Presentations – IT-DEFENSE 2022
Critical Infrastructure Protection according to the IT Security Act – Basics, Implementation and Developments – Dr. Christoph Wegener
According to the IT Security Act (ITSiG) of 2015 and the related BSI-Kritis Ordinance (BSI-KritisV) of the years 2016 and 2017, operators of critical infrastructures are obligated to take appropriate, state-of-the-art technical and organizational measures to ensure the security of their IT infrastructure. Moreover, the measures implemented must be audited every two years, and the operators have the obligation to report security incidents to the Federal Office for Information Security.
This presentation shows what requirements exist, how they can generally be put into practice and what extensions are now planned with the IT Security Act 2.0. The question of appropriateness and of requiring state-of-the-art measures will also be discussed. An insight into the threshold values of BSI-KritisV and an outlook on possible future developments will round off the presentation.
Unlimited Sherlock: Deep-Dive into Forensics Operations to Track Down Hackers – Paula Januszkiewicz
Cyber-crime is booming as threat actors seek to exploit the increased online dependency and mass migration to remote working triggered by the global health pandemic. Malicious registrations, including malware and phishing, grew 569% from February to March 2020, while new samples of ransomware rose by 72% in the first half of 2020. In this current climate of spoofed domains and cleverly faked emails, demand for digital forensics skills has never been higher. Organizations are wising up to the fact that by discovering how an attacker gained entry to a system, similar attacks can be prevented.
During this session, Paula will show you how to think like a hacker so you can evaluate your infrastructure for exploitable vulnerabilities and how to recover the evidence attackers leave behind. Join us and become familiar with the most up-to-date Forensics Operations to become aware and well prepared to investigate hackers’ tracks.
During the presentation Paula will be demoing various examples of forensics operations that she delivers at Customer sides. During the pandemic her Team was engaged in many forensics and incident response projects, also on the government level. She would like to demonstrate the most up to date attacks, corresponding with techniques of discovery. It is going to be a super engaging session that showcases the best practices for information extraction. Participants will receive ready-to-launch instructions about how to extract information from various places in the operating system and monitoring solutions.
Patch Management, the Other Side – Felix von Leitner aka Fefe
Patch management is generally considered from the perspective of those people who install the patches, and it is often a rather phenomenological approach. Patches are turning up – and what are we supposed to do with them?
This talk is about the other side. What actually happens at the manufacturer’s that leads to the creation of a patch? What can we learn from these processes that helps us deal with patches?
From CISO in an Enterprise to CIO/CDO of a Federal State: Experiences and Daily Challenges – Stefan Krebs
Following a brief overview of the current threat situation, the speaker will go into the Emotet attacks in Hesse and deal with the question: “Why the city of Frankfurt has done everything right and it still was wrong.” The second part of the presentation will examine cybercrime in the time of corona. From the risks of working from home to “corona ransomware with chat features” and CEO fraud – cybercriminals have not taken a coronavirus break. The third part is dedicated to the inventors of working from home – hackers. Besides providing the latest insights into the Elcatel case and the bulletproof hoster from the village of Traben-Trabach, there will be a short trip to the darknet.
On the Economy of Attention – Prof. Dr. Gunter Dueck
Attention wins, no matter what kind – as long as it is shrill or sensational, breaking taboos or representing alternative facts. World conspirators, politics liars and professional insulters are clouding every state of facts, are driving ill-fated politics and are making clear assessments of situations more difficult. Hundreds of millions are made in the economy by hyping or dissing shares, and marketing campaigns are also increasingly overstepping boundaries. Particularly popular: statistical creativity. Sober truths, however, are sober; facts are dry. What’s going on here? We have arrived in an attention economy, in which the communication possibilities of the Internet have led us. What counts are clicks, views and likes. This presentation reflects on the background and gives an insight into the attention chaos.
Dealing with IT Disasters Legally – Preparation, Reporting Obligations and Fines – Joerg Heidrich
Open servers with customer data, freely accessible video surveillance, ransomware: IT security has long since become part of data protection, and IT accidents usually also indicate a breach of the strict General Data Protection Regulation. This starts with the question, which data can be stored at all and how long, it affects the requirements of an IT security concept and ultimately also the challenges of dealing with such a catastrophe. Looking at the potential fines and the potential claims for damages of those affected shows how unpleasant such an accident can become. As the data protection officer of Heise Medien and a specialist lawyer for IT law, Joerg Heidrich was involved in the research and evaluation of numerous IT disasters. Using practical examples, he will talk about his insights and the lessons he learned.
5G Security! Where are we standing – Altaf Shaik
This talk provides practical insights into the first phase of commercial 5G networks across the world. The emphasis is placed on the security issues that have been identified in the previous generations and fixed in 5G networks. Although major security improvements have been carried out by the standardization bodies, they differ in implementations. Experimental findings are provided to illustrate how secure 5G networks are compared to their previous generations and what to expect in the second phase of 5G networks.
Big-Game Hunting – Volker Kozok
Colonial Pipeline, Emotet – the city of Frankfurt and the Berlin Court of Appeals, Korean hacker groups hunting for bitcoins, research results from universities – the targets of criminal and state-controlled hacking attacks are getting better and better, their objectives bigger and bigger. While ransomware attacks have so far been aimed at “end customers”, they are now targeting renowned enterprises and large organizations. Meanwhile, “crime as a service” offerings are getting more professional. This presentation gives insights into the latest attacks and shows exemplary procedures of different hacker groups.
Into the Dark - Switching off Renewable Power from Everywhere - Stephan Gerling
Colonial Pipeline, Emotet – the city of Frankfurt and the Berlin Court of Appeals, Korean hacker groups hunting for bitcoins, research results from universities – the targets of criminal and state-controlled hacking attacks are getting better and better, their objectives bigger and bigger. While ransomware attacks have so far been aimed at “end customers”, they are now targeting renowned enterprises and large organizations. Meanwhile, “crime as a service” offerings are getting more professional. This presentation gives insights into the latest attacks and shows exemplary procedures of different hacker groups.
Red-Teaming: Look behind the Scenes of the Attackers - Konstantin Bücheler and Michael Brügge
In this presentation Konstantin Bücheler and Michael Brügge will talk about their experiences from past red-teaming projects. They will explain the differences between red team assessments and traditional security assessments and outline the typical course of such a project. Using real-life scenarios, they will take you to the technical side of the attackers. Konstantin and Michael provide detailed insights into the technical setup of a command-and-control infrastructure as well as into today’s and future techniques to bypass endpoint detection and response tools. In addition, they are going to show a tool for attacks on site, which renders 802.1X-based network access controls useless and enables a direct communication channel to the internal network via LTE.
I am Root: Security Analysis of Simo’s vSIM Android Software – Dr. Ryan Johnson
Simo uses specialized hardware and pre-installed software in certain Android smartphone devices to provide mobile data using Virtual Subscriber Identity Module (vSIM) technology. We examined Simo’s pre-installed software and discovered that it contains vulnerabilities that can be locally exploited due to multiple flaws, most notably a lack of authentication of the source update material, in their software update process. Exploiting the insecure update process with a spoofed update, a third-party app can achieve persistent local code and command execution as the root user, allowing it to perform the following actions programmatically: installation of apps, granting of permissions, setting a network proxy, setting the keyboard to one with keylogging functionality, setting a custom launcher to spoof apps, force unloading kernel modules, and more. In addition, the user’s list of installed apps and device International Mobile Equipment Identity (IMEI) is transmitted to foreign countries even when the user does not use the vSIM service. We have dynamically confirmed the vulnerabilities in the BLU G90, BLU G9, Wiko Tommy 3, Wiko Tommy 3 Plus, and Luna Simo Android devices. As of January 20, 2022, Simo’s app named "SIMO - Global & Local Internet Service Provider" has more than 10 million installations according to Google Play's webpage for the app.
Blockchain! – Secure Deceit – Linus Neumann
Blockchains are on everyone’s lips – mainly on the lips of those who haven’t understood this concept. We will first briefly call to mind the problem solved by blockchain. Then we will look at the many problems it can cause. Finally, we will take up the big challenge of finding a proper use for it – outcome uncertain.