This presentation will explore the evolution of cybercrime business models, including the emergence of Malware-as-a-service (MaaS) and Ransomware-as-a-service (RaaS) platforms, as well as credential markets and the latest trends in tailored corporate access and credential stuffing attacks.

It will also cover cutting-edge developments in the cybercrime space, such as the use of anonymity browsers and 2FA bypass methods. These techniques enable cybercriminals to evade detection and bypass two-factor authentication measures, which have traditionally been a strong defense against cyberattacks. Another key trend in the cybercrime space is the increasing targeting of corporations, with cybercriminals selling tailored access to corporate networks and launching credential-stuffing attacks. These attacks are highly effective, as they rely on the use of stolen login credentials, which are often weak or reused across multiple accounts.

Overall, the presentation will provide valuable insights into the evolving business models of cybercriminals and the latest techniques being used to launch cyberattacks. Attendees will gain a deeper understanding of the cybercrime landscape and the steps they can take to protect themselves and their organizations against cyber threats.

The year 2023 is predicted to be the most profitable year for cybercriminals through large-scale attacks. Especially a growing number of supply chain attacks became appealing for threat actors in this field, as they realised the scope of the attacks done through supply chain attacks and small points of access. 

Some cases, such as Kaseya, SolarWinds, and Colonial Pipeline, and vulnerabilities (e.g. Log4j) also attracted the attention of threat actors – by showing them the ways to succeed in this type of attack chain. Threat actors saw those attacks as an opportunity to further use them in 2023. For example, one of the threat groups that discovered this window of opportunity was TA551 and their collaborators. 

During this talk, the attendees can expect the following questions to be answered: How do the TA551 and their partners operate supply chain attacks? Which tools, techniques, and procedures do they use? Which countries and what type of institutions are being targeted?

On average 80%-90% of the components of today’s software are open source software (OSS). This presentation will discuss OSS supply chain security, including the most common attacks and countermeasures against them. It will especially focus on the work being done by the Linux Foundation Open Source Security Foundation (OpenSSF) to improve OSS supply chain security, including Supply chain Levels for Software Artifacts (SLSA), concise guides, education, scorecards, best practices badge, sigstore (for digital signing and verification), and giving multi-factor authentication (MFA) tokens to some widely-used OSS projects.

Software systems are ever-growing in size and complexity while being rife with vulnerabilities. Patches and defenses are continuously deployed, but the software attack surface is extremely large and attackers invariably find ways to gain a persistent foothold. An effective way to end the arms race between vulnerabilities and defense tools is by isolating the software using trusted hardware. With such isolation, what is the least amount of code that needs to be bug-free to securely run user applications? At the moment, even after using trusted hardware, this number can be upwards of a few million lines of code. Can we do any better?

In this talk, I will present a foundational approach to safeguard applications against large and potentially buggy software using trusted hardware.