Down the Rabbit Hole - Attackers Moving Down As We Move Up

Presented by

Scott Scheferman - Principal Cyber Strategist, Eclyspium

About this talk

Cyber adversaries are not “sophisticated”, rather they are pragmatic. The endpoint, still the nexus of the cyber problem, is challenging lately for adversaries to evade detection and persist at the operating system level due to advances in AI/ML, EDR, and threat intelligence. The endpoint battlefield is defined by a "time advantage” that either side has over the other. Both APTs and criminal ransomware actors have adapted by going “further down the stack”, and they have arrived at firmware, hardware, and driver level TTPs (Tactics, Techniques, Procedures). There is a dire lack of visibility here, and attackers are enjoying the omnipotence and indefinite persistence that sub-operating system tactics provide. This talk will expose the reasons why attackers are going further down the rabbit hole in order to gain footholds and persist below the surface of the rest of the entire security stack. Recent examples of incidents involving such tactics will be shared and the challenges of addressing this trending attack vector will be explored.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (50)
Subscribers (3250)
Eclypsium is the industry’s leading enterprise firmware protection platform - providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.