3110, 2016

DeepSec 2016 Talk: Insider Threat: Profiling, Intent and Motivations of White Collar Offenders – Ulrike Hugl

Sanna/ October 31, 2016/ Conference, Security

Malicious insider threat is not only a security- or technical-oriented issue, mainly it’s a behavioural one, says Prof. Ulrike Hugl. Insiders are so-called ‘trusted’ or privileged employees, very often with legitimate access to the organization’s systems, and they are hard to catch. Furthermore, it is difficult to find appropriate predictive factors and prevention and detection measures. In fact, based on new technical developments and opportunities, data theft has become much easier these days: Mobile trends like BYOD, the increased ability to work from home, access to the organization’s systems when on the road, cloud services with related security vulnerabilities for example, as well as more and more malware opportunities have increased the potential of related attacks. Other main security obstacles and trigger factors inside and outside an organization may be, to name a few, a

Read More

0910, 2015

DeepSec 2015 Talk: DDoS – Barbarians at the Gate(way) – Dave Lewis

Sanna/ October 9, 2015/ Conference, Internet, Security

There really is strength in numbers. It’s true for Big Data, high performance computing, cryptography, social media, and flooding the Internet with packets. The latter has been the method of choice for activists, „cyber“ warriors and criminals alike. Network interdiction (as military minds may call it) or Distributed Denial of Service (DDoS) attacks can be hard to counter due to the many sources of the attacking devices. Full pipes are full, no matter what you do. While you can deploy reverse proxies or rely on content distribution networks, the attack still persists. Packets keep coming until the sources are shut down. Flooding someone’s network is not a sophisticated attack. It’s gets the job done, it may be complex by nature, but it is not a stealth exploit sitting in your local network without being

Read More