Human-operated ransomware is a large and growing attack trend that poses a threat to most industries. Human-operated ransomware is different from ordinary ransomware. These "hands-on keyboard" attacks leverage human attackers' knowledge of the common system and security misconfigurations to infiltrate a compromised network and adapt to the network and its weaknesses as they progress. These attacks can be catastrophic. Only by completely evicting the opponent can you protect yourself against future attacks. Unlike ordinary ransomware, which only requires malware correction, human-operated ransomware will continue to threaten your business operations.

As maiores empresas do mundo dependem das suas aplicações (web e mobile) para conduzir os seus negócios e manter a relação com o mercado, tornando estas aplicações e os dados dos clientes o seu maior ativo. 

Este valioso ativo transformou-se em um dos principais alvos de criminosos que se utilizam de técnicas avançadas e automatizadas para contornar as barreiras existentes, focando primeiro na validação de credenciais previamente vazadas em outros eventos de segurança, abrindo assim o caminho para uma miríade de fraudes digitais. 

Vamos descrever este novo desafio e apresentar sugestões para assegurar que esta jornada criminosa seja interrompida no seu início.  

The largest companies in the world depend on their applications (web and mobile) to conduct their business and maintain their relationship with the market, making these applications and customer data their greatest asset. 

This valuable asset has become a prime target for criminals who use advanced, automated techniques to bypass existing barriers, focusing first on validating credentials previously leaked in other security events, thus paving the way for a myriad of digital frauds. 

We will describe this new challenge and offer suggestions to ensure that this criminal journey is stopped at its inception.

Os atacantes tornaram-se sofisticados; as organizações precisam prever e antecipar seus movimentos para se proteger. Ao mesmo tempo, eles também precisam de uma estratégia reativa bem planejada, caso ocorra um ataque. Participe desta palestra para obter insights sobre uma estratégia de defesa em camadas que inclui ser proativo e reativo. Afinal de contas, uma infraestrutura de segurança de informações rígida é crucial para proteger sua organização de ataques cibernéticos cruéis.

Attackers have become sophisticated; organizations need to predict and anticipate their movements to protect themselves. At the same time, they also need a well-planned reactive strategy should an attack occur. Attend this talk to gain insights into a layered defense strategy that includes being both proactive and reactive. After all, a tight information security infrastructure is crucial to protecting your organization from vicious cyber attacks.

While there are varying definitions of what zero trust actually is, there is one thing everyone can agree on - segmentation is a key pillar. Another thing everyone can agree on? Segmentation is hard. This presentation will highlight a way to begin your zero trust journey leveraging enforcement boundaries which will enable you to protect your digital crown jewels as you work through your end to end zero trust plan.

In this session, Neil Walsh, Head of Cyber at the United Nations, will discuss how, from the darknet COVID forums to ransomware as a service, cybercrime evolved and grew at a rapid pace in 2020/21. The session will give you an insight into the political and investigative challenges to combat a growing global threat - and how we might be able to bridge the gap between geopolitics and criminal investigation.

Once upon a time, local crime and threats to individual privacy were minimal. It's not like that today, as we all know. With the many benefits of technology comes the reality that cybercriminals exploit it to steal and victimize, and they can commit their crimes internationally thousands of miles away. People need to be concerned about cybercrime and identity theft, but criminals aren't the only people who collect and use personal data. Private information is also valuable to companies for marketing and sales purposes and to nation states for propaganda and disinformation operations. Cyber crime is a global threat that needs to be better investigated by the public and private sectors. All organizations need to protect themselves against cybercrime, properly investigate attacks, and consider the private information they collect, store, use and share.

The mass-manufactured car and new transportation systems became connected entities. Connected and Automated Mobility (CAM) uses wireless interfaces to provide drivers and customers with information, entertainment and new functionality. Cars are now another of our smart devices, and connected data services add value to improve vehicle marketing. However, decades of use of corporate systems and the Internet have demonstrated that connectivity provides an attack vector for threat agents.

5G networks will be the biggest critical infrastructure build the world has seen in the last 25 years, and along with the growth of cloud computing, automation and artificial intelligence, 5G will require focused attention today to secure tomorrow.

We will be able to confront actors who threaten the confidentiality, integrity and availability of our data, our privacy, our identity, but actually malicious actors intent on influencing what is arguably one of our most critical infrastructures.

Want to understand how Kerberos works? Would you like to understand modern Kerberos attacks? Tim Medin shows how to attack Kerberos with Ticket attacks and Kerberoasting. It covers the fundamentals of Kerberos authentication and shows how the trust model can be exploited for persistence, leverage, and privilege escalation. In conclusion, he discusses defenses for these various attacks