A Day of Incident Response Webinars – 21 January 2020, 09:00-16:45 GMT

CREST is holding a day of Incident Response webinars on 21 January from 09:00am GMT.  There is a mix of presentations, a panel session and CREST updates focused on Incident Response. You can attend one or as many as you like during the day.

Simply sign up for the event using the Eventbrite link below and you will be able to access the event page for more information and to and sign up for the webinars that you want to attend on ‘GoToWebinar’.

There will be opportunities on most of these webinars to ask questions via the question panel or you can send any questions you may have in advance to [email protected].

Here is the Eventbrite link:  https://crestirwebinars.eventbrite.co.uk

AGENDA

09:00 – 09:45 A look inside Nefilim – Dan Saunders, Senior Incident Response Consultant, NTT
This presentation will delve into the prolific ransomware group Nefilim (also known as Nephilim) and will assess their tactics, techniques and procedures (TTP), focusing on how they operate and execute malicious functions to exploit their victims.

10:15 – 11:00 Weird and wonderful malware delivery – Connor Rowden, Manager, Cyber Incident Response, Deloitte
An exploration of the methods being used by attackers to delivery malware onto endpoints bypassing common endpoint security controls.

Macro polo:  Macros embedded within Office documents are nothing new and are still commonplace in many organisations and attack vector for threat actors.  Whilst our defences have improved, the attackers have evolved their techniques to bypass the security controls we’ve worked so hard to implement in a fashion functional to the organisation.  In this incident, Connor will be exploring how an attacker delivered and executed their malicious payload over the course of weeks through multiple communications and file types.

Second hand compromise:  IT budgets can be stretched thin in some organisations, so much so that the option of second hand hardware becomes the only option.  Mitigating the risk by wiping the hard drive, reinstalling the operating system and patching the software may seem to address the majority of risks; yet risks within the BIOS persist.  In this incident, Connor will be detailing how the curious case of the sever that kept turning itself on at 3am was solved and the root cause of the problem.  APT switching to manual: A notification from a government agency tells you one of your servers has been compromised and is communicating with APT infrastructure.  Impossible you may think, we have next-gen EDR on the system and there are no alerts.  In this incident, Connor will be uncovering the actions taken by an APT actor to ‘bypass’ next-gen endpoint security protection and how the attackers took exploitation into their own hands.

11:30 – 12:15 Panel Session – The future of Incident Response.  
Chair: David Cannings, Director, PwC

PANELISTS:  Matt Gordon-Smith, CISO, Gatwick Airport;  Neil Fowler-Wright, Global IT Security & Compliance Manager;  Geoff Jones, Director Cyberis Ltd;  Andrew Jutson Founder & Cyber Security Incident Responder, CyProtec Ltd;  Harry W, Tech Director- Incident Management, NCSC

The panel will debate the changes and challenges that the incident response industry may face in 2021 and beyond. It will also discuss what buyers are looking for from suppliers.  There will be an opportunity to put your questions to the panel.

12:30 – 13:00 CREST Cyber Security Global Ecosystem Project – Samantha Alexander, Principal Accreditor, CREST
CREST received a grant from the Bill & Melinda Gates Foundation to increase capacity, capability and consistency in information security by growing the cyber security ecosystem in eight African and Asian countries – Bangladesh, Ethiopia, Indonesia, Kenya, Nigeria, Pakistan, Tanzania and Uganda. Samantha will provide an update on the research that CREST has conducted and on future work planned.  There will also be an opportunity to put your questions to her.

13:15 – 14:00 Strategic Drivers for Russian Cyber Activity – Nettitude
As incident responders we deal with technical and operational aspects of intrusions and breaches. Traditionally, nation states concentrated on hacking other nation states. Malicious cyber activity is now very much the mainstream, with 2020 providing significant examples of both criminal and nation state activity during the pandemic. Looking beyond criminal and financially motivated actors, nation states are using cyber activity as a way of achieving strategic and foreign policy goals. A study of a nation state’s doctrinal thinking and policy, overlaid with attributed historic events provides a window into their operational thinking, objectives and capabilities. This allows us to better protect our clients by understanding their value as a target and placing their vulnerabilities in context with the adversary’s capabilities.

14:30 – 15:15 Becoming Ransom-aware: Achieving resilience against the entire ransomware kill chain through a greater understanding of your organisation’s preparedness – Patrick Start, Cyber Incident Response Advisory and Wargaming Lead;  Caroline Honeycombe, Cyber Ransomware Readiness Lead;  Colby Clayton, Senior Technical SME, Deloitte
Businesses recognise the significant financial, operational and reputational impacts caused by extinction-level ransomware incidents and are therefore eager to be on the front foot in understanding their overall preparedness against each layer of the ransomware kill chain.  Deloitte Cyber Incident Response discuss trends from the front lines of ransomware incidents globally, and how organisations can be more resilient to ransomware through proactively evaluating and optimising layered defences across people, process and technology functions.

15:45 – 16:15 TBC, Mishcon de Reya