On 22nd October I had the unique opportunity to listen to the Quarterly Cyber Threat Report (QCTR) event of the Center of Cybersecurity Belgium (CCB). This event is normally very confidential and only open for members of the CCB, but this was the second edition open for the public. The only thing you had to was register yourself and promise you will not share any confidential data. Of course, I am going to respect that so that’s why this post will be a lot shorter than the others.
An exclusive event
The event started with an explanation about Safeonweb’s campaign of 2020. With a short video, they explained how important Multi-Factor Authentication (MFA) is. A lot of people don’t know what MFA is or that you can implement it for your Facebook or Instagram account.
MFA for your social media account is not that difficult to implement. Just follow these steps for Facebook and these steps for Instagram.
Next, there was a presentation about the benefits of using SSL certificates. The presenter talked about the increase in trust, SEO, and the warnings in the browser. He then showed us how easy it was to get a list of websites with expired SSL certificates.
We also got some useful links:
- SSL certificate best practices
- list of online site configuration tests
- site configuration test via command line
After a short break, the event really got interesting because then we got a detailed explanation of the evolution of Emotet and a detailed report of a DDoS attack.
Emotet is a Russian banking Trojan mainly transferred in email attachments or URLs. It’s mostly seen in business-to-business communication and it even takes the European working hours into account. It was first detected in 2014 but is still active.
The next presentation was the most profound of all. In this presentation, they explained the anatomy of a DDoS attack. They took a real-time case with a still on-going investigation and showed us how that specific attack they’re investigating evolved over the last weeks.
This presentation was very educational and I’m glad that I was allowed to listen to this – although I am not allowed to talk about the details of course.
Last but not least, there was a more general presentation to give tips about certain topics like Ransom Distributed Denial-of-Service (RDDoS) and Advanced Persistent Threats (APTs).
RDDoS is like a classic DDoS but here a ransom is asked. To stop the attack and regain your availability you have to pay a certain amount to the attacker. This type of attack is getting more and more popular.
An advanced persistent threat (APT) is a stealthy threat actor, typically a nation-state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. Some groups utilize traditional espionage vectors, including social engineering, human intelligence, and infiltration to gain access to a physical location to enable network attacks. The purpose of these attacks is to install custom malicious software.
Wikipedia
The tips that they gave on RDDoS and APTs were:
- Develop a DoS response plan.
- Implement defense-in-depth; combine firewalls, content filtering, load balancing, and anti-DDoS.
- Consider anti-DDoS-as-a-service in the cloud.
- Protect your entry points with VPN, RDP, Citrix, and a Zero-Trust network.
- Watch your network for the exfiltration of data.
They gave some resources as well:
Let me be honest
To be honest… It wasn’t truly what I expected when I registered for this event. I thought it would be more detailed than this. I anonymized everything and left out some details but much more than this was not discussed.
But it certainly was nice and interesting to hear some exclusive security info about things that are happening right now and hence are very relevant at the moment.
