DECODE 2019: Gear up! Defending the Connected World
Another successful cyber security conference hosted by Trend Micro, DECODE 2019, last October 10, 2019 held in Shangri-La Hotel, Makati, Philippines.
DECODE aims to decode to local technology professionals the up-to-date information about the threat landscape, industry trends, and new technologies in order to empower them to secure the digital infrastructures of their organizations, as well as to inspire them to embark on a continuous learning journey.
Trend Micro started this annual cyber security conference since 2017 with one common goal, to spread awareness about the trend of the cyber world.
This year, more than 700 participants from different places and fields and more than 20 speakers from different branches of cyber security gathered on this event.
THE CONFERENCE
The registration started at 6:30 in the morning where early birds got their awesome freebies, classy laptop bag, webcam cover, DECODE card with QR code which can be used on next DECODE 2020.
The event proper started at 9:30am with an opening performance by Juleaus the Violinist with the Whiplash Dancers
The conference was lively handled by the famous James Deakin, the master of ceremony.
Ready for Battle: Today’s Cybercrime Threats and Gearing Up to Defend Against Them
Robert McArdle the Director of Cybercrime Research of Trend Micro discussed about the different cyber crimes, the cause and its drastic impact of the community, company, or even a country.
- 3 billion Yahoo account were hacked in 2013
- 2.7 billion USD financial losses in 2018 cause? — Internet-enabled theft, fraud, and exploit.
- 2.4 million people was outwit by the fake video of House Speaker Nancy Pelosi — using Deepfake AI.
- 8.4 billion devices are connected to the internet
These figures are alarming. Imagine, if a criminal used Deepfake technology in a really really bad way to threat you for money or just to downgrade you? Or even your whole company? What if you are a well-known man? How much damage would it cause?
So how do you prepare yourself for this kind of reality? Robert McArdle said that cybercrime is not a technology problem, we are defending ourselves from a smart human in front of a computer doing a crime. You do not have to be a cyborg to defend yourself. Education is the key. The good thing about the internet is, almost everything is there. You only have to access it and use it in a right way. There are so many available resources from the internet to learn about the cyber security.
Information Security is up Against Weaponized Psychology
Christina Lekati, the Social Engineer and Psychologist Cyber Risk of GmbH, shares about Weaponized Psychology. There are kinds of security, Computer Security where you secure the machine or group of machines by hardening the Software and Hardware, Network Security the integrity of networks against unauthorized access, and the Cyber Security which cover both Computer and Network Security. Cyber Security helps to protect the sensitive data and information from unauthorized access.
Yet, protecting sensitive data and information does not limit in creating a huge protection barrier on your hardware and software.
Cybersecurity is not only a technical challenge, its also a behavioral one.
Everyone inside a company who knows even a spec can be a target. But why? Christina Lekati emphasized that the basic psychological wiring of a human is universally exploitable. Humans has emotions, these emotion can result a bigger problem. Social Engineering.
Weaponized Psychology — the use of psychological principles with the purpose of exploiting human targets and engineering their behavior in order to aid attacks.
Weaponized Psychology Example #1: Social Privilege Escalation/Principle of Consistency
For example you are managing a company who has a potential to grow exponentially. A competitor doesn’t have to hack into your computer to exceed your company, it can happen in simple forms — befriending one of your employees who knows a lot about your process. From a simple question “Where do you work?”, “What do you do?” to a sensitive and external questions about your company’s information. Why? Because sometimes we tend to do not know we are saying things that should not be told. Manipulation. People tend to be manipulated by feelings or mood. This strategy may took time. But, who knows?
Weaponized Psychology Example #2: Bribery & Blackmail
Bribery & blackmail can come in many forms, tangible or intangible.
Bribery. Some people tend to do anything just to get what they need, and if you’re the one who can give it so easily, it is an instant win.
Blackmail. Giving a threat for someone in exchange of a valuable piece of information is an easy trade. Especially for those who are protecting their public image, or those who are consumed by fear and anxiety.
These examples are happening in reality.
Cyber-war and cyber-attacks are no exception. There are very high stakes in cyber-sphere.
How do you defend yourself with this?
- Appropriate policies, procedures and training
- Internal controls of policies and information
- Careful exit interviews and identifying employees whose likely to leak information
- Knowledge and skills
- Encourage proper reporting mechanism
Implementing this on a company will be very helpful to prevent such leaks or cyber crimes.
Combating Cybercrime with Actionable Intelligence
Mohammed Zulhelmi Azmi, Digital Crime Office, Interpol introduces the INTERPOL, who they are, what they do, and their future plans.
INTERPOL or International Criminal Police Organization has 194 member countries (PH is included) and aims to make the world a safer place with the help of police collaboration. To do this, they offer technical and operational support, share and access data on crimes and criminals.
Expertise:
- Fugitive investigative support
- Police data management
- Forensic support
- Capacity building and training
- Criminal Analysis
- Innovation
- Command and coordination centre
- Special Project
Database in 2018 consists of firearms, nominal data, forensic data, child sexual exploitation images, travel and official documents, motor vehicles, foreign terrorist fighter is in 17 databases, with 91 million police records and 13 million searches a day. With this kind of infrastructure, they can easily find and identify the information which the police needed.
To enhance the communication between countries, INTERPOL releases different types of notices:
- Red — wanted persons
- Yellow — missing persons
- Blue — additional information
- Black — unidentified bodies
- Green- warnings and intelligence
- Orange — imminent threat
- Purple- modus operandi
They also do projects like GLACY+ Project which aims to promote consistent Cybercrime Polices and Strategies, strengthen Police Investigation Capacity, and enhance Legislative harmony and International Cooperation. This will lasts for 48 months from March 2016 to February 2020. It is funded by European Union and Council of Europe with EUR 10 million. This project supports the following countries: Dom. Republic, Morocco, Sri Lanka, Cabo Verde, Ghana, Philippines, Tonga, Chile, Mauritius, Senegal, Costa Rica.
This will absolutely enhance the police knowledge more about the current threat of cybercrime, how to prevent, and solve it.
Reducing Complexity Through Increased Visibility
Jay Yaneza, Global Operations Manager for Managed XDR of Trend Micro talks about risk of cyber attacks and classified it as the 5th domain of warfare (Land, Sea, Air, Sub-surface, and Cyber Space). One type of it is the Coordinated Targeted Attacks. The attacker depends on time or season to attack a certain institution or a company. For example, school websites or software are being attacked in the month of August because that is the month where the classes start.
He also discussed involved pieces for those attack using the blueprint of a castle.
- Moat — deterring the attackers = Internet Service Provider
- Curtain (aka Perimeter) Walls — show force and layered protection = Firewall
- Turrets, Towers, and look out points — to clearly view the surroundings
- Machicolations (murder holes) — hurl nearby attackers = Intrusion Prevention System
- Draw Bridge — Isolate in times of need = Internet (itself)
- Gatehouse — Gateway to everything = Internet Gateway
- Barbarian — Extension of the gatehouse= Next Generation Firewall
- Nightingale Floor — Anti-burglar alarm system (used by Japanese) = UEBA
To prevent attacks, one must automate the defense. To do it, you need to increase the visibility by somehow doing the One-Dimension Visibility. With full visibility, you can solve and prevent the current and future attacks.
Jay Yaneza left 3 things to remember: Break down silos, always remember data is money (you have to consistently protect it), and always progress.
After the 4 speakers shared their expertise they conducted a panel discussion which they entertained and answered the participant’s questions. And that concludes the morning session.
After an interesting talks which might be an information overload but… Delicious meals are provided in the event for each of the participants to refill everyone’s energy.
Track Session
Participants were free to choose on which track caught their interest. The tracks are divided into 4: Man and Machine, Protect and Defend, Take Control, and Hands-on Lab (Powershell for blue team)
The Track I Chose
- Fraud Wars by Marvin Cruz
- IoT in the Underground by David Sancho
- Attacks on Telco’s in the transition to 5G Era: the view from the cyber-underground by Vladimir Kropotov
- Threat detection with open source Intelligence/Malware Market Analysis and accelerate the incident response by Aliakbar Zahravi
Fraud Wars by Marvin Cruz
Marvin Cruz discussed the different types of Fraud. There are several kinds of fraud according to Internet Crime Complaint Center (IC3) Report. He only discussed the fraud which have the most cases: Romance Fraud, Text Support Scam, and Credit Card Fraud.
Most of the Romance Fraud happens in Dating Sites where the attacker used fake accounts to fool the victim to gain money.
Text Support Scam, most of the scammers used fake website to deceive the victim. Most of the website are mirrored from the legit one (Phishing site). Sometimes it can be hardly identified because of the accuracy of the copy. Marvin Cruz showed the screenshots that even the Trend Micro support website was mirrored to scam people.
The flow is simple:
- Mirrored support website with the attacker’s contact information (mobile, tel, or email)
- By the time comes that the victim needed help from a certain company, they will look for its website.
- The victim will be deceived by the attacker’s website and will reach the contact info provided.
- The attacker will social engineer the victim until they collect what they wanted. Most likely, credit card information.
Credit Card Fraud is classified by two, Card Present (CP) and Card Not Present (CNP). CP fraud is used to clone the card to make transaction while CNP is for online transactions. In the underground transaction, CP’s value is lower than CNP because of the EMV chip which made credit/debit card harder to clone.
Hackers are getting smarter. Marvin Cruz confirms that even the green tag of a website is not that secure, therefore you have to be vigilant. He also showed a script from an e-commerce website with a green tag that collects the credit card informations.
So what about the point of view of the e-commerce? E-commerce now use the Buy Online Pickup in Store (BOPIS) solution.
Also there is a New Government Policy that requires strong customer authentication (password, pin, fingerprint scanning, frictionless auth).
For this evolving problem, many companies now are doing an innovative solution to solve this.
IoT in the Underground by David Sancho
The Internet of Things (IoT) is emerging. With its growth, it is now a target by many black hats. Now we have smart refrigerator, bulb, speaker, webcam, cctv, printers, routers, and other smart devices that are connected to the internet. And hackers want to make money from it.
David Sancho discussed about Mirai Malware. It primarily targets online consumer devices such as IP cameras and home routers. The bad thing about this malware, you cannot easily detect it in your routers unless you consistently monitor its behaviour. This malware turns networked devices into a remotely controlled bots that can be used as part of a botnet in large-scale network attacks like DDoS attack that can easily take down the targeted website or software.
There are a lot of source code and instructions on how to infiltrate almost anything in the internet, the knowledge are being shared and the people who are interested on it are learning new skills. But the people who are earning money from it, obviously wants more. So in the future, people needed to be more careful to defend and solve those attacks to minimized the possible damage and loss.
Attacks on Telco’s in the transition to 5G Era: the view from the cyber-underground by Vladimir Kropotov
Vladinmir Kropotov shows different underground transactions with the mobile numbers, sim cards, message bomber, wire tapping, and more.
These people are buying used sim cards to gain access to the bank accounts or anything that is linked to that number if there is, some are using it for another illegal transaction to keep their identity undetected. And some are selling software like SMS bomber to DDoS a certain receiver.
These kind of illegal acts are still running until now. If the 5G took over worldwide, which is 100x faster than the current one and these illegal activities persist, what do you think will be the result? How are we going to handle a hundred thousand more consistent attack per second if some of the infrastructure of the victims cannot?
Threat detection with open source Intelligence/Malware Market Analysis and accelerate the incident response by Aliakbar Zahravi
Aliakbar Zahravi taught us to work smart. To efficiently solve a detected security problem you need an instant solution. It will obviously take so much time if you manually scrape the whole internet to find a piece of information regarding the attack. What if you use the resources around you?
Malware, virus, scripts, and other tools and source code are now available in the internet. It was cloned and reproduced. So why not use them?
He introduced two useful tools, Elasticsearch a search engine and Kibana an open source data visualization. If you just create a software with the help of these tools, you can save so much time.
Imagine the time you consume in researching so much, creating several tabs in your browser for different contents just to find a single sentence, if you can automate it with a single command or keyword, the things you need on your research will be there instantly, only the useful ones.
This solution will be so helpful if you are working on a response team and you need to solve a problem quickly. With the said automation, the only things you need will be stored. The other and the unnecessary data will be dropped. And you can work efficiently.
Conclusion
This conference had increased my awareness about the cyber trends and the future risks and possibilities in the cyber world. The speakers shows the mastery about their topics, very approachable, and the event itself was well-organized, from start to end. The food was great, the place and environment was perfect for the event. I am now excited for the DECODE 2020.
I also want to thank mClinica for letting me to attend this event.
Philippine I.T. Security Forums
PHITSF is a security based community on facebook who have 18k members. Some of the members attended the event. If you are interested about cyber security, curious, want to share or want to learn more together with the awesome people, and also want to attend the future cyber security event, you are free to join our group: Philippine IT Security Forums .
Looking for a career opportunity? Our company is still hiring for Developers and Quality Assurance Engineers at our office in Taguig, Philippines. View more of our vacant positions here. Referrals are appreciated!
Or if you’re looking for event sponsors, our organization may be available! We’ve already hosted Women Who Code Manila, Swift Philippines, Manila JavaScript, QE-360, Product Philippines, and Programmers Developers. Email us here.
