Name: Iranian-Backed OilRig Group Returns with Next-Generation Malware
Start: 2018-03-29T19:00:00Z
End: 2018-03-29T19:42:59.000Z
Location: BrightTALK
Rating: 5

Nyotron pioneers a new generation of automatic Endpoint Detection and Response with integrated protection called Endpoint Prevention and Response (EPR). Our product prevents damage from malware that evades existing security layers and offers granular visibility into the attack. Based on the OS-Centric Positive Security, Nyotron's PARANOID automatically whitelists trusted operating system behavior and rejects everything else. No manual threat hunting, baselining, machine learning or cloud connectivity required. With PARANOID organizations gain true defense-in-depth protection against the most advanced attacks. Nyotron is headquartered in Santa Clara, CA with an R&D office in Israel. To learn more, visit www.nyotron.com.

Ransomware-as-a-service and big game hunting: Gain a basic understanding of the two most popular Ransomware extortion methods used by Ransomware gangs and employed to create a product to extract revenue from the victims (customers). See for yourself how to gain a foothold and understand a shift in defense posture in order to prevent catastrophic Ransomware damage.

Join this webinar to learn more about  Ransomware as a business model that needs to be understood in the proper context. In that context, you are the product.

Why the next Ryuk Ransomware will bypass your defenses

Just like legitimate businesses adapt, transform and innovate, cybercriminals behind major strains of ransomware are updating their business model. Ransomware crooks are no longer just scrambling your data and demanding you to pay up to get it back. They’re upping the ante by stealing your data first and only then encrypting it. That way the criminals hit you with two reasons to pay: buy back the decryption key AND prevent us from telling the world we hacked you (or selling your data to the highest bidder).

Join our webinar to learn about the history of this transformation, hear the latest examples of organizations affected by this type of leakware (aka doxware) and see a live demo of exfiltration-enabled ransomware.

From Ransomware to Leakware

What are the unique challenges for CISOs of Healthcare and Pharma organizations? What are their top priorities for 2020? What attacks are they seeing today and how do they believe the cybersecurity industry will change in the next decade? These and many other questions will be covered during this interactive panel discussion.

Panelists:
Jason Barnett is the Assistant Vice President of Information Security for HCA Healthcare, a Fortune 100 organization. He has spent more than 20 years in the technology field with a primary focus on threat detection and response. Prior to joining HCA, he built a security consultancy focused on remediation of healthcare regulatory compliance findings.

Jeffrey Moore is a seasoned cyber-security leader with experience in large, complex organizations. For the last 7 years, Jeff has served as the Global Head of Cyber-Security at a fortune 500 Pharma company. Prior to that, Jeff has worked at several Fortune 500 companies in retail, software, sports as well as the space industry. 

Michael Berry is Director and Chief Information Security Officer at Kettering Health Network. He has extensive information security experience across the healthcare industry.

Moderators:
Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.

Healthcare CISO Panel - Cybersecurity Today and in 2030

Israel, a country of 9 million people, created 300+ cybersecurity startups, exporting billions worth of cybersecurity products every year and convincing more than 30 multinationals to open local R&D centers. Why and how did this become possible?

In this talk Michael Kenney, Vice President; Strategy & Corporate Development at Ingram Micro Cloud will interview Nir Gaist, Founder and CTO of Nyotron, an Israeli-born endpoint security startup. In 2018, Ingram Micro Cloud partnered with MassChallenge to launch the Comet Competition - an annual challenge to discover the world’s most talented B2B ISVs. Not surprisingly, a number of Comet's winners come from Israel.

Speaker:
Nir Gaist, Founder and CTO of Nyotron, is a recognized information security expert and ethical hacker. He started programming at age 6 and began his studies at the Israeli Technion University at age 10. Nir has worked with some of the largest Israeli organizations, such as the Israeli Police, the Israeli parliament and Microsoft’s Israeli headquarters. He also wrote the cybersecurity curriculum for the Israel Ministry of Education. Nir holds patents for the creation of a programming language called Behavior Pattern Mapping (BPM) that enables monitoring of the integrity of the operating system behavior to deliver threat-agnostic protection.

Moderator:
Michael Kenney, Vice President; Strategy & Corporate Development at Ingram Micro Cloud. Michael leads M&A and investment strategy for Ingram Micro - world's largest distributor of information technology products serving more than 200,000 customers in approximately 160 countries.

Why Israel is the Pioneer in Cybersecurity?

Are you still using “traditional” antivirus to protect your endpoints? Are you losing sleep over what to do next, and how to better protect your organization from ransomware and other advanced attacks? Your colleagues have probably told you about so-called NGAV product migration and tuning nightmares. You have also heard about Endpoint Detection and Response (EDR), but wonder if you can afford it from both staffing and budgetary perspectives.

Join this webinar to get the clear breakdown of all options on the table with the corresponding pros and cons. If you are looking for ways to augment or replace your AV, this webinar is for you.

Speaker:
Nir Shafrir leads field engineering and customer success for Nyotron. He has experience across endpoint and network security, starting from a small Israeli cybersecurity startup through larger companies like Trusteer (now an IBM company). Shafrir earned a bachelor’s degree in Computer Science from the Open University.

NGAV or EDR. What Should We Trust?

Ransomware, ransomware, ransomware. Why are our current endpoint defenses so inefficient? We will take three leading endpoint security (antivirus) products and demonstrate live how ransomware developers use trivial techniques to bypass all of them. Often a single line of code is all that’s needed to render antivirus ineffective and all data lost.
 
NOTE: This webinar is applicable to technical audience only. We will be digging right in the source code and compiling ransomware on the fly.

Presenter:
Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.

How Does Ransomware Fool Top Antivirus Products?

Never let a crisis go to waste. That’s the attitude of most attackers being played out in cyberspace in the past few months. In this webinar we are going to review the types of attacks that specifically leverage the coronavirus pandemic. From phishing to BEC, from ransomware to state-sponsored disinformation campaigns and more. Whether you are in healthcare or in tax and accounting, no one seems to be safe. 

Awareness is the first step in preparing your organization for the possible impact and making plans to bolster your defenses.

Speaker:
Ira Winkler is one of the world’s most influential security professionals and a repeat speaker at the RSA Conference. He has designed and implemented security awareness programs at organizations around the world. Ira began his career at the National Security Agency as an Intelligence and Computer Systems Analyst.

Review of Cyberattacks Leveraging the COVID-19 Pandemic

The COVID-19 Coronavirus pandemic provides cyberattackers with opportunities to wreak havoc. The key to thwarting their attacks is knowing how they are leveraging the crisis for their nefarious purposes. And whom better to ask than experts who know how threat actors think and operate? 

Join us for a community webinar with three renowned whitehats who will predict the attack vectors and tactics blackhats will use to take advantage of the fact employees are struggling with fear, uncertainty and isolation while working from home. You will gain invaluable insight into the attacker’s mindset and learn how to harden your organization’s defenses.

Panelists:
Chris Roberts is one of the world's foremost experts on counter threat intelligence and vulnerability research within the information security industry. Robert was part of Attivo Networks, LARES, Acalvio Technologies, among others.

Rod Soto is a Security Researcher and co-founder of HackMiami and Pacific Hackers conferences. Rod spent over 15 years in IT and security in organizations like Akamai, Splunk and JASK. He is a frequent speaker at cybersecurity conferences.

Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.

Ira Winkler is the Lead Security Principal for Trustwave. He has designed and implemented security awareness programs at organizations around the world. Ira began his career at the National Security Agency as an Intelligence and Computer Systems Analyst.

COVID-19 - What Will Attackers Do?

Every time a cyberattacker tricks a user into clicking on a malicious link or downloading a malicious file, all the blame falls on the user’s shoulders. The experts insist the solution is more education and training to increase user’s awareness levels. This is like saying that if a canary dies in a coalmine, we need to make canaries healthier. With 90%+ of successful attacks supposedly the result of user action, we need to reconsider how we look at these attacks. Using counterterrorism and safety science strategies, we break attacks down into 3 phases: Left of Boom, Boom, and Right of Boom. We then focus on Right of Boom, and go into strategies to mitigate potential loss initiated by the user actions.

The reality is that no matter how well prepared your users are, there will always be some action that initiates loss. Consider that even if users are 100% aware, there will always be a malicious user, where awareness helps their attacks. This presentation addresses the inevitable and lays out a multi-tiered strategy to proactively mitigate loss.

Presenter:
Ira Winkler is recognized as one of the world's experts in Internet security, information warfare, information-related crime investigation, and industrial espionage. Mr. Winkler began his career at the National Security Agency (NSA), where he performed cryptanalysis and was responsible for systems design and implementing security for intelligence collection and analysis systems. He is the author of multiple cybersecurity books.

Right of Cyber Boom

The healthcare industry is a high-value target for cyber criminals. They can’t pass up the myriad opportunities to extort ransom payments, breach sensitive health data for insurance fraud, and find disaffected patients for class action suits. What can healthcare organizations do to strengthen their defenses? Michael Osterman, President of Osterman Research, will provide the answers in our webinar.

Michael will present the findings of his firm’s latest research:
-Types of threats targeting healthcare organizations
-Why is this industry so attractive to malicious actors
-What attack trends to expect next
-How can healthcare organizations avoid being the next victim

Presenter:
Michael Osterman, CEO and Founder of Osterman Research, will host this interactive session. He will present the findings of his firm’s latest research, provide his expert advice on how to become more proactive in identifying and thwarting threats, and answer your questions.

Cybersecurity Challenges and Solutions in Healthcare

Verizon research finds that more than 90% of data breaches result from user failures. The industry’s response has long been to recommend implementing employee awareness training programs, but that’s has proven to be largely ineffective. Even after undergoing training, users will inevitably make mistakes. Awareness also does nothing to prevent malicious user actions. 

In this webinar, I will introduce you to someone who can help: the Human Security Officer.

I’ll explain why your organization should create the position of Human Security Officer - someone who is responsible for identifying any business processes that are susceptible to data breaches resulting from human vulnerabilities, and determining the technology, process and awareness countermeasures to prevent and mitigate the losses. I will also cover the processes to identify the underlying vulnerabilities and then prioritize the countermeasures.

Presenter:
Ira Winkler is recognized as one of the world's experts in Internet security, information warfare, information-related crime investigation, and industrial espionage. Mr. Winkler began his career at the National Security Agency (NSA), where he performed cryptanalysis and was responsible for systems design and implementing security for intelligence collection and analysis systems. He is the author of multiple cybersecurity books.

Introducing the Human Security Officer

The public sector is under attack. Ransomware and other malware besiege government agencies, municipalities, law enforcement and utilities nationwide every day.

In this webinar, based on the research performed by Osterman Research, we will address the following:
-Types of threats targeting state & local organizations
-Why is this industry so attractive to malicious actors
-What attack trends to expect next
-How can state & local organizations avoid being the next victim

Michael Osterman, CEO and Founder of Osterman Research, will host this interactive session. He will present the findings of his firm’s latest research, provide his expert advice on how to become more proactive in identifying and thwarting threats, and answer your questions.

Cybersecurity Challenges and Solutions for State & Local Governments

Steganography has been used for centuries to hide a secret message in an otherwise harmless container. Its latest iteration is a malware delivery vehicle. 

In this webinar we will review how malware developers use steganography for their devious purposes. Traditionally, steganography was leveraged for covert communication (e.g., exfiltration of sensitive data from an organization in the way that bypasses DLP and other security controls). More recently, it has become a carrier for malware. For example, in the latest attack targeting a Nyotron customer, that our endpoint prevention and response (EPR) solution detected and blocked, the Ursnif banking trojan attempted to use steganography to insert a malicious Powershell script into the organization.

Join us for a brief overview of steganography, its use in the physical and digital worlds, followed by a step by step walkthrough and demo of a recent attack leveraging steganography. 

Presenter:
Ira Winkler is recognized as one of the world's experts in Internet security, information warfare, information-related crime investigation, and industrial espionage. Mr. Winkler began his career at the National Security Agency (NSA), where he performed cryptoanalysis and was responsible for systems design and implementing security for intelligence collection and analysis systems.
Ira Winkler is the author of multiple cybersecurity books.

Steganography + Malware - a Match Made in Hacker Heaven

Remember WannaCry - the ransomware attack that two years ago infected Windows devices across 150 countries and resulted in an estimated damage of $4B?. We now know that WannaCry was completely preventable. Microsoft had issued a patch two months prior to the attack. If you think WannaCry was bad, brace yourself: We have discovered a technique that attackers may use to deliver ransomware that most organizations have no way to detect or prevent.

This webinar will cover a Windows evasion technique called “RIPlace” that, when used to maliciously alter files, bypasses most existing ransomware protection technologies. In fact, even Endpoint Detection and Response (EDR) products are blind to this technique, which means these operations will not be visible for future incident response and investigation purposes. 

The technique leverages an issue at the boundary between a Windows design flaw and improper error handling of an edge-case scenario by filter drivers of security products. While not a vulnerability per say, the technique is extremely easy for malicious actors to take advantage of with barely two lines of code. RIPlace abuses the way file rename operations are (mis)handled using a legacy Windows function.

We will review existing ransomware detection methods, the workflow of a typical ransomware and provide a live demo of RIPlace bypassing a number of anti-ransomware technologies.

Presenter: Nir Gaist, Founder and CTO of Nyotron.
Nir Gaist is a recognized information security expert and ethical hacker. He has worked with some of Israel’s largest public and private sector organizations, such as the Israeli Police, the Israeli parliament and Microsoft’s Israeli headquarters. He also wrote cybersecurity curriculum for the Israel Ministry of Education. Nir holds patents for the creation of a programming language called Behavior Pattern Mapping (BPM) that enables monitoring of the integrity of the operating system behavior to deliver threat-agnostic protection.

“RIPlace” - Does It Make Ransomware Unstoppable?

At the end of the day it is not about the technology that runs the system but the humans that detect, respond, and or are co-opted to circumvent it.  This session will provide insight into attacks as well as the human breach interactions.

ISSA International Series:  Breach Response - Humans in Security

Overview:
Endpoint Detection and Response (EDR) has been rising in popularity after the realization of major gaps in the anti-malware technologies. But is EDR already becoming obsolete? 

Join this webinar to be the first to get the results of the latest Osterman Research survey on EDR.

Guest speaker Osterman Research Founder Michael Osterman and Nyotron Sr. Director of Product Rene Kolga will review the survey findings and discuss the critical role of EDR in modern organizations, and how it must evolve to keep pace with the ever-changing threat landscape. 

Attendees will learn:
•Why organizations are turning to EDR
•Ranking of EDR features
•Possible concerns about deploying EDR solutions
•What questions you should ask an EDR vendor
•Why the future of EDR is spelled E-P-R

Endpoint Detection and Response - Past, Present and Future

Most security solution buyers assume they’re protected against known malware. Numbers like 99.9% are common in vendors’ marketing materials. Hence, efficacy conversations tend to focus instead on the solution’s performance against the unknown, zero-day threats. However, with between half a million and one million new pieces of commodity malware created every day, how are antivirus solutions keeping up? Where is this database of signatures, hashes, reputation and behavior stored for over a billion of known pieces of malware? Is the 99.9% number an illusion or reality?

In this webinar we will leverage a study of three leading antivirus products against 60,000 pieces of known new and old malware. The results will surprise you...

Does the ILOVEYOU virus from the year 2000 still pose a threat? You’ll have to join this webinar to find out.

Can ILOVEYOU Still Infect You?

What will 2019 bring for the security landscape? How many Marriott-like breaches should you expect? What new types of attacks are you likely to see, and what can you do now to prepare for them? Nyotron’s team of security experts will have the answers for you during our December 19th live webinar. 

Making informed predictions first requires thinking back on 2018 with a critical eye. We will review a few of the most significant vulnerabilities and data breaches that made national headlines, from the City of Atlanta to Meltdown and Spectre, to the Marriott debacle and why the healthcare industry appears unable to defend itself. Our panel will also discuss the issues and trends they expect will dominate 2019, including adversarial artificial intelligence (AI) and destructive attacks on ICS.

We will wrap up with ideas on how you can make an effective case for additional security budget and how to educate yourself about the changing threat landscape (and to get those CPE’s before the year’s end).

Beyond the Marriott Breach - What to Expect in 2019

Nyotron’s research team began tracking new active OilRig attacks on a number of organizations across the Middle East in November 2017.  Our security team has discovered that the Iran-linked OilRig group has significantly evolved its tactics, techniques and procedures (TTPs), introduced next-generation malware tools and new data exfiltration methods since previous attacks.

Among key advancements, the new variant of OilRig introduces a variety of new command and control (C&C) and data exfiltration capabilities using Google Drive, SmartFile, a file sharing and transfer solution, and an ISAPI filter to extend the functionality of Microsoft Internet Information Services (IIS) servers. 

During this webinar, Nyotron will provide technical details of the attacks along with the TTPs used and the timelines to help security professionals deal with this threat actor in the future.

Iranian-Backed OilRig Group Returns with Next-Generation Malware

Cyber Attacks

Security

Malware

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Research and Development

In today’s economic climate, successful small businesses need to overcome an array of challenges. Client dependence, legal issues, small business financing… as an entrepreneur, where can you find the information you need to help inform your decisions? In the small business management community, discover how you can create a successful small business from the business plan up!

Small Business

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Iranian-Backed OilRig Group Returns with Next-Generation Malware

Presented by

About this talk

More from this channel