NDC Oslo 2021 Keynote: Unicorn Hunting - Mikko Hypponen

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] it's great to be back in oslo's spectrum it has been a difficult time for everyone which makes this extra special more than 1500 people purchased thank you to this year's winter edition that's simply amazing thank you so much for coming thank you to all our speakers who's traveled in from there on far we really appreciate you being able to participate in this year's ndc of low to all our fantastic partners thanks for sticking with us through this you rock these are awesome companies there's a few remote talks at the conference but you won't even notice it we've got high-end webex equipment in the roof thanks to our amazing partner cisco please remember to evaluate the sessions red no yellow yeah green yay what you can't find a seat no problem check out the overflow area where you can watch live streams of all our session rooms viewer discretion is advised [Music] all sessions are recorded and made available after the conference check out our youtube channel don't forget to download the official ndc conferences app it's available both on android and ios oslo city council recommends that we use facebook when it's hard to keep distance it's a small measure to take to keep everyone safe also please remember to avoid hand gestures such as handshakes hugs and kisses the old elbow or hand of the chest is a much better greeting at this time and much more [Music] appropriate also remember that we have food at the expo feel free to grab whatever you want whenever you want remember the code of conduct be nice to each other and if you have a problem reach out to the ndc team we have tried to get this keynote speaker for years please welcome award-winning security researcher mikko hipponen [Music] hello ndc my name hey well hello there we go good my name is mikko i come from helsinki when i was 22 years old i was a young software developer working for a project for an important customer for a porcelain factory i was writing a product information database that they would use to build i don't know cups and plates and porcelain stuff i was assigned to the project as the previous leader left the project was over time underfunded it was a lot of work and i was working with the cto of the porcelain factory who was a really tough guy he hated that the project was late he didn't really trust my abilities to make it make it to the end so after a couple of months after i was working on the project the cto called me and said you know i want to have a meeting tomorrow you come and show us what you have we're worried about the project so i did what you do as a 22 year old coder i pulled an all-nighter i tried to tie all the loose ends to be ready for the meeting and ready for the demo the meeting was in the afternoon i finished the last little things throughout the morning then i backed my back boarded a tram and did the 45 minute ride across helsinki to the factory and there we sat in the meeting room there was the cto he was already angry and then the cto's team and a big crt screen and a windows pc for me to install the application and show where we are i open up my back and then i realize that i've already screwed up the meeting because when i backed my bags at the office i left the floppy in the drive and for those of you in the audience who have no idea what i mean the year we're speaking about is 1991. so this is the usb thumb drive of the 1991 users no internet there's no other way for me to get the files i need except to go back to the office and get the goddamn floppy from the goddamn floppy drive and this is what i tell the cto that you know i'm sorry but i forgot the floppy i can't do the demo and now he's 100 certain that i'm just stalling that i don't have anything to show that this is just an excuse and i try to explain it no no i i really do have the software it does work i just don't have it with me and he says okay fine you go and get the goddamn flop you will wait right here in the meeting room while you get it and i said okay i'll go and get it but it's going to take an hour and a half because i have to take the 45-minute tram ride and then come back and he hands me his car keys and said okay you take my car you get the goddamn floppy will wait so i go outside i find the car brand new saab 9000 coupe turbo nice car and i'm a bit nervous and i drive on the streets of helsinki and i crash the car i told this story to a small group of people a couple of years ago and there was this young lady who who listened to it and then she asked me that holy hell mikko like how did you ever get another job in the industry after that and it was really nice that i was able to tell her that you know what i didn't i didn't get another job after that because the company where i was working at in 1991 was called data fellows which did a lot of different things but eventually it focused on one thing only which was security so much so that eventually the company renamed itself from data fellows to f-secure which is where i still work today over 30 years later so i never got another job i'm still at the same company and i think it's important to think about our failures because we all have failures what we do about failures is we learn from them and i learned a lot from that specific lesson in the very beginning of my career and through these 30 years f-secure has become one of the largest security companies from europe the whole industry has completely changed there was no information security or cyber security industry back then at all now it's a multi-billion dollar industry our worlds have completely changed internet revolution has changed the world more than any other technological revolution in history the world is changing around us now faster than ever before for the last year and a half i've been thinking about this a lot because it's been the pandemic there's been a lot of down time i spent the time writing a book i had a book about the waves of the internet revolution come out last month i wish you could read this but you can't because it's in finnish then again finnish isn't very hard i mean it's true you come to helsinki even small children speak finnish how hard could it be it's going to be released internationally next year maybe then it's going to be easier for you to read but in this book i i think a lot about the changes we've seen what what really has happened over the last 30 years and what's going to happen over the next 30 years and the thing about big technological revolutions is that it's hard to see them when you are in the middle of them it's hard for us to really understand what's happening around us because we are in the middle of all of this and it's maybe a bit easier to see all of this if we take a step back and imagine that someone in the far future is writing a history book about our time imagine someone living in the year 2500 writing a history book about the early 2000s about us about our generations well what's the first thing that he or she would mention about us the first thing he or she would mention about us would be that these were the first people who started using the internet these were the first generations that started living their lives in both real world and in the online world in two different places mankind has walked the planet for a hundred thousand years living only in the real world and we are the first ones who live in two different places so what internet really does is that it takes away geography it takes away geography takes away distance it takes away borders and this has great implications which are both good and bad the internet is the best thing which has happened during our time and it's the worst thing which has happened during our time when you think about all the upsides all the new business models we have all the new connectivity all the new forms of entertainment it's great it's excellent i love the internet and then when you think about the downsides in 1991 in my home country of finland there was 114 bank robberies physical bank robberies robbers going into banks with guns stealing cash 114 of them in that one year only the last time we had a physical bank robbery was almost 10 years ago they've gone away of course because there's no more banks banks don't have physical offices anymore the few physical offices they have those don't have cash so of course there's no bank robberies anymore instead we see online bank robberies banking trojans keyloggers stealing credit card numbers attacks into cryptocurrency exchanges and the difference between these crimes is that the bank robbers who went into bank offices with guns were living in finland they were finnish robbers they were coming from nearby areas and when we look at online bank robberies they are not coming from nearby areas they are coming from the other side of the planet because geography has disappeared and as geography disappears it has great implications for us humans because humans are social animals we are animals and we are social animals we like to be with other people we like to exchange ideas this is why we go to i don't know conferences we like to meet and exchange ideas we like to be around people who are like us who think like we think and then when geography disappeared as internet revolution happened this changed us a lot and it changed the world more for minorities and here when i speak about minorities i i mean minorities with a very very wide range all kinds of minorities so let's say for example that you had a really rare hobby before the internet if you had a really rare hobby it was likely that you were the only person in your neighborhood only person in your town which had that hobby let's pick a hobby let's say you collect model steam trains if you collected model steam trains before the internet you likely didn't know anyone who had the same hobby then the internet comes around and you will find all these forums and discussion groups and mailing lists and social networks with people from all over the world who share your hobby you get support you get the feeling of belonging it's excellent it's great that's the upside then we have the downside not just people with productive hobbies find support people with destructive things in their mind find support as well extremists terrorists people contemplating suicide people thinking about doing a school shooting these will also find the same kind of support they will also find the discussion groups the forums the social media environments it's a trade-off we get great benefits we get great downsides we get all of this great connectivity we can be on 24 hours a day we can access the world it's like the hitchhike hitchhiker's guide to galaxy in our pockets excellent and the trade-off that we have no privacy before the internet when you wanted to have a private discussion the whole term private discussion meant that you and someone else would go somewhere and you would talk with each other no one else would know today when we speak about private discussions that's the word we use or the term we use for things like sending a private message over facebook or whatsapp or social media which means it's a private discussion between you your friend and facebook it's now three persons or three entities mark zuckerberg you and your friend are having a private discussion this is what has changed privacy died privacy died our time privacy died during our watch we you and me we killed privacy people before our time had privacy the future generations will not have privacy and there's nothing we can do to undo this anymore we can't live our lives without technology anymore when technology is good enough when it's useful enough it becomes mandatory now with digital technologies and with the internet we're not there yet we're close but we're not exactly there yet if the internet goes down and stays down it's pretty bad it's really expensive it's pretty painful it's a massive nuisance but we will survive as societies will go on if i don't know all cloud services go down and stay down for years it's going to be really really bad but i don't think people will die or very few people will die so we are financially relying on connectivity like this but as societies we're not there yet if we look at some other technologies we have become completely reliant on them and there a good example is electricity electricity and electric grids and we we think now nowadays very easily that electricity has been around forever and it hasn't most countries got their first electricity grids 150 years ago 150 years well it's a long time but it's not that a long time to become completely reliant on technology and of course today we are as societies we can't continue functioning without a functioning electric grid we need it if electricity goes down it's pretty bad but typically it's only down for a very short while short blackouts couple of minutes maybe a couple of hours after a big storm maybe a couple of days which is bad but survivable but imagine something more drastic like a solar storm which takes out electricity on the whole planet for a decade well we won't survive well not all of us will survive why because we can't feed our people sure some of us will survive fine we'll go and farm land by ourselves but clearly we can't support the whole society and make food for everybody in today's situation without electricity we haven't prepared our societies for that we've become dependent on electricity and this my friends this is what we are deciding right now with connectivity we are dependent on electricity we are becoming dependent on connectivity and we are the generation that's making this change in 20 years 30 years connectivity will be as mandatory as electricity in fact i'll claim that one day we will see a day when a connectivity cut will also cut power obviously right now it works the other way around if we lose power routers won't work we will be offline one day when we're offline that's going to cut power and you might wonder that what the hell is he speaking about but just mark my words eventually this will happen yeah it's going to take a while but it will happen so does this mean that we shouldn't embrace new technologies because we are going to become dependent on these technologies well no no it doesn't you see we could have made the call 150 years ago and say that you know this electricity is pretty neat but if we start using it everywhere then we won't be able to live without it and that would have been the wrong choice clearly it was the right choice to embrace electricity and electric grids even though we are now reliant on them but if you look at all the benefits we've been gaining from electricity and electric rates for 150 years the upsides are much much bigger than the fact that we are now reliant on it and exactly the same thing will apply to connectivity but it's good to realize that we are now making this choice and we are making this choice for future generations to come connectivity will be mandatory we already see this in smaller connectivity blackouts last month when facebook went down that was a good example and i'm not speaking about facebook and whatsapp and instagram.com being down no i'm speaking about the problems this cost for the rest of the network the internet works remarkably well considering that it's running on tcp ip technology which is 50 years old but when for example whatsapp.com did not resolve to an ip address that caused massive problems for other services you see there's literally billions of phones on this planet with whatsapp installed and i'm not exaggerating billions of phones on this planet have whatsapp installed all of those phones were regularly querying the dns servers what's the ip address for whatsapp.com and the answer they get is error which means they'll ask again again again billions of phones doing this which means the load on dns servers according to cloudflare inc increased by 300 fold which means the rest of the network suffered the rest of the network was slower during the six hours that facebook was down like twitter was lower because facebook was down it did work but it was slower the internet is remarkably durable but it of course can't stand forever it can't take all the hits and there are possible attacks which could take it down the biggest thing which is in my opinion keeping internet up and running is that there's very few attackers which are interested in taking down the internet i've spent my working career first as a developer then as a researcher then as a malware analyst then as a reverse engineer but over the last couple of years i've spent most of my time tracking the online criminal gangs trying to understand where the attacks are coming from who are the people creating the online attacks who are they what's their name where do they live who are the people in these gangs what are the motives what kind of attacks do they do what kind of malware do they run what kind of malware campaigns do they operate how do they recruit how do they move their money around also what kind of nation-state activity do we see what are the most active intelligence agencies what do different militaries do and when i look at the different attackers i don't see any attacker which would be interested in crashing the internet like crashing the whole net you see criminals don't want to crush the net the last thing they want because they're making tons and tons of money with online crime why would they want to crash the system that makes them all if the internet is down they make no money so criminals are not interested in attacking internet infrastructure itself spies or intelligence agencies same thing they love the internet it's the best thing ever for them you see before the internet spying meant collecting information and information used to be physical it used to be something you could touch it used to be on paper so if you wanted to steal this piece of information you had to go to this paper to steal it or copy it you had to physically go to it and of course now you don't because nowadays all information is data and you can reach it from anywhere on the planet they don't want to crash the internet the only groups that i could imagine which would like to crash the internet would be extremists or terrorists and they don't seem to have the skills to do it and these problems don't just apply to our computers more and more of the things that we operate are something else than traditional computers and i'm not here only speaking about iot and smart devices it's a bigger picture than that eventually anything that uses electricity will be online as well everything that we plug into the electricity grid will also be in the online grid and this means that we are forever more adding complexity to our world and that's most likely the most important lesson i've learned over my 30 years in the business complexity is the enemy of security complexity is the enemy of security the more complex our systems are the harder they are to secure it's pretty obvious the more code you have the more room you have for bugs the more bugs you have the more vulnerabilities you have and if you agree then the solution should be really easy and really obvious we should be removing complexity which means every new version of every software would be simpler and smaller there's a new update to my app which removes these and these features excellent and as you know this never happens in fact we're doing exactly the opposite we're adding more code more functions more routines more protocols more complexity i'm speaking with microsoft guys a couple of years ago i was going to say two years ago but of course now you have to add a year and a half always so i think three and a half years ago spoke with a guy who runs the internal github at microsoft and he told me that windows is built from an internal github instance which has 5.7 million source code files files not lines of code files what how many how is that even possible i wonder if there are any bugs in any of those 5.7 million lines of code actually makes you wonder it doesn't it's it's quite remarkable so 5.7 million source code files is a great example on how we are not ready using complexity we are adding complexity and it's not just computers that we're adding this complexity in like i said everything we plug in to electricity grid we will eventually be plugging into the online grid as well and i'm nowadays much more worried about stupid devices than smart devices yes i am the father of the hook bannon law which says that if it's smart it's vulnerable which is a very simple and a very pessimistic law but it's also true as we add functionality and connectivity to existing devices they become smart devices which also means they become vulnerable if you think about a wristwatch mechanical wristwatch that you have to wind well how did you hack that well you don't because there's nothing to hack there's no connectivity there's no code there's nothing and then you look at a smartwatch which is online how do you hack that well there's tons of ways it might be hard to hack but of course it is hackable but it's not just these smart devices as it becomes cheaper and cheaper to put things online eventually everything will be online and things that we now use like smart devices smart fridges or smart tvs are online because we consumers want them to be online we get benefits for them being online it's kind of nice when you're inside a shop and you don't remember if you have milk in the fridge that you can open the app and look inside of your fridge because it's a smart fridge with cameras that's nice i can totally see why people do that i don't have a smart fridge myself but i can see why people buy them but eventually as connectivity becomes cheap enough everything will be online everything will go online and these things will go online not to give benefits to you and me but to give benefits to the manufacturers they like to know where you are where the consumers who use their their kitchen mixers are how often do they use them how often do these kitchen mixers fail or catch fire how many customers do we have in oslo how many customers in trondheim how many customers in stockholm or helsinki that's data and that's valuable data and that's why they want to collect it and we've all heard the saying that data is the new oil and i kind of agree if you work with data you have to worry about data leaks if you work with oil you have to worry about oil leaks sure oil is valuable data is valuable but i think an even better comparison would be that oil sure that works but even better would be uranium so data is the new uranium you see uranium is even more valuable the price of one kilo of uranium is somewhere between the price of silver and gold it's really valuable and it's really dangerous and it stays dangerous for a very long time and all of these apply to data as well a year ago we had a really bad security incident in finland the single biggest crime in history of my country 25 000 twenty five thousand five hundred crime reports were filed with the law enforcement twenty five thousand victims it's hard to imagine a crime which would have twenty five thousand victims unless it's an online crime how would you even do a real world crime with twenty five thousand victims this is the vast dharma incident hack of finnish private psychology therapy center where the attacker stole the therapist's notes notes of people speaking with their therapists speaking about private things speaking things about how do they really feel about people near them about their families their neighbors their spouses their bosses their children all of these notes were stolen and the attacker was blackmailing the patients that if you don't pay me bitcoins i'm going to leak these notes to the internet an unusually cruel and unusually cold attacker and this is a great example on how data is uranium like those therapist notes are the kind of data that we should be able to handle securely keep them available and useful and usable but keep them secured encrypted and backed up for how long for as long as anyone in the notes anyone who's mentioned in the notes is alive so that's going to be a hundred years how the hell do we do that have we even realized what a challenge it is to keep large amounts of data accessible but secured for 100 years i don't think we have really understood how hard this is data is in many ways like uranium more like oil more uranium than oil and as connectivity breaks down surprisingly things also break down not just things around our house but also things like grocery stores around our towns the supply chain attack that we saw three months ago affecting grocery stores in the nordics which were forced to close down their doors until they were forced to open up their doors to let people in to get strawberries for free because it's cheaper to give them out for free than to throw them away clearly pretty expensive attacks or hardware stores closing down their stores why did these kind of things happen who made the mistake here well these stores did nothing wrong no in fact they had done the smart thing they had outsourced the part of their security that they couldn't do by themselves in this case they had outsourced the security of their cashier systems they had realized that handling the security of these critical systems is not our core competence we should leave this to professionals and they had hired managed security service provider companies to handle that part of their network which was the right decision the smart decision all right so what mistake did these managed security service providers mssps do which caused this well nothing they were using a factory standard remote management software to manage these cashier systems and that system got hacked that system got hacked because they had an unknown vulnerability in their systems and somehow the russian reveal ransomware gang gained access to this vulnerability found its way inside the provider's network through there through mssp systems and from there to the end clients systems so how did this russian gang get this zero-day vulnerability which was used for this attack well we don't actually know but we do know that vulnerabilities like this are traded in the underground they're bought and sold in the internet underground in tor hidden service forums they can be pretty expensive but you can buy them and price is not a problem five years ago i invented a new term cybercrime unicorns yes cybercrime unicorns and yes unicorns here is a reference to unicorn companies private unlisted technology companies valued at over a billion dollars in in value so five years ago i started thinking if we one day we'll see cybercrime gangs which should be considered to be unicorns which would hold wealth of over a billion dollars and five years ago this seemed like a bit far-fetched but maybe possible so we've wrote a paper about this we even did a cartoon about this like this the examples of unicorn companies are used five years ago were companies like uber or airbnb or spotify none of which are unicorns anymore because they've all become public companies since today unicorn companies would be companies like klarna or walt or reddit or spacex and the bad news is that in these five years cybercrime unicorns have become a reality they exist they exist now and today here in 2021. there's multiple cybercrime gangs which we think i think should be considered to be unicorns massively wealthy holding massive amounts of wealth and there's two reasons why this has become a reality reason number one is that these ransomware gangs operating these league sites hacking into companies are making more money than ever before the prices that they've been collecting with the ransom payments has increased every year year by year for the last five years and it's not just ransomware gangs the amount of money being stolen by bec attacks that's business email compromise attacks or ceo attacks has also been increasing as well as money made with blackmailing attacks including denial of service blackmailing attacks so that's one reason the money they make has increased but it doesn't explain unicorns it makes them wealthy but not that wealthy the thing that explains the rest of it is that cyber crime gangs don't like to keep their wealth in euros or dollars or crooner or pounds or rubles or juan's no they prefer cryptocurrencies bitcoin monero zed cash five years ago when i invented the term we knew of several gangs which had the wealth of around 10 million dollars the value of one bitcoin five years ago was five hundred dollars today the value of one bitcoin is fifty five thousand dollars more than a hundred fold increase which means all they had to do to become unicorns is nothing if they had 10 million dollars in bitcoin five years ago they have a billion in bitcoin today so what do cyber crime unicorns do with their money how do they spend their money outside the obvious which is buying lamborghinis this is the evil corp gang driving around moscow and by the way not all cyber crime gangs are russian this is very important not all cyber crime gangs are from russia no because some of them are from ukraine that's a joke not really so after they've bought their lambos how do they actually invest in their own attacks well they run professional data centers they run their own support teams they hire their own management they start to resemble traditional real world organized crime gangs more and more by structure they hire lawyers they seem to be hiring business analysts why would a ransomware gang or another type of cyber crime gang hire business analysts well this makes perfect sense one of the big challenges ransomware gangs have been having is that how big a ransom should we be asking from this company and this has been problematic for them because we've seen them really go haywire they hack some hospital and then they ask for millions of euros in ransom which clearly the hospital can never pay and then they hack some i don't know enterprise publicly listed massively company and ask for a hundred thousand when they clearly could have asked for much more so the solution is hire business analysts still bookkeeping files the first thing they do is that they go through financial records and a business analyst working for a cyber crime gang can tell exactly how much they should be asking like here's how much cash they have short term loans financing we should be asking this company for two million hundred and fifty two thousand dollars that's what they can pay us tomorrow which makes negotiations with these gangs much much harder and by the way there are professional hostage ransomware negotiators which do this they negotiate the ransoms with these gangs and these gangs with this wealth can also start competing for skill with us the main reason in my opinion why most of the cyber crime attacks have been coming from from more or less developing countries is that when you have a combination of people with skill but with no opportunities you end up with criminals this is a bad combination people with skills but without opportunities end up in the life of crime if the easiest way for you to make a lot of money is to go into life of crime that's what you do and that's not the easiest thing to make a lot of money for people living in in the west like if you are a developer if you know networking if you know protocols if you know full stack you can get a really nice job without breaking the law and it's not nice to break the law it's much nicer living legally you don't have to watch behind your back all the time however if you have the same skill set and you're living somewhere in the middle of siberia or countryside of china or slums of sao paulo the easiest way for you to make a lot of money is to go into life of crime now as we are fighting gangs which have more and more money they can start fighting for skill set with salaries and i'm not just suggesting that they would try to hire professional developers that you know come to the dark side will double your salary kind of idea what we're seeing is is this this is the website of a security company called bastion secure a penetration testing company hiring pen testers globally looking for top skill paying very generous salaries and supporting remote work all workers are remote you join this company you get a briefing you get joined into the company and then your job is to do penetration testing this company has ordered a penetration test from us please try breaking into their network and then write a report on how you got in and as you might guess bastion secure doesn't exist it's not a real company this is the fin 7 russian cybercrime gang using a front end to hire pen testers or technical experts hoping that they don't realize that they're not really working for a security company but they're working for a russian organized crime gang well if we are now living in the age of cyber crime unicorns i'm happy to report that over the last couple of weeks we have clearly entered the unicorn hunting season it's time for unicorn hunting we saw this change happening pretty much after presidents biden and putin had a meeting after that meeting seven eight weeks ago there's been multiple arrests the kind of law enforcement action that we haven't seen for years and years most of the russian cyber crime gangs are not really protected by the russian government they're not part of the russian government they're just tolerated or ignored because the victims are not in russia victims are far away in other countries why would the local law enforcement care about criminals who just hit victims somewhere far away and of course the attackers avoid local targets on purpose of course that's how you avoid the attention of local law enforcement and this has now started changing we've seen multiple arrests in russia multiple arrests in ukraine multiple arrests in poland multiple arrests even in mainland china over the last couple of weeks which is great this is what we want to see and the best news is two weeks ago the u.s state department announced a reward of 10 million us dollars for information leading to the arrest of members of the dark side russian ransomware gang group this is great because this starts to eat these groups from inside members of these groups start to consider whether they should go and talk to get 10 million dollars they maybe they should drop their friends to us law enforcement because then they get protection for themselves and they get 10 million dollars you create a paranoid environment inside these ransomware gangs which is exactly what we want to do we want to create a paranoid environment inside ransomware gangs because it's been years and years that these gangs called the shots and now it's about time that we start calling the shots ransomware gangs have had the upper hand they've been building a brand for almost 10 years the first bitcoin ransomware attack started eight years ago and when i say that they've been building a brand that's exactly what i mean they've been building a brand they've been investing into a brand this is why you know groups like reveal or dark side by name some of you know ruik or conti or klopp they have names they have logos they have websites they give interviews to newspapers because they need a brand they need a scary brand brand that you will realize when your company gets hit that holy hell this is rival oh like this is the gang that i've read about and if we don't pay the ransom they will leak our files but then again you also know then by reputation that you know if we pay the ransom then they will deliver what they promise then they won't leak our files and we will get our files back so at least they are i don't know honest criminals they want a reputation where the old existing victims are sort of happy with the service no yeah we got hit by ransomware it was pretty bad then we paid 2 million 152 000 in ransom and we got a decryption key you couldn't decrypt all the files but they had a support department which helped us yeah five out of five would recommend and with this we changed the game now we are calling the shots and 10 million dollars is the same amount of money that the u.s state department has been offering for isis and al qaeda terrorist leaders so this is how seriously they take the problem now outside of criminal gangs i also mentioned nation states intelligence agencies and militaries and that is another problem altogether you see when we shift our attention from groups that are trying to make money into groups that are not trying to make money everything changes and by the way take a look at this guy's march i've seen the norwegian army march it doesn't look like this it doesn't look like this at all so as governments enter the picture the game rules change they're not trying to make money they are either trying to do spying or intelligence gathering or they're trying to do sabotage the word we always hear when we speak about governmental attacks is cyber war cyber war cyber war is picking up cyber weapons are everywhere and the fact is most of these attacks have nothing to do with war in fact most of them are about intelligence gathering or sabotage such as the attacks we saw the russian government do against this building right here in the hague this is the headquarters of the organization for the prohibition of chemical weapons which a group of russian governmental officers were trying to hack from their car parked outside of this building by trying to access the wi-fi network on the next week after this crippled poisoning incident in the united kingdom as the samples of the poison were being analyzed inside of this building that kind of attacks is that war no that's either governmental sabotage or governmental spying or when we saw the not petya incident which probably originally was an act of war because it was deployed by russian government targeting ukrainian targets during a real war during the russia-ukraine war well that probably was an act of war but then the weapon escaped the battlefield and ended up in systems of companies which had nothing to do with russia and nothing to do with ukraine like marsk from denmark they just happened to have offices in kiev in ukraine and as this attack targeting ukrainian targets wrecked havoc inside ukraine it escaped through the internal masked network hitting targets in 51 countries around the world in the mosque network was this an act of war maybe maybe not but some acts really should be defined as acts of war like the fact that in conflicts we've seen attacks against electrical systems including the infamous attack against ricardo oblango which is the provider for electricity grid connectivity around ukraine which was attacked with a word document word document containing a malicious macro which was opened by one of the operators operating the operating the electric grid on the same system where he had the control panels he was using word and clicking on the enable content button to be able to read the file he received which was booby trap end result 250 000 people lost electricity in the middle of december in ukraine and it gets pretty cold in ukraine in december so what's the future where are we headed well we've been using machine learning in defense systems for around 16 years at our company we started building first machine learning systems for defense in 2005 16 years ago for 16 years we've been waiting for the enemy for the attackers to start using machine learning and we haven't seen it yet we haven't seen online attacks which would use machine learning for example to launch malware attacks where malware would detect how it's being stopped and would rewrite its own code to escape detection better which is totally doable but simply hasn't happened yet or phishing attacks which evolve and learn what kind of attacks work better and modify their themselves automatically all of this could be done it simply hasn't been done yet but now in this new world of cyber crime unicorns it's becoming more likely every day that the attackers will have the skills and will be able to recruit the people to do attacks like this it's going to happen in the near future it simply hasn't happened yet and then when we look at a bit further future where are we headed in the long run well i think that's pretty easy for us to see you just look at what's been happening over the last 30 years or 50 years technology becomes cheaper and cheaper connectivity becomes cheaper and cheaper processing power becomes cheaper and cheaper storage becomes cheaper and cheaper which means eventually maybe during our lifetime we have access to unlimited processing power practically unlimited protesting power the way i'd like to think about this imagine that you would be given the biggest possible aws instance practically unlimited processing power unlimited ram unlimited storage unlimited bandwidth it's an interesting way to think about it like what would you do what kind of systems would you build if there would be no limits and of course all of this would be free prices have been plummeting for 30 years they will continue plummeting now of course i don't mean this literally and of course someone will also always claim that regardless of how many resources you have someone will build an edr system which will use all the resources sure but this is the direction where we're going to a limitless future where everything is free or close to free practically free which means the only limitation we have will be our imagination that's the future where we're heading so what happened with the personal in factory and with the saab i crashed well i went back to the meeting it didn't go well but the project finished and it finished on time and the factory started using the database application i built for them the last time i was in contact with the factory was in 2012 nine years ago they were still using the application i haven't dared to be in touch with them since i hope they're not using it anymore and the security situation around us might look grim but it's mostly looking grim because we only see the failures there's tons of success stories all around us we just don't hear about them heroic i.t departments which patch just in time to prevent an attacker from gaining access or group of security experts seeing a breach and kicking out the attacker just in time and when that happens that means that there won't be any headlines no one will know successes are invisible failures are highly visible when a company gets hacked it's in the headlines when a company does not get hacked it's not there's much more success stories than we ever see and rarely is anyone thanked for stopping a disaster which didn't happen rarely is anyone thanked for stopping a disaster which didn't happen you very much [Applause] thank you thanks thank you you

Info

Channel: NDC Conferences

Views: 2,847

Rating: undefined out of 5

Keywords:

Id: F8CHii240WA

Channel Id: undefined

Length: 69min 15sec (4155 seconds)

Published: Wed Dec 01 2021