Centre for Cybersecurity Belgium (CCB) invites you to their event
About this event
**** This event has ended but was recorded. If you want to watch the recorded session or previous recorded webinars please visit https://app.livestorm.co/ccb?lang=en ****
The Centre for Cybersecurity Belgium (CCB) presents its sixth online Quarterly Cyber Threat Report event (QCTR).
Almost 3000 unique registrants from all over the world have already attended one or more of CCB's (QCTR) events.
This time we will be focusing on vulnerability management. Therefor we have invited 4 experts for our expert panel. They will discuss how we should change our view on vulnerability management. On the agenda, also two presentations that will be introduced to the public for the first time! Costin Raiu and Markus Neis will unfold the results of their research about Log4Shell and Seongsu Park will explain how the BlueNoroff group cashes cryptocurrencies from its victims.
Not available that day? No worries! You will have the possibility to watch the recorded webinar afterwards!
13h30: Introduction & welcome to the QCTR - Pedro Deryckere, Head of CCB/CyTRIS
13h35: CCB's SafeOnWeb app for smartphones - Miguel De Bruycker, Managing Director of CCB
13h50: The BlueNoroff group cryptocurrency hunt is still on - Seongsu Park, Senior Security Researcher at Kaspersky / GReAT.
BlueNoroff is the name of an APT group who was behind Bangladesh’s Central Bank heist back in 2016 and they have unusual financial motivation for an APT. Recently, this group mainly focused on targeting cryptocurrency businesses and we have been tracking this campaign since 2018. In this presentation, that will be shared with the public for the first time, we would like to share the BlueNoroff group's whole strategies with full context; how they lure the victim, the infection procedure, characteristics of malware, and how they steal the cryptocurrency from their victims.
14h25: Break
14h35: Vulnerability Management - How can we keep up with all the vulnerabilities and still protect ourselves? - Expert Panel
2021 was a year of many critical vulnerabilities and zero days that were being exploited in the wild, even before software/system owners knew about the vulnerability. The increased number of critical vulnerabilities requires us to change our view on vulnerability management. In this expert panel, we will discuss topics like what parameters we should compare next to the CVSS score to prioritize patching, supply chain problems (e.g. Log4J2), what can we expect in 2022, and much more.
15h50: Break
16h00: Unfolding Log4Shell - Markus Neis, Threat Intelligence Lead, Swisscom & Costin Raiu, Director Global Research and Analysis Team, Kaspersky
During this world first talk, Markus and Costin will be taking a look at the unfolding of the Log4Shell events, with a focus on in the wild detection and exploitation and a SOC-centric response analysis. We will also discuss why this vulnerability is a reminder that we should constantly challenge our current threat models to include cases where protection technologies are also affected.
16h35: Taranis NG - a new tool for OSINT analysis - Milan Pikula, Deputy Director NCSC SK-CERT
Sifting through all the articles, tweets, mailing lists and other feeds for actionable OSINT is an important, yet exhausting task for every responsible organisation or CSIRT team. In this presentation, we will introduce Taranis NG, a new OSINT gathering and analysis tool designed to make this task faster and easier. The open-source software Taranis NG crawls various data sources such as web sites or tweets to gather unstructured news items. These are processed by analysts to create structured report items, which are used to create products such as PDF files, which are finally published. Taranis allows multiple teams to collaborate on analyses which significantly reduces workload, and includes a light weight self service asset management for CSIRT's constituency which automatically links to the advisories that mention vulnerabilities in the software. Taranis NG was developed by SK-CERT with a help from wide CSIRT community, and is released under terms of the European Union Public License.
16h55: Questions & Closing remarks - Pedro Deryckere, Head of CCB/CyTRIS
17h00: End
We are looking forward to see you online!
Hosted by
Julian-Ferdinand is a threat intelligence consultant at Recorded Future, where he advises organizations on the latest developments in the cyber threat landscape and assists them in strengthening their intelligence and security capabilities. Before joining Recorded Future, he worked as an IT security consultant at Security Research Labs, where he helped organizations to optimize their vulnerability management and monitoring capabilities, engaged in red team exercises, and conducted security research (e.g., exploit optimization, honeypot research). Prior to this, he completed his M.Sc. in Computer Science from UCL and a B.A. in Economics with stints in the US, China, and Germany and gained first-hand experience in data analytics at McKinsey and various tech start-ups. He is a scholar of the German Academic Scholarship Foundation.
Seongsu Park is a senior security researcher on the Global Research and Analysis Team at Kaspersky. He has extensive experience in malware research and threat intelligence with a focus on response to highly skilled Korean-speaking threat actors.
Milan Pikula has life-long passion for cyber security, software development and FOSS software, UNIX/Linux and networking. In his current role, as deputy director of National Cyber Security Centre SK-CERT, he oversees CSIRT provided services and always looks for ways to improve their effectivity and quality. One of the ways is to develop new open-source software to solve existing problems.
Koen is a seasoned security professional, specialized in the fields of vulnerability management, penetration testing, attack/adversary simulation, threat modeling and security analytics. As co- founder of Davinsi Labs, he’s been working to establish Davinsi Labs as a thought leader in the field of Digital Service Excellence, focused on Security Intelligence and Service Intelligence. In his current role, Koen is working on scaling operations through the development of managed services for vulnerability management. Koen is holding the CISSP and CISA certifications.
Markus is Swisscoms threat intelligence lead with a major focus on targeted attacks. He has more than a decade experience in understanding adversary tradecraft and responding to advanced attacks. He has extensive experience in building detection and defensible architectures, loves mentoring and coaching others as well as creating detections. Previously he did SIGINT and was part of a special german armed forces unit
Miguel De Bruycker studied at the Royal Military School and the Vrije Universiteit Brussel. After writing a dissertation on Cyber Defence in 2005, he joined the General Intelligence and Security Service and was responsible for the security of classified networks and the creation of the first cybersecurity unit of the Belgian Defence. Since 2008 , he and his cyberteam are involved in the processing of all major cyber incidents in Belgium. On August 17, 2015 , he became Managing Director of the Centre for Cybersecurity Belgium.
Christopher Frenz is the AVP of IT Security for Mount Sinai South Nassau. Before, he served as the AVP of IT Security at Interfaith Medical Center where he worked to develop the hospital’s information security program and infrastructure. Under his leadership, the hospital had been one of the first in the country to embrace a zero-trust model for network security. He's author of the OWASP Secure Medical Device Deployment Standard, the OWASP Anti-Ransomware Guide, computer programming books “Pro Perl Parsing” and “Visual Basic and Visual Basic .NET for Scientists and Engineers”. He currently chairs the AEHIS Incident Response Committee, which has released deliverables designed to help hospitals test and improve their incident response capabilities and guidance on dealing with the information security challenges brought on by COVID. He shared his expertise at conferences around the world, such as VMworld, ASIS GSX, Defcon, HIMSS, etc...
With over 20 years in the security industry, Bernard’s expertise includes cryptography, Identity & Access Management, and SOC domains. Bernard is currently EMEA Technical Director and Security Strategist for Tenable.
Costin specializes in analyzing advanced persistent threats, zero-day exploits and complex malware. He is leading the Global Research and Analysis Team (GReAT) at Kaspersky that researched the inner workings of many high-profile attacks, including WannaCry, ShadowPad and ShadowHammer, Moonlight Maze and the Equation group.
Kevin Holvoet started as a Security Engineer at Euroclear. In 2017 he started at the CCB, specializing as a CTI Analyst in CyTRIS (Cyber Threat Research & Intelligence Sharing), where he now leads the Threat Research Centre. In October 2020, he became a SANS instructor for the FOR578 CTI training.
Pedro began his IT career in the 1980s as an analyst/programmer. He developed both industrial and administrative software and specialized mainly in Clipper. He joined the "Rijkswacht" corps in 1995; a paramilitary police force in Belgium. In 2010 he became a Specialized Chief Inspector and joined the Federal Computer Crime Unit. He was part of the intelligence team of which he later became team leader. In 2013, he was one of the lead investigators in the "Belgacom" espionage case. In 2016, he joined the Centre for Cyber security Belgium (CCB). He was intensively involved in the re-launch of CERT.be. Within that team, he founded the CTI team named CyTRIS (Cyber Threat Research and Intelligence Sharing). In 2020 CyTRIS became a separate department within CCB, which he now leads
The Centre for Cybersecurity Belgium (CCB) is the national authority for cybersecurity in Belgium. The CCB supervises, coordinates and monitors the application of the Belgian cyber security strategy which is "Make Belgian One Of The Least Vulnerable Cyberspaces".
