Abstract: Too often defenders rely on “out-of-the-box” automated security solutions, which require little human attention. As a result, the major share of defense budgets/efforts is put into perimeter protections, such as firewalls, antiviruses, sandboxes, you name it. Even in the epoch of APTs, defense in depth security strategies often stop at the shallow waters of perimeter intrusion prevention.
In the past few years, Ukraine, among other countries, has been subjected to a series of cyber- attacks increased in scale and sophistication, becoming, in effect, a testing ground of cyber-warfare tools and tactics. Ukrainian infrastructures such as power substations, airports, banks, government organizations, and enterprises have all been targeted by a wide variety of malware, social engineering techniques, and exploitation tactics.

This talk will give a detailed overview of a “typical” attack time-line based on the real-world forensic investigation results, from intrusion to action on objectives. A large part of the talk will be dedicated to the techniques the attackers are using to overcome perimeter protections, progressing with the discussion to the backdoring strategies (the attacker always wants to come back!). By the end of presentation the audience will realize how recent attacks grew in complexity, and how the cyber-criminal groups developed a mature supply chain of diverse competences and capabilities.

Biography: Marina is a cyber security researcher at the Honeywell Industrial Cyber Security Lab in Atlanta, USA. Her research over the last few years has been focused on discovering novel attack vectors, engineering practical cyber-physical attacks and on the design of process-aware defensive solutions and risk assessment approaches.

Marina is the author of more than 15 academic papers and several whitepapers on cyber-physical security. She is also the author of the Damn Vulnerable Chemical Process framework – an open-source platform for cyber-physical security experimentation based on the realistic models of chemical plants. Marina teaches workshops on cyber-physical exploitation and is a frequent speaker at the leading security stages around the world. She holds a MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems.