Playing cat and mouse with the Adversary: Sometimes a breach is inevitable - c0c0n 2023 talk | 06 October 2023
Speaking at c0c0n hacking and cyber security conference every year is more like an annual ritual for me. Additionally, I get to see many of my friends and the security community members. My talk title was "Playing cat and mouse with the Adversary: Sometimes a breach is inevitable" and here is the abstract for my talk: If there is one thing that almost everyone in the cyber security industry becomes numb to; then, it has to be the news of an organization being compromised, either by a ransomware group or by state sponsored threat actor. There is no organization that is immune to attacks, to the ones that invest billions in security and the others at the opposite end of the spectrum.
To keep pace with threat landscape and enhance the defenses against such threats, organizations are required invest in new generation of security products and services. This in turn has developed into a game of cat and mouse, with no end in sight. Organizations are mostly driven by the demands of the market and that of external stakeholders, primarily regulatory bodies. This talk shall focus on a recent high-profile hack, targeted Microsoft, exponentially more sophisticated than the previous attacks, driven by distinct goals, pulled off by different skillsets, more detailed and patient than the other.
As outlined extensively in Microsoft blog posts, Storm-0558 represents a threat actor originating from China with espionage goals. Commencing on May 15, 2023, Storm-0558 utilized falsified authentication tokens to gain entry into user email accounts across roughly 25 organizations, comprising government agencies and associated consumer accounts within the public cloud. As per the comments from Microsoft, no other systems were affected and Microsoft effectively thwarted this campaign initiated by Storm-0558. These hacks were effective enough to achieve their goals, or at least part of it. During this talk I will talk about a more distinct approach to security by delving into Adversary simulation, purple teaming, Breach and attack simulation and other offensive security powered operations, which would ultimately help you to assess the security defense posture of your organization, identify gaps and be ready when the boogeyman is coming your way. The talk will explore how threat Intel powered threat actor or ransomware simulation/APT simulation could uncover the effectiveness of your cyber defense capabilities in terms of people, process, and technology. The talk will also look into maximizing the potential/value of security investments such as security products, systems, policies, security staff etc; by assessing how well are they configured and evaluate the response readiness to threats.