We had the opportunity to speak with cyber security expert and Benelux Cyber Summit speaker, Benoit Maizi, CTI and Detection Engineer at HarfangLab, to find out a little more about him and his thoughts ahead of his talk at this year’s conference.
Read on below for the full interview!
What are we witnessing in this rapidly changing cyber landscape, and how can we as cyber professionals maintain a crucial edge? Can you share a success story of one of your clients who have embarked on this journey?
At HarfangLab we are seeing more and more reactivity on the threat actor’s part, especially in cybercrime. Attackers are now able to exploit new vulnerabilities in the matter of days, even hours in some cases.
They also work on their evasion techniques. As more organizations choose to integrate security tools such as EDRs, staying undetected for a cybercrime actor is proving to be harder. We are currently seeing a very interesting shift in their defense evasion tools, particularily in the usage of Bring Your Own Vulnerable Driver attacks that can be difficult to block if not prepared correctly.
As always, being attentive to these changes, following trusted sources of cybersecurity information and correctly use powerful security tools and solutions can help teams anticipate new attacks. Following these principles, we develop detection rules and capabilities daily and very often, see them detect new attacks, just days after the publication of a research article explaining a new attack vector/method.
It’s difficult to talk about a client journey in particular, because all of them are embarked when we update our detection rules within the product. It improves the reactivity of the detection in every endpoint.
What would you identify as the 3 key priorities for IT Security leaders this year?
- Offer the best working environment for IT analysts. Every organization has a talent gap regarding cybersecurity and optimizing their time, and offering them some tools and missions that will ease their work, so they can focus on their expertise is key. It will increase the performance, reduce the reactivity time, limit the overwhelms and help fighting against the modern threats that are more furtive and sophisticated.
- Next year, the NIS 2 directive will also come to application in Europe which involves a change in the current IT paradigm. As the cyber landscape is evolving quickly and the companies are more exposed and at risk than ever, this directive will aim at increasing the level of cyber resilience in Europe, but this also involves some work within IT departments to make sure they build a strong cybersecurity strategy accordingly to the European regulation.
- Trust. Because cybersecurity is a matter of trust since it’s supposed to protect the most vital and valuable data and information of the company. Trust is related to the tools, the working loads, but also the supply chain, the own employees. This comes with trainings, with governance, policies but also with the architecture and tools themselves. Everyone has a trust environment and some requirements when it comes to the privacy. Keeping a strategic autonomy regarding the editors and the tools both for operations and storage will be more and more important.
Last but not least, I would also say that governance and trainings will always be very important because all company members should be aware about cybersecurity, good practices and integrate cybersecurity into their jobs. Companies should have a strong cybersecurity culture which also involves including IT Leaders/IT decision makers to the whole business decision making processes.
As a conference’s sponsor, what are you going to be addressing in your talk this year?
In this talk, we will be talking about today’s cyber threat landscape and refer to some of the campaigns we’ve witnessed during the year, with cybercriminals getting more and more equipped with advanced tools and tactics to reach their target. If the attacking techniques remain in the area of cybercrime and indeed, are still pretty wide and opportunistic, the tools however, look like some we were used to see within APT actors. What does it mean? Mostly that businesses, from all size can today be victims of pretty sophisticated attacks, even if they are not particularly strategic or critical. As a cyber threat intelligence engineer, I have a vision on the trends and the changing faces of the cyberthreat landscape over time. Hence, I will also present some predictions on what should be the future of the threat ecosystem as well as give some advice to the companies, to address those risks.
What is one example of an attacking campaign that used the ‘modern tools’ you’ll be speaking about?
As mentioned earlier, I will be talking about the new usage of Windows kernel tools in cybercrime, a way for them to maintain an edge against security solutions.
A good example that will also be addressed during the talk is the Cuba ransomware, one of the first cybercrime group that used a Bring Your Own Vulnerable Driver attack to kill security solutions before deploying its final payload.
Catch Benoit at Benelux Cyber Summit on 14th – 15th November 2023 for his presentation: ‘Cybercrime Landscape in 2023: Modern Tools Borrowed from APTs, How to Protect Yourself and What to Expect in the Future?’! Join us for his session and enjoy live Q&As throughout the summit by registering for FREE online with code: CYBER-VIP at benelux.cyberseries.io/register/.
