Last weekend (11th February), members of the Awen Collective team joined hundreds of other fantastic individuals at the first in person BSides Cymru cyber event since 2019. Hosted at the Angel Hotel, Cardiff, industry specialists from all over the world gathered together to share their latest findings across a whole day of talks.
The morning started with an opening speech by the organisers, followed by a keynote from John Shier, senior research scientist at Sophos. In his talk, he discussed the evolution of cyber criminal activity and how we as the defenders can use this knowledge to adapt and evolve ourselves. This was a brilliant introduction to the ethos within BSides, a welcoming community with talks designed to be engaging for experts but welcoming and understandable to newcomers within the Tech industry. The keynote itself started with a history of major changes that then moved on to discussing the rise of ransomware and even modern malwares targeting the underlying technologies supporting Cloud/Server systems such as ESXi. During the talk, John discussed a previous company that had become the subject of a long term cyber attack. This company had a significant intrusion and eventually paid the ransom that came with the attack. What I found fascinating is that the criminals themselves left what could be considered a fairly in depth penetration testing report on how they targeted the company and then actively exploited the systems at each step. Overall, a brilliant first discussion to kick off the event!
The second talk I attended was Jaime McCallion’s “Risky Business: using risk-based analysis to detect bad things”. As someone without much prior knowledge of risk analysis, it was a welcome introductory session into the current landscape as well as potential avenues for research in the field. The talk opened with an overview into previous systems that have developed over the years to monitor risk within a company. The latter half of the talk was focused on developing a risk management system that scores risk based on dimensions such as Sources, Destinations, system processes etc and gives them a simplified score for each alert. When any given device reaches a threshold of cumulative score in a given time period, a comprehensive alert is then generated and submitted to the SOC team. I later caught up with Jaime to discuss personal thoughts on this system as my immediate thought was a concern that this form of cumulative risk scoring would cause a trend in cyber attacks to longer, less aggressive attacks. Something I had not considered prior to the conversation was the fact that these trends are already occurring and as such, would likely have little impact on global trends in cyber activity. This talk is the one that has stuck with me the most, a really thought provoking perspective into a related field!
Besides attending other talks throughout the day, I was fortunate to be invited to give a talk of my own, hosted by the Trans Tech Tent volunteer group. The talk was based on our work at Awen Collective and aptly titled “Giving you the ICK: Industrial Cyber Knowledge for n00bs”. The aim was to provide a brief introspective into the industrial landscape and the challenges that many companies face when it comes to securing themselves from OT Cyber threats. This was my first time presenting to an audience and it was the perfect opportunity to engage with a new audience in an area that is quickly becoming a significant concern within the industry.
In summary, Bsides was an amazing opportunity for the industry to come together and share our knowledge, with a common goal of protecting society as a whole. Being given the opportunity to both attend and present was a true joy and we at Awen look forward to future events.