and forecasts for 2021 separated by industry; an in-depth review of ransomware developments and state-sponsored warfare; and much more.
Dmitry VolkovCTO / Group-IB
9:10-9:15
Break
9:15-9:25
Introduction by Guest of Honor: Modern Cybersecurity Landscape
9:25-10:05
Group-IB Threat Intelligenсe & Attribution Product Launch

How to detect attacks overlooked by common cyber defense tools and understand every facet of security across your organization?

Join Group-IB’s launch of Threat Intelligence & Attribution – a unique ecosystem providing only tailored, threat centric intelligence – and learn:

  • How using cyber threat intelligence data can make security teams more efficient by at least 30%
  • An advanced model of profiling organized cybercrime groups and state-sponsored actors
  • Modern analytical tools for threat hunting which use the largest collection of dark web data
  • An automated graph that correlates and attributes threats, and enriches collected data
Nicholas PalmerVP International Business / Group-IB
Dmitry VolkovCTO / Group-IB
10:05-10:50
Adding Friction to Cybercriminal Behavior Chains
Every criminal endeavor has a con, a process, a workflow, or a «scheme» associated. For these schemes to be successful, they must have a certain, predictable outcome for the criminal. By examining cybercriminal adversary behavior, targets, and origins, we can build logical stories or use cases for what the adversary might be trying to accomplish — their desired outcomes. Once we understand what adversaries expect to see, receive, and monetize (or operationalize), we can work to de-incentivize the scheme, remove or delay feedback loops, and build in deception. These actions work together to cause as much pain to adversaries as possible. At the end of this discussion you will have a solid understanding of the TITO Threat Intelligence Framework, know how to apply TITO concepts to your existing Threat Intelligence program to improve operational workflows, and be able to add new friction to adversaries.
Thomas SchmittGlobal Director for Cybersecurity / Anheuser-Busch InBev
10:50-11:20
From messengers to weapon developer’s secrets
How to detect attacks if the threat actors use legitimate websites? Since late 2019, Lazarus has been continuously updating its proxy layer infrastructure. It is now impossible to detect malicious communications using traffic analyzers. I’ll tell you a story about how an innocuous acquaintanceship in WhatsApp led to a defence supplier being compromised.
Rustam MirkasymovHead of Cyber Threat Research, Europe / Group-IB
11:20-11:25
Break
11:25-11:45
Toolmarks Tell The Story
Within the cyber security community, we very often see public reports identifying threat actor activity in very general terms. For example, a recent write-up regarding activity associated with threat actors deploying the Snatch ransomware stated that they, «...turned off Windows Defender...» without going any further. While there are a number of ways to accomplish this task, sharing the methodology details, or «toolmarks» not only provides actionable intel for proactive and DFIR threat hunting, but the granularity and context contributes to attribution. This presentation will demonstrate what «toolmarks» are through the use of examples.
Harlan CarveySenior Threat Researcher / Independent
11:45-12:15
Three, Two, One, Encrypt!
The world has seen several surges of successful high-profile ransomware attacks since early 2020. In common beliefs, ransom attacks are straightforward hacking activities. However, there are more beyond the simple step of data encryption. This research presents the audience a close-up look into a ransom attack against a Singapore financial institute caused by PulseVPN vulnerability. It examines REvil’s delicate operation models under its raw hammer style power exhibition. It further surveys the underground eco-system which supports REvil’s success.
Feixiang HeSenior Threat Intelligence Analyst / Group-IB
12:15-12:20
Closing remarks
Nicholas PalmerVP International Business / Group-IB
Tim BobakBusiness Development Director / Group-IB
Day 2 (GMT +1)
Topic
Speaker
8:00-8:10
Introduction & Agenda overview
Nicholas PalmerVP International Business / Group-IB
Tim BobakBusiness Development Director / Group-IB
8:10-8:55
Group-IB Threat Hunting Framework Product Launch
You need a solution that predicts threats and protects infrastructure. That is why we are proud to present Group-IB Threat Hunting Framework, a single solution for IT and OT environments that is designed to detect unknown threats and targeted attacks, hunt for threats both within and beyond the protected perimeter, and help investigate and respond to cybersecurity incidents.
Tim BobakBusiness Development Director / Group-IB
Nikita KislitsinHead of Network Security Department / Group-IB
8:55-9:00
Break
9:00-9:30
History & Cyber Repeats Itself
Do we as a cyber-community learn from the past? Have we looked into the major historical cyber-attacks, and been able to understand the key shortfalls? More importantly, did we gear up to defend ourselves from a repeat attack? Are we doing enough to defend the critical national infrastructure, and to ensure we do not repeat the mistakes of the past? This talk walks thru a few case-studies and deep dives into what really happened and what should have been done to better defend ourselves.
Kunal SehgalDirector for Cyber Resilience / Global bank
9:30-10:00
Ransomware operations. Tactics, Techniques and Procedures of 2020
Ransomware groups have outdone themselves in 2020. Their activity and demands have surpassed all imaginable (and unimaginable) records. Notably, nearly all ransomware operators have targeted enterprise networks, a trend that has aptly been named «Big Game Hunting». In this report, you’ll learn why these groups have been successful and why more groups like them are joining the big game.
Oleg SkulkinLead Digital Forensics Specialist / Group-IB
10:00-10:30
When ransomware hits an ATM giant —
The Diebold-Nixdorf case dissected
In April 2020, Diebold Nixdorf, the world’s largest provider of ATMs, became the victim of a ransomware attack. Until today, relatively little is known about the incident and customers have been left with only brief information. In contrast, the number of supply chain attacks is growing exponentially, which in turn increases the risk potential for customers to become victims of a subsequent attack. This presentation examines the incident at Diebold Nixdorf from a perspective of a financial IT provider and presents the results of the technical analysis.
Frank BoldewinExecutive Expert Security Operations & Defense /
Fiducia & GAD IT AG
10:30-10:35
Break
10:35-11:05
Carding Action 2020
The Europol joined Carding Action focuses on fraudsters selling and purchasing compromised credit card details and login credentials online. The audience will see how high value targets are prioritized, identified and investigated by law enforcement. Moreover, financial institutes helped to mitigate millions of potential losses which makes it a prime example of public-private partnership. The Carding Action 2020 was conducted in cooperation with Group-IB.
Tobias WielochEC3 / EUROPOL
11:05-11:35
Group-IB investigations: How would we deal with your incident?
Investigation team process at least 5 incidents every day from our clients for the persons involved. Some of them lead to the conclusion that there is no real threat and some of them lead to the real investigation with attribution to a country and group, finalizing with details of hackers’ identities. During this short session I would like to show the details of 3 our investigations: phishing, scam and national leakage. All cases were happened in the APAC region this year. You will see the patterns of hackers behavior and technical issues that can lead to their deanonymization.
Vesta MatveevaHead of investigation department, APAC / Group-IB
11:35-11:45
Closing remarks
Nicholas PalmerVP International Business / Group-IB
Tim BobakBusiness Development Director / Group-IB

Threat Hunting Game

November 27, 9 AM - 2 PM (GMT+1) / 4 PM - 9 PM (GMT+8)

The Threat Hunting Game is an individual CTF competition during which players will demonstrate their skills in analyzing malware and network traffic, handling alerts, and hunting for threats based on real-life cases.

Speakers

Ilya Sachkov

Ilya Sachkov

CEO & FounderGroup-IB

Craig Jones

Craig Jones

Director of CybercrimeINTERPOL

Frank Boldewin

Frank Boldewin

Executive Expert Security Operations & DefenseFiducia & GAD IT AG

Tobias Wieloch

Tobias Wieloch

EC3EUROPOL

Harlan Carvey

Harlan Carvey

Senior Threat Researcher

Dmitry Volkov

Dmitry Volkov

CTO & Co-FounderGroup-IB

Nicholas Palmer

Nicholas Palmer

VP International BusinessGroup-IB

Tim Bobak

Tim Bobak

Business Development DirectorGroup-IB

Vesta Matveeva

Vesta Matveeva

Head of investigation department, APACGroup-IB

Kunal Sehgal

Kunal Sehgal

Director for Cyber ResilienceGlobal Bank

Nikita Kislitsin

Nikita Kislitsin

Head of Network Security DepartmentGroup-IB

Thomas Schmitt

Thomas Schmitt

Global Director, CybersecurityAB InBev

Rustam Mirkasymov

Rustam Mirkasymov

Head of Cyber Threat Research, Europe Group-IBGroup-IB

Oleg Skulkin

Oleg Skulkin

Lead Digital Forensics Specialist Group-IB

Feixiang He

Feixiang He

Senior Threat Intelligence AnalystGroup-IB

Show more

Media partners

Media Registration

 

APAC CIOoutlook is a print magazine that aims to provide a platform for CIOs, CTOs and other senior level IT buyers and decision makers along with CXOs of solution providers to share their experiences, wisdom and advice with enterprise IT community of APAC countries.
The CyberWire delivers concise, accessible, and relevant cybersecurity content, separating the signal from the noise. Subscribe to the newsletter industry leaders depend on.
Technology and Security channel focused on Southeast Asia and the 10 ASEAN member nations.
Dedicated channel for Boards, C-Suite Executives and Cyber Risk Leaders to highlight cyber threats as a key business issue.
Dedicated marketplace connecting industry and enterprise professionals to the latest events, education, technology and media platforms across a global security domain.
Dedicated media provider to the security industry, we are a primary source of information and reference for security industry professionals, as well as end-users. We engage, educate and listen to our audience across multiple channels to provide the best marketing reach. We work with you to help communicate your message. Stay updated by downloading the app today!
CPO Magazine provides news, insights and resources for data protection, privacy and cyber security leaders.
The UK Cyber Security Association (UKCSA) is a membership organisation for individuals and organisations who are actively involved in the cyber security industry
Cyber Defense Magazine is by ethical, honest, passionate information security professionals for IT Security professionals. Our mission is to share cutting edge knowledge, real world stories and awards on the best ideas, products and services in the information technology industry.
EM360 is a multimedia platform that delivers tech news, opinion pieces, and educational content to the global corporate and IT communities.
SecurityLab.ru is the largest media resource in Russia for IT security professionals. We cover all major events worldwide and inform our readers on new threats and trends in ITSec area.
Anti-Malware.ru is the largest independent analytical center in Russian, cybersecurity online media. Every day we publish the hottest news, expert articles, reviews and comparisons of cybersecurity products. Our online conferences under the AM Live brand are intended to choose the best and most effective security solutions on the market.
Sk.ru — the official Skolkovo Foundation website — produces news content related to the main services of the innovation center and developments by foundation ecosystem participants in fields such as IT, including cybersecurity, biotechnology, energy efficiency, space and nuclear technologies.
The business magazine Banking Review has been published since 1996. The printed version is published monthly. The printed version of the magazine includes two applications: Best Practice (banking cases) and FinlEGAL (cases on judicial and supervisory practice)
IT Media — there is press and there are tools for your business as well.
BIS Journal — Information Security for Banks is the first and only Russian trade periodical that specializes in various aspects of informational security of banks and credit and financial organizations.
IT Media — there is press and there are tools for your business as well.
Professional magazine for specialists in the field of information security. The main topics are related to information security aspects for business and public authorities: from trusted environment and secure development to compliance and training issues.

Registration

Thank you!

You will receive a confirmation email shortly

About Group-IВ

Group-IB is a Singapore-based provider of solutions for the detection and prevention of cyberattacks and online fraud, IP protection, and high-tech crime investigations.

Group-IB’s technological leadership is built on the company’s 17 years of experience in cybercrime investigations worldwide and 60,000 hours of incident response accumulated in our leading forensic laboratory.

17 years

of experience in preventing and investigating hi-tech crimes

1 000+

successful investigations of high-profile cybercrimes worldwide

$300 mln

was returned to our clients due to Group-IB’s efforts

Official partner
 

Europol
OSCE

Group-IB’s products and services are recognised by top industry researchers

Gartner
Forrester
IDC