After the SFMTA Ransomware attack there are many questions about what is the proper response to such attacks and hackers’ motivations. Based on evidence directly from the hackers behind the recent ransomware attack against San Francisco's Muni, we know what led to the breach. We will be answering your questions about the hackers’ operation, motivations, and victim’s response to this and similar attacks.
RecordedDec 16 201645 mins
Your place is confirmed, we'll send you email reminders
We often don’t realize the full impact of cyber crime, which then relapses us into repeating the same mistakes. Even large companies do not completely understand how their data and services are being abused. I want to take you on a journey of observing credit card fraud and abuse from stealing a credit card to trafficking of stolen goods. Learning about these vectors of abuse will help you and your organization to mitigate a number of common attacks and abuses.
In August 2019, Hold Security ran a table top exercise with Wisconsin Ingragard focusing on potential electronic tampering of the 2020 Wisconsin elections by foreign influences. We leveraged our insights in identifying and reporting Russian interference during the 2016 US election to derive critical lessons. The results were fascinating and scary. In this session, we will focus on the 2020 US election through our unique cybersecurity perspective focusing on current events and technical understanding to analyze use of social media manipulations, civil unrest, disinformation campaigns, cyber attacks, and more.
Today, as we are trying to adjust to the new normal, cyber criminals are rushing to take advantage of our drive towards learning. Phishing using COVID-19 related messages is rising to a new high with not only a number of phishing attacks but with a number of victims who are falling for it. We will discuss the new trends and techniques that you should be implementing within your organization to minimize impact of phishing in this new normal.
In the midst of the Coronavirus pandemic, our society is struggling to adjust to the necessary and unexpected changes. In the information security space, we are prepared for many things, but dealing with a pandemic crisis leaves many unprepared.
Cybercriminals operate on a different level and are ahead of the game taking advantage of the global crisis with many others joining their ranks. We will discuss critical issues facing information security during this crisis.
We will also review what you need to know, what you need to be concerned about, and the steps to take today to get your organization more secure and prepared to minimize the potential impact the crisis.
Security threats mutate and lately they are becoming more bold than ever. What is driving this pattern? We will examine new patterns in ransomware, phishing, and data exposures that are greatly affecting our security posture as well as provide better guidelines for mitigating these threats.
As our journey towards better security continues, we need to learn from mistakes of the past. We will discuss capitalization on past successful experiences and learn cautionary tales from failures. Secure-by-design is our goal but it cannot be at the expense of user experience or product quality.
On the way to maturity, we are to learn from our own mistakes but how well do we do it? Are we also able to learn from mistakes of our peers and our industry? We will examine the common pitfalls and provide actionable advice on improving the information security posture for organization on many levels.
Technology and threats pace exceeds our ability to educate everyone about secure use of technology and defensive tactics. We will discuss current threats like ransomware, credentials abuse, data exposures, and many others. We will map defensive techniques that you need to know about these and emerging threats.
We invest a lot of time, skill, and technology into our defenses yet the hackers are still successful. What lessons can we learn from the recent attack techniques and breaches to make our networks less vulnerable?
Alex Holden, CISO and President Hold Security, LLC
The Dark Web is a dark world inhabited by hackers covertly trading stolen data, information, and unlawful goods, therefore not a place many of us visit. This community of criminals continues to thrive, so let’s analyze this dark world and investigate the systems they use to steal our data and gain a better understanding of their targeting techniques, as well as learn about the Black-Market dynamics. The best way to stop or prevent a breach is by understanding this world of criminals and learn to beat them at their own game.
As our electronic footprint is growing, we attach our personal and corporate identity not only to computers, networks, and clouds but also to a countless number of devices in the Internet of Things. From medical devices, to home devices, to complex devices in manufacturing, and beyond we will discuss how your identity can be impacted by a security breach. What are the right steps that you should be taking for the IOT security? What are the most common pitfalls?
Phishing and website impersonations are one of the most common and harmful techniques that cause a substantial amount of damage. Mining DNS data can be a great and effective way to prevent these attacks from ever taking off. We will discuss how to detect and blacklist sites before the first fraudulent email or first web connection is made.
Learn about techniques and tools available to stop these attacks at root.
One of the toughest fights in information security is the fight for your budget. The most integral part of your budget are your employees. We will discuss how strategic investments into the human capital can make or break your security posture. How to get the right talent, and also how to retain it. The human side of economics is usually the most unpredictable one and you need to know how to navigate it.
The simplest way to compromise systems is not by hacking but through use of previously stolen information like credentials that would let the bad guys walk in through the front door and take everything.
Therefore, stolen credentials have a high demand on the Dark Web and we are constantly barraged by news about massive credentials thefts.
You should be protecting your users from losing their credentials and subsequent abuse. However, you should also protect them against misinformation about "new" credentials cache discoveries.
After being credited with the largest legitimate stolen credentials discoveries, I feel like one of the world's foremost experts to provide you with insights about critical thefts.
Learn what kind of challenges the next generations of technology will bring to cybersecurity and what kind of safeguards we are building. From our history of technologies becoming obsolete, to the rise and fall of hacker techniques; we can derive our lessons and not only fantasize about our future but predict it based on a solid track record from the past.
We try to fortify our perimeter against the hackers. The truth is that some of them get through, and in most dire cases, they take your data with them to the Dark Web. We will discuss detection of the breaches from the Dark Web perspective. What hackers do with your data, and how to tune your tools to detect your breached data outside of your perimeter.
What do hackers want to do with your medical data? These are practical examples from the Dark Web of real HealthCare data abuse. What is important to the bad guys, what is not? Learn about the hackers’ perspective and how to defend the data against abuses.
With GDPR at our doorstep, getting breached not only carries losses due to hackers but the potential of penalties from the regulators and government. What is the best advice on how to deal with breaches, besides not getting breached? Let’s discuss the basics to show a measured standard for detecting malicious events, classifying them, and responding with at most efficiency.
Grown and shaped by market demand, Hold Security, LLC is an Information Security, Threat Intelligence, Risk Management, and Incident Response Company helping businesses of all sizes to stay secure.
Powered by the brightest security experts, Hold Security works with companies around the world to enhance their security posture. Our engineers continue to play lead roles in discovery and investigations of major security breaches, with a proven track record of success.