Tag Archives: sas

Trumpets, drum roll, applause, cheering, whistling! Herewith, two bits of news for you: one good, the other – even better!…

First: this year we’ll be having our 15^th annual cybersecurity conference – the Security Analyst Summit (SAS). Fifteen? Oh my gone-where-has-the-time?!

Second: We’re finally back to an offline, aka – in-person, aka – face-to-face format, just like old times!

// In recent years this conference and indeed many others have been online.

Our tradition of annually bringing together top cybersecurity experts, academics and business folks from all around the world in a warm and pleasant location began way back in 2009. (Blimey – 2009 seems like yesterday; it’s a full 14 years ago!) Back then it was a lot smaller in size, but over the years it’s grown gradually to become one of the key yearly fixtures on the global cybersecurity-event calendar.

// For those who might want to review how SAS has developed over the years, check this tag out.

This year the warm and pleasant location will be Phuket in Thailand, where the conference will run from October 25 to 27. As usual we’ll be presenting, sharing and discussing the latest trends in cybersecurity (including recently uncovered APT attacks) plus cutting-edge achievements in the field of research and technology.

Spoiler: emphasis will be placed on the following topics:

• Protection of industrial infrastructure;
• ICS/OT security;
• Supply-chain and IoT attacks;
• Methods for tackling ransomware and the darknet;
• The unveiling of our new training course in reverse engineering and Ghidra – presented by our GReAT.

And we’ve already announced the call for papers! If you want to present your ground-breaking research or innovational solution, enter the respective info on the site…

So there you have it folks – SAS 2023: approaching fast. It’s going to be GReAT, it’s going to be interesting, it’s going to be super-informative, it’s going to be a super-success – as always!…

See you in Phuket!…

In closing – a quick SAS photo-retrospective…

The world seems to be slowly opening back up – at least a little, at least in some places. Some countries are even opening up their borders. Who’d have thought it?

Of course, some sectors will open up slower than others, like large-scale events, concerts and conferences (offline ones – where folks turn up to a hotel/conference center). Regarding the latter, our conferences too have been affected by the virus from hell. These have gone from offline to online, and that includes our mega project the Security Analyst Summit (SAS).

This year’s SAS should have taken place this April in one of our favorite (for other K-events) host cities, Barcelona. Every year – apart from this one – it takes place somewhere cool (actually, normally quite hot:); for example, it was in Singapore in 2019, and Cancun, Mexico, in 2018. We’d never put on a SAS in Barcelona though, as we thought it might not be ‘fun’ or ‘exotic’ enough. But given that folks just kept on suggesting the Catalonian city as a venue, well, we finally gave in. Bit today, in May, we still haven’t had a SAS in Barcelona, as of course the offline, planned one there had to be postponed. But in its place we still had our April SAS – only on everyone’s sofa at home online! Extraordinary measures for extraordinary times. Extraordinarily great the event turned out to be too!

But we’re still planning on putting on the offline SAS in Barcelona – only later on, covid permitting. But I’m forever the optimist: I’m sure it will go ahead as planned.

It turns out there are quite few upsides to having a conference online. You don’t have to fly anywhere, and you can view the proceedings all while… in bed if you really want to! The time saved and money saved are really quite significant. I myself watched everything from a quiet corner of the flat (after donning my event t-shirt to get into SAS mode!). There were skeptics, however: an important element of any conference – especially such a friendly, anti-format one like SAS – is the live, human, face-to-face interaction, which will never be replaced by video conferencing.

I was really impressed with how things went. Kicking it off we had more than 3000 folks registered, out of which more than a thousand were actually watching it any one time over the three days – peaking sometimes above 2000. Of course most would have picked and chosen their segments to watch instead of watching it non-stop. The newly introduced training sessions, too, were well attended: around 700 for all of them – a good indicator folks found them interesting.

And for SAS@Home a special program had been prepared – and all in just two weeks! Why? Well, the heart of our conference is hardboiled, hardcore geekfest techy stuff: very detailed investigations and reports from the world’s top cybersecurity experts. But for SAS@Home the audience was to be bigger in number, and broader in audience profile – not just tech-heads; so we experimented – we placed an emphasis on a learning program, not in place of the detailed investigations and reports, but in addition to them.

And we seemed to have gotten the balance just right. There was the story of the Android Trojan PhantomLance in Google Play, which for several years attacked Vietnamese Android users. There were presentations on network security and zero-day vulnerabilities. On the second day there was the extraordinarily curious talk by our GReAT boss, Costin Raiu, about YARA rules, with a mini-investigation about chess as a bonus!

After that there was Denis Makrushkin on bug-hunting and web applications. And on the third day things got really unusual. It’s not every cybersecurity conference where you can hear about nuances of body language; or where – straight after that comes selecting methods of statistical binary analysis! But at SAS – par for the course ).

As per tradition, a huge thanks to everyone who helped put on the show: all the speakers, the organizers, the partners from SecurityWeek, the viewers, the online chatters, and the tweeters. And let’s not forget the flashmob we launched during SAS – quarantunities – dedicated to what folks have been getting up to during lockdown at home, including someone starting to cook every day, someone learning French, and someone else switching from life in the metropolis to that in the countryside.

In all, a great success. Unexpected format, but one that worked, and then some. Now, you’ll no doubt be tiring a little of all the positivity-talk of late about using the crisis and lockdown to one’s advantage. Thing is, in this instance, I can’t do anything but be positive, as it went so unbelievably well! Another thing: ‘We’ve had a meeting, and I’ve decided’ (!) that this online format is here to stay – even after covid!

Finally, one last bit of positivism (really – the last one, honest :). As our experts David Jacoby and Maria Namestnikova both pointed out during the final session, there are other positive things that have come out of quarantining at home: more folks are finding the time to stay fit with home exercise routines; there’s an emphasis being put on physical health generally (less rushing about and grabbing sandwiches and takeaways, etc.); folks are helping each other more; and levels of creativity are on the rise. Indeed, I’ve noticed all those things myself too. Nice. Positive. Eek ).

That’s all from me for today folks. And that’s all from SAS until we finally get to sunny Barcelona. Oh, and don’t forget…: another one for your diary for next year: SAS@home-2021!

PS: Make sure to subscribe – and click the bell for notifications!! – to our YouTube channel: we’ll be putting up there recordings of all sessions gradually. Yesterday the first one was published!…

As many of you will know, every year we organize the mega security conference called Security Analyst Summit in an interesting (at least sunny, often sandy) location. The event is something different for the industry – never dull, never boring, never format-following. We bring together big-name speakers and guests in an exclusive invite-only format to discuss the very latest – loudest – cybersecurity news, investigations, stories, curiosities and so on. No politics! Only professional discussion of cybersecurity – but lightly, relaxed, friendly… awesomely! And we do it so well SAS is becoming one of the most important conferences in the industry. By way of example, here’s my write-up on last year’s event – in Singapore.

Now, this year’s event – our 12^th! – should have opened today, April 28, in sunny Barcelona. But of course – for obvious reasons, that’s just not happening (.

However, we felt that to cancel SAS would be giving in; we couldn’t just drop it this year: how would world cybersecurity cope?! Accordingly, we decided to premiere this year’s SAS online; and not only that but… – for free (!), and for everyone and anyone who wants a taste! Soooo – here’s introducing: SAS@Home, and it’s starting later today (11am Eastern; 8am PST, 4pm London, 6pm Moscow), so hurry up and register! More than a thousand folks have already registered, so it looks like the new format isn’t putting people off. We’ll just have to see how this first online SAS goes; maybe in the future we’ll have two running parallel – online and offline!

Here’s a quick overview of the schedule:

Read on…

“Buenos tardes!” said the hospitable Yucatán native. And then, smilingly, ushered us toward a particular line for passport control – which took a full 90 minutes for us to get to the front of!

“Buenos noches!”, we answered, while muttering other phrases under our breath I shouldn’t repeat here. But it got worse: out of a full 30+ passport control windows only six (6!) were working! And it was clear the border control staff wasn’t in any way speeding up its work given this avia-logisitical collapse. But then, it turned out, upon our asking if this was indeed a one-off collapse, that this happens all the time: several flights arrive around the same time all the time. So, like, they’re fully aware of the problem, but do nothing about it! I mean, they should be happy for all the dollars all these (many!) tourists arriving in Mexico every day will be spending, but they treat them with contempt! At one point I thought there could be some kind of revolt and lynchings; indeed a fight did break out in the next line to us (I think with tourists from Canada): someone got punched in the face for jumping the line!

Actually, we love(d) Cancun: since 2011 we’ve put on a full 12 (!) business events here – including the one I’m about to tell you about! Good infrastructure, safe, ocean, beaches, sun, tequila, and venues able to handle 500+ guests for large conferences (like our Security Analyst Summit (SAS), which, incidentally, took place here a full three times, in 2012, 2015 and 2018). And what else do we ask of a destination for our bashes? For all our guests to NEVER have to wait in lines at the airport for hours after a long flight. But this clearly is unattainable. Therefore, accordingly, this is the LAST event of ours in Cancun. Buenos huegos. No, better…: Buenos &!#*%!!

The basic ingredients for the format were present, as per: first work hard – then play hard! But the world is changing, audiences are changing too, and then there are all the geopolitical cataclysms that come in waves – which we sometimes even try to surf ). Accordingly, we made a few changes to the basic format.

Read on

Hi folks!

Herewith, the next in my series of occasional iNews, aka cyber-news from the dark side updates – this one based on some of the presentations I saw at our annual Security Analyst Summit in Singapore last month.

One of the main features of every SAS is the presentations given by experts. Unlike other geopolitically-correct conferences, here the analysts up on stage share what they’ve discovered regarding any cyberthreat, no matter where it may come from, and they do this based on principle. After all, malware is malware and users need to be protected from all of it, regardless of the declared virtue of the intentions of those behind it. Just remember the boomerang effect.

And if certain media outlets blatantly lie about us in response to this principled position, so be it. And it’s not just our principles they attack – for we practice what we preach: we’re way ahead of the competition when it comes to the numbers of solved cyberespionage operations. And we’re not planning on changing our position in any way to the detriment of our users.

So here are a few synopses of the coolest investigations talked about at SAS by the experts behind them. The most interesting, most shocking, most scary, most OMG…

1. TajMahal

Last year, we uncovered an attack on a diplomatic organization from Central Asia. Of course, that an organization like that is interesting to cybercriminals should come as no surprise. The information systems of embassies, consulates and diplomatic missions have always been of interest to other states and their spy agencies or generally any bad guys with sufficient technical ability and financial wherewithal. Yes, we’ve all read spy novels. But here was something new: here a true ‘TajMahal’ was built for the attacks – an APT platform with a vast number of plugins used (we’ve never seen so many used on one APT platform – by far) for all sorts of attack scenarios using various tools.

The platform consists of two parts: Tokyo and Yokohama. The former is the main backdoor, which also fulfils the function of delivery of the latter malicious program. The latter has very broad functionality: stealing cookies, intercepting documents from the printer queue, recording VoIP calls (including WhatsApp and FaceTime), taking screenshots, and much more. The TajMahal operation has been active now for at least five years. And its complexity would suggest that it’s been built with more than one target in mind; the rest remain for us to find…

Details of this APT-behemoth you can find here.

Read on…

Hi folks!

My April journeying continues. It’s already seen me visit such charming cities as Hanover, Baku and Dubai (reports thereon coming soon). Next stop – Singapore. The garden city, the island wonder – one of my fave cities on the planet, if not the fave. But oh it’s hot. And, oh, it’s humid. But it still remains the city of the future. Maybe that’s why I like it so much?…

First, a few ok pics (mine), and some really good pics (not mine; I still need practice) of this wonder-city – by day, by night, of the ships waiting in line for access to the port:

So why was I here (as if I needed a reason)? Because the annual Security Analyst Summit was being held here – the eleventh! And it was… hmmm – I’ll get to that in a bit…

First – how does one go about gauging the success of a SAS? How do you measure it? Was it totally awesome, or just so-so, or something else? Well, IMHO, you can tell if it was totally awesome if, afterward, you have a strange, somewhat paradoxical feeling: on the one hand you have nothing but positive emotions – a euphoric aftershock that just won’t go away. On the other – you’re already aware that something’s sadly lacking in your life, and will stay lacking for another year – the buzz of a SAS! And on the other – third?! – hand, you feel a little… afraid – when you wonder just how on earth next year’s event will be made even better than this year’s! But then you remember how every year after a SAS you think the same thing – and the following year’s event does turn out even better, and you start to feel better again. All these psychological symptoms together should really be called ‘post-event syndrome’. Must remember that term for next time…

Oops. I’ve digressed. Let me get back to ‘was it good?’. It was, as I hope the previous paragraph indicates. But also – have a look at all the comments, links, likes…

If you’re a new reader here, and maybe SAS is new to you too, briefly, SAS is: an annual event bringing together experts (and the press, bloggers) from all over the world to basically talk to each other, in an informal setting, all about cybersecurity. Announcements, presentations, achievements, challenges, industrial CTF, etc., etc. For a bit more on the SAS template, go here.

Next up: where, why, how, who, from where…

SAS-2019 brought on a ferocious bout of post-event syndrome, whose intensity was all the more acute due to fears that some folks might pull out due to geopolitical reasons. But in the cybersecurity industry folks think with their heads and aren’t swayed by sensational headlines. After all, battling the cyber-baddies is only effective when done together, exchanging information, and telling each other about our victories over the computer underground. Cybercriminals know no borders. And the cyber-goodies shouldn’t be limited by them either. And I’m so glad that our colleagues and competitors in the industry feel the same way.

So, there we were fearing no-shows, but in the end not only did everyone turn up but even more did than we expected! But that figures really – for who doesn’t want to get better acquainted with the company that’s being targeted because it takes a principled stand on protecting users from any cyber-vermin, no matter who may be responsible for it and no matter how much it roils certain very powerful cyberwar-mongers. SAS-2019 broke all its own records: 500+ guests, 100+ contributors, 34 countries represented, ~70 presentations, ~10 workshops and training sessions, and more coverage on social media and in the press than ever before.

Right, where did it all start this year. Ah yes, like every year – it all starts actually months in advance when a countdown clock starts showing the number of days, hours and minutes there are left until the event. Fast forward to the morning of the first day, and those clocks have just minutes left, and the anticipation is hitting fever pitch… All the kit and chairs are in place, microphones fully charged, lighting and visual effects all set up, cameras ready (prepare to flash)…

One minute left…

And we’re off!

After a short welcoming speech, I was pinged to get up on the stage. Of course I obliged, gave a very warm warm-up speech, and also took some pics of the audience from the stage. Why should the audience have all the happy-snapping fun, eh? )

After me it was expert after expert sharing their stories – each one fascinating…

This year the number of presentations was the highest it’s been, as mentioned above, but the diversity of types of presentations was real wide too: some were very technical; others were more business-oriented; there were special training sessions on reverse engineering and other methods for pursuing the cyber-swine; a mini-exhibition; an open presentation room for rooky specialists, and a new feature called SAS Unplugged… As to the best of the best content – that will be coming up shortly in a separate cyber-news-from-the-dark-side post.

This year’s SAS brought us for the first time the following:

• Separate cybersecurity white-hat hacking streams;
• A small exhibition of participating companies;
• Industrial topics;
• Lots of other stuff, but I can’t quite remember it all.

Come the evening, though everyone was no doubt tired trying to take in all the new information of the day, we all headed to a super seafood restaurant I always visit when in town. Yeh! Yum!

And that was that – almost. Time left only for the final few mega-presentations that are traditionally saved till last. They really were something. If interested – have a search for them on the internet.

Then it was my turn again up on stage. ‘Thank you all for coming’, and the obligatory back-at-you pic:

PS: A big thank-you to Roman Rudakov. His ‘masterpiece button’ provided most of the photos in this post.

PPS: Briefly about where we held this year’s SAS – the Swissotel Stamford, where I’d stayed before, and which I only had negative recollections of. Not that I’m fussy when it comes to hotels. I’m comfortable up a mountainside in the cold and spending the night in a tent, but if a hotel says it’s a 5* hotel on the tin, I expect that’s what’s inside it too. Here, back in 2017 that wasn’t the case. However, this year I was very pleased with the place. Everything seemed to be in fully working order, everything seems to have been renovated, with everything shiny and new somehow. The one thing that they haven’t gotten round to is providing decent Wi-Fi, but that’s all:

Yes, I know – I still use Far Manager! I’m used to it, that’s all ).

Well that’s it for today folks, but I’ll be back with more tomorrow…

All the pics form SAS-2109 are here.

Hi folks!

You’ll no doubt already know – but just in case, here’s me telling you – that each year we put on a mega international cybersecurity conference – SAS (Security Analyst Summit) – every late-winter/early-spring. Well, it’s spring already (though there was snow again last night in Moscow!) once again, so let me tell you about this year’s event… – woah – which is only three weeks away!…

This event is unique in a full three ways:

First, it’s at SAS where both KL’s top experts plus our world-renowned expert-guests report on their latest investigations, newest findings, and most curious other cyber-news.

Second, SAS always avoids the typical / typically boring hotels or conference centers in world capitals, instead always opting for totally non-boring exotic resort venues with lots of sun, sea, sand, surf, sangria… Singapore Slings, etc.

Third, there’s always one thing that can be counted on every year at SAS – the event is overflowing with fun, despite the seriousness of the cybersecurity theme!

SAS-2018 (Cancun)

It’s fair to say that SAS is best-known for the hot – often sensational – investigative reports shared at the event. Sometimes some folks don’t like this: they think we select findings based on geography or on possible attribution, or they’d prefer if we didn’t publicize such scandalous and potentially embarrassing findings (indicating probable government financing, cyber-espionage, cyber-sabotage, etc.) and should just sweep them under the rug instead. Er, nope. That’s not going to happen. Just in case you missed the memo: we share details of any cybercrime we find. Where it may originate from or what language it may speak: it doesn’t matter. Publicizing details of large cyber-incidents and targeted attacks is the only way to make the cyberworld – and that means the world itself – safer. It’s for this reason that SAS was the platform used to divulge findings on ‘Stuxnet’s cousin’ Duqu (which secretly collected information on European industrial systems), Red October (a cyber-spy carrying out espionage on diplomatic missions in Europe, the U.S., and former Soviet republics), and OlympicDestroyer (a sophisticated APT that attempted to sabotage the Olympic Games in South Korea in 2018). And I know that this year’s SAS won’t be any different: cyber-buzz causing a huge stir – coming right up!…

SAS-2016 (Tenerife)

SAS has been put on in Croatia, Cyprus, Malaga, Cancun, Tenerife, Puerto Rico, the Dominican Republic and Saint Martin (i.e., including some repeats at our fave venues).

This year, seeing that SAS is all grown-up (this will be the 11^th event), we thought a few organizational adjustments might be appropriate, and here they are:

First, this year SAS will be put on… in a metropolis! But it’s not your dull city in any way: it’s still beside the seaside and it happens to be a ‘garden city’, no less . Yep, this year it’ll be in Singapore folks. Yeh! I’m very happy about that. I have a more than just a soft-spot for Singapore ).

Second, we’ve decided to open up SAS to a wider audience than usual. Normally it’s an invite-only, exclusive world-cyber-expert get-together. This time though – in line with our transparency drive – we’re making part of the conference open to anybody who may wish to participate. And we call it SAS Unplugged. Like MTV Unplugged – only SAS ).

Presentations, training sessions, workshops from leading experts – all included. So students, cybersecurity rookies, in fact – cybersecurity old-hands too – anyone who has a great interest in fighting cyberbaddies – get registering! And be quick about it – already some of the training sessions are fully booked up.

PS: I’ve been permitted to give you a teaser about one of the confirmed presentations. It’s by one of our own experts, Sergey Lozhkin, and it’s for sure going to be a corker. Curiously, it’s about one of the oldest forms of cybercrime, but old doesn’t mean irrelevant. Just the opposite. For the crooks engaging in it today are earning billions of dollars a year from it! What is it? Financial fraud, plain and simple – actually, not so simple, as Sergey will tell us. He’ll also tell us how it has evolved over the years, what digital identity theft is, how much a digital identity costs on the Darknet, what a ‘carder’ is, and more…

PPS: I can’t wait. I enjoyed last year’s SAS ever so much. So here’s looking forward to an even better SAS this year!

Welcome to SAS-2019!…

Many different cyber-professional events take place around the world every year. Out of all of them I have one special favorite – our own special one for cybersecurity analysts: SAS (Security Analyst Summit). And every year they just get better and better and bigger and bigger. This time we had 320 guests from 30+ countries – mostly from the Americas and Europe, but also seven experts from Australia, and participants from Singapore, Japan, Taiwan, Malaysia and Saudi Arabia. Representatives of large companies were in strong attendance as usual (from Microsoft, Google, Apple, Cisco, Sony, Honeywell, Cloudflare, Pfizer, SWIFT, Chevron, Citibank and others), but there were also folks from the cyber-police of different countries, plus government agencies and departments from the UK, Netherlands, Canada, France, China, South Korea, Switzerland, Austria, Romania and Kazakhstan. There were non-commercial and educational organizations (like, among others, the Electronic Frontier Foundation and the University of Texas, respectively). And a big thanks to our conference partners and sponsors, namely: Qintel, Avast, Telstra, Microsoft, ThreatBook, Talos, Security Week and Threatpost. In short, folks from all over and from diverse fields, demonstrating the degree of trust in and respect for our company.

Like me, SAS likes to travel the world, avoiding the large Congress centers of big boring cities, preferring instead stunning exotic locations with a warm climate and in the immediate vicinity of warm ocean.

SAS has been held in Croatia, Cyprus and Malaga on the Mediterranean; in Mexico’s Cancun in 2012 and 2015; on the Spanish island of Tenerife; and the Dominican Republic, Puerto Rico and St. Maarten in the Caribbean. And here we are once again back in Cancun for this, our 10^th SAS! Hooray!

It all began in the year 2009. 60 guests – 55 of which were KL staff! – each sharing their notes on research and experience in cybersecurity. Those humble beginnings quickly grew into large-scale industry events with more than 300 high-level delegates (only ~30% of which were from KL). This year’s event was extra special because of the jubilee, and the participants didn’t seem disappointed…

Read on…

A long time ago, in the prehistoric digital era, in a world of big trees while we were a mere bonsai, we started throwing a yearly conference for a select few of the most forward-thinking experts in information security. We christened it the Security Analyst Summit (SAS for short), and right from the get-go we wanted to make it the best event of its kind in the world. And when I say best, I mean both in terms of content:

…And in terms of a relaxed and fun atmosphere:

And to make the best even more memorable for all who take part in it, we traditionally throw SAS at a location with among the most unbearable conditions in the world. That is, always next to beach in a tropical clime :-).

Read on: Example…

Every February several hundred of the world’s top IT security experts gather in a sunny beach resort, be it in the Americas, Europe, Asia, or just off the coast of Western Africa. But they don’t go for the sun, per se. Or the beach. Or the beach-bar cocktails. They go… to fight cyber-swine! At least, that’s what they attempt to tell their loved ones when they disappear for a week in Feb to this year’s chosen idyllic paradise.

And this year’s idyllic paradise was the Canary Islands – chosen for, you guessed it, the Security Analyst Summit (SAS), our annual special pow-wow for IT security gurus. SAS brings together InfoSec big guns from different companies, with different specializations, from all over the globe, to basically just chew the fat, sometimes formally – mostly informally – in air-conditioned basement conference halls – and on sun loungers on the beach (oops, the secret’s out for those loved ones:) – in order to help more folks understand the where and how and why of IT threats by exchanging expert know-how and experience.

Read on: The world is NOT doomed…