During this introductory session, Charl and Jon will offer an overview of the theme and direction of this year’s summit, as well as direct delegates to the tracks and sessions that will be most beneficial to them.

A mighty battle has broken out for the soul of the Internet. At its heart lie the three great sectors of ‘malfeasance’ on the Web: cyber crime, cyber industrial espionage and cyber warfare.

Based on extensive interviews with active cyber criminals, cyber policemen and government strategists, and featuring riveting audio and video footage, the presentation reveals how the worlds of the state and crime have fallen into an evolving relationship that is simultaneously symbiotic and antagonistic.

As the amount of data stored becomes incomprehensible, as our dependency on network systems becomes irreversible and extreme, we have to ask: WHAT exactly are we facing?

The ‘struggle for control of the Internet’ presentation tells you.

The underworld of 20th century America was forced to develop deep practical counterintelligence knowledge in the pursuit of their chosen profession. This underworld tradecraft (the skills and methodologies for avoiding detection, arrest and prosecution) has been partially preserved in literature. Based on information extracted from the literature, this talk aims to update those skills and methodologies for the modern hacker.

This presentation is informed by literature on the historical criminal underworld of the late 19th and early 20th century, as well as source material provided by the manuals of insurgent and terrorist groups (as well as their known/uncovered CI techniques).

These are refined and combined with the modern principles of CI, and then applied to hackers, building a more solid foundation for "The Ten Hack Commandments". This presentation will be significantly more focused on practical "how to attack the intelligence process of the adversary", ie, how to avoid LEO.

Finally, the presentation will include The Grugq’s build of the RaspberryPi set-up as a transparent Tor gateway, doubling as a WiFi hacking station to both access bandwidth and reduce the potential to accidentally reveal the real IP address.

Cyber threats are maturing and outpacing our traditional defences, to be effective in this new world, enterprises need to look to disrupt more points within the "cyber threat ecosystem". application security and threat intelligence share are key to making this happen.

KEY QUESTIONS

1. Can the cybercrime battle ever be won?
2. What can be done about the Defenders Dilemma? An attacker only has to be successful once, defenders have to succeed continuously.

In 2012 attackers breached one of the world’s largest oil companies. Since then enterprises and governments the world over have been exposed, breached, had websites taken down and more. As the security threat landscape continues to evolve, so organisations and government are becoming more cognisant to the risks and how to mitigate these. Are South African organisations really at risk and how effective are we at reducing these risks?

The three questions this presentation will answer:

1. What are the key risk mitigation steps enterprises need to take this year?
2. What is the biggest information security weak spot in the enterprise?
3. What are cyber criminals targeting now, and what will they target in future?

Cyber incidents and more notably cyber crime attacks have increased against private companies and governments across Africa. Other stakeholder nations have expressed concerns that we have been slow to respond to this increasing threat.

What is being done in South Africa and other African nations to deal more strategically with the complex topic of cyber security?
This talk will reveal highlights from the 2012/3 Cyber Threat Barometer research, as well as give you an update on key initiatives taking place on the continent.

KEY QUESTIONS

1. What is the current state of cyber threat management readiness in major African nations?
2. What initiatives are planned for the African continent?
3. How should we be responding to increased cyber attacks?

Despite their best efforts, organisations continue suffer intrusions, intellectual property theft and very public data leaks. New and evolving agile adversaries, not to mention disruptive technologies like mobile and BYOD, are posing real challenges to organisations, forcing them to rethink defence strategies to protect not just their own infrastructure and information assets, but also that of the customer. This presentation will explore the challenges, weaknesses and possible remedial solutions to meet the challenges.

KEY QUESTIONS

1. What strategies and controls are available to organisations, what are their strengths and weaknesses?
2. What is the role and purpose of security architecture and engineering?
3. What practical steps can be taken to meet the challenge?

An in-depth discussion on the DDOS attack landscape facing South African based organisations, this discussion will provide an analysis of the types of attacks, finger printing, exploit scanning activities and Global attack techniques including but not limited to the new trends in mobile device DDOS attacks.

KEY QUESTIONS

• Is command and control Botnets detected as DDOS.
• Are Security Operation Centres taking DDOS activities serious.
• How are we protecting mobile devices application DDOS attacks.

For the greater part, security controls are based around the principle of decision through behaviour. The exception to this is a honey-pot, which analyses interactions between a third party and itself, while occupying a piece of unused information space. Because honey-pots are not located on productive information resources, any interaction to it can be assumed to be non-productive.

This allows the honey-pot to make decisions based on the presence of data, and not the more complex behaviour of the data. But due to limited resources in human capital, honey-pots’ uptake in the local market has been underwhelming.
Amber attempts to change this by being a zero-interaction security system, which will use decision through presence to generate a blacklist of third parties that can be passed to a network enforcer. Empirical testing has been done proving the usefulness of this approach in defending networks in a different and low-cost manner.

Functionality of the system has also been extended by installing distributed nodes in different geographical locations, which will stream their detections into the central Amber hive.

KEY QUESTIONS

1. What are the advantages of using a Decision through Presence model, opposed to a Decision through Behaviour model?
2. Can honey-pot-like systems be used effectively in the business environment, without a team of malware analysts?
3. What bearing does the international TCP/IP noise have on South African networks?

This presentation will introduce The Tor Project, and will talk about who censors the Internet, how they do it, and to what lengths they go in order to prevent users from communicating safely with the outside world.

The presentation will also include real world examples of Internet censorship and attempts to block the Tor network, as well as an introduction to deployed solutions to circumvent these blocks.

KEY QUESTIONS

1. How does Tor offer a solution to ensure confidential business activities and relationships?
2. What effect did the Arab Spring have on online anonymity?
3. What are some ways to circumvent some of the attempts to block Tor?

Information security has attempted to answer the question: "How do we prioritise our security activities?" for decades.

Answers relating to risk management, compliance and best practice are the ones most frequently accepted. But, attackers never seem to stick to the checklist. Dominic White’s presentation will look at the massive disconnect between how attackers attack systems, and how we defend systems.

After this analysis, White will suggest some ways to get closer to an attacker-aligned defence.

Socially engineered Trojans provide a significant method of attack to corporate networks. Executives must defend their networks from threats that are crafted in a complex manner, where end-users are easily deceived by trusted and compromised Web sites to run malicious software.

In today’s world of personal computing, socially engineered “Trojan horse” attacks include malware that successfully exploit commonplace user activities such as downloading mobile phone applications and accessing online content through popular social media sites. Inherently sophisticated and tricky, such attacks can dupe even the most experienced users.

Socially engineered Trojans are context-relevant messages that lure users to click on malware-bearing attachments and URLs. These attacks are the most common attack vectors used today that cause computers to download Trojans.

Socially engineered Trojans are responsible for hundreds of millions of successful hacks each year. Against those numbers, all other hacking types are just noise.

The presentation will guide the audience about how socially engineered Trojans are crafted and how they attack corporate networks, and it will recommend methods of implementing systematic defence mechanisms to defend innocent users who install and run Trojans – malicious software.

KEY QUESTIONS

1. How can a well-engineered and defended system be broken into by a socially engineered Trojan attack?
2. How are context-relevant and targeted attacks formed and evolved to be lethal exploits?
3. What makes socially engineered Trojans hard to defend against, and what are the countermeasures for detection and mitigation of this threat?

Targeted attacks are now a major worry for organisations. In this talk we will describe real life case studies of some of the largest and more sophisticated targeted attacks, including how we infiltrated and mapped criminal networks, and live demos of some such mapping in action.

In this talk we will discuss some of the major ongoing and previous targeted attack campaigns that have been uncovered by Trend Micro in the last year or so, such as Luckycat, Tinba and others. We will discuss in-depth the modus operandi of the criminals in these so called APT attacks, show how we mapped and infiltrated their infrastructure, and demo some of the tools and techniques that we use when carrying out these type of investigations. All of this presentation will focus on real technical details from real cases studies, and this presentation will also include live demos.

KEY QUESTIONS

1. What is the reality (not the hype) of a modern targeted attack
2. You will understand the Modus Operandi of a two main types of Cybercriminals
3. You will understand how investigators and security companies investigate these high profile attacks

This presentation will address how to deal with a strong threat model, as it relates to insider threats from security strategy through to a practical defence approach. What makes this talk unique is that it deals with the integration between information security and physical security.

There is a lot we as “information security practitioners” can learn from physical security in high-risk environments. Over the past two years, De Beers has successfully integrated information security with the physical security function that is globally responsible for the protection of its diamonds. This presentation shares that integration experience, from strategy formulation through to practice.

KEY QUESTIONS

• How do I practically integrate information security with physical security?
• What lessons can I learn from world-class physical security and how do I incorporate these lessons in my approach to information security?
• How do I plan and execute information security aligned with a strong threat model?
In the context of the above, the presentation will explore further questions under the themes of “defence in depth” and “know your enemy”.

Corporates and the Government Sector spend billions of Rand each year to protect data, product information and personal information contained in computer hard drives and servers.  How many pay any attention to the printed matter generated by computers, which often contains the very information and data they spend so much money on protecting?  How many consider the threat of discarded hand written correspondence?  There are more perils from handwritten and printed matter than previously thought.

KEY QUESTIONS

1. We deploy shredders.  How effective are they and what guarantee to we have that employees use shredders effectively?
2. We operate a paperless business, how can we be at risk?
3. What sort of information is commonly found on desktop correspondence?
4. What is the information contained in printed and written correspondence used for and by whom?
5. How do I identify problems within my organisation?
6. How do I manage potential information leaks through irresponsible disposal of ‘waste’ paper?
7. If I do not implement any external procedures to monitor waste paper, what would the effects be?

How organisations can build an effective mechanism to detect and prevent technology fraud and implement a comprehensive fraud risk management practice. This talk will offer:

• A look at significant fraud incidents over the last two years
• An understanding of the types of fraud in different industry sectors, with emphasis on banking and financial services
• A look at the different technology controls for managing fraud.
• An understanding of the role of transaction analytics
• An overview of the different techniques to detect fraud
• A discussion on the role of security analytics in fraud detection
• An overview of a fraud risk management framework and related best practices

KEY QUESTIONS

1. How serious is the current fraud landscape?
2. What are the different technologies and techniques to manage fraud risk?
3. What is the process framework required to manage fraud?