UK Cyber Week - Day Two
Day 2 at UK Cyber Week began just like Day 1, with arrival at around 10 AM and heading straight into the keynotes. The first keynote was from Phillip Ingram on "Putting Cyber into Context - The Developing Geopolitical Security Environment." This talk really broadened my understanding of the impacts of cybersecurity and cyber-warfare on the geopolitical standings of the world. Phillip spoke on the differences between dictatorships, which can make changes over the course of a leader's lifetime, and presidential/prime ministerial systems, where leaders typically only have four years to make significant changes before potentially being voted out. Phillip then spoke about the NCA and police breakthrough with Operation Venetic, which dismantled organized crime groups with 746 arrests, £54 million in criminal cash, 77 firearms, and over two tonnes of drugs seized. You can read more about this at the National Crime Agency website. Phillip finished his talk by touching on the dangers of the fine print, citing how Pokémon Go initially had access to everything on a user’s phone upon signing up. This was later forcibly changed, as it is unethical to gain access to all of someone’s data without making it explicitly clear.
Next, we had the Global Threat Report from CrowdStrike. John Spencer, CrowdStrike’s Northern Europe Engineering Director, provided extremely valuable insights. One of these insights was that the breakout time for an adversary had decreased from 9 hours to just over one hour. Breakout time is defined as the time from initial access to someone’s network until creating an issue. MFA fatigue was identified as a common problem among companies using CrowdStrike solutions. MFA fatigue occurs when the adversary sends continuous requests until the individual finally accepts due to being overwhelmed or tired of receiving notifications. John Spencer also discussed the APT group Cozy Bear, thought to be part of the Russian Foreign Intelligence Service, and the hacking group Scattered Spider, believed to be composed of 19-22-year-olds from the United States or the United Kingdom. Scattered Spider is known for its social engineering abilities, while Cozy Bear is known for successful spear-phishing attacks and malware usage.
After this, I stayed in my seat to watch Jake Moore give his talk, "Your Voice is My Password." Jake, a Global Cybersecurity Advisor at ESET, delivered a brilliant and engaging presentation. Jake had hacked one of his friends, ultimately 'stealing' £250 from him. This began with a SIM-swap attack, followed by social engineering with the phone company, and finally, a voice note created on an online voice-duplication website to further socially engineer his way through an employee of Jake’s friend. Jake then questioned the employee’s ability to verify the voice note. It had been received from the employer’s (Jake’s friend's) WhatsApp and sounded like the employer. Why should it be questioned? It’s only becoming easier for adversaries to push their way into our lives using these new technologies, making it increasingly important for us to question everything.
Jake was followed by Alex Wood, known to some as the 12th Duke of Marlborough. You can read more about Alex’s fake duke status on the BBC website. Alex described how he successfully defrauded hotels throughout London and socially engineered small/medium business owners to send him millions of pounds while claiming to work for a bank.
To finish the day, I attended a talk by Kevin Fielder, CISO at Natwest Boxed & Mettle, and Stuart Barnett, Director of Cyber Threat Intelligence at Orpheus Cyber. Kevin spoke about the importance of empathy in the role of a CISO and how to handle accidental insider threat attacks. Stuart discussed the importance of threat intelligence and the need to know all you can from every angle, especially in safeguarding supply chains from third-party threats.
All in all, it was a brilliant two days at UK Cyber Week.