Day 2 – Wed June 12 2013:
11:30am – “Forensics”, hosted by Ron Plesco, managing director, cyber investigations/risk consulting, KPMG
Ron provided a great presentation. He walked the audience through a few examples of malware, how they work and how to detect and clean systems that have been infected (rebuild!). I really want to get the slides for this presentation. I will link to them here if/when I obtain them.
Ron started by giving an overview of Leprechaun Lite, which is a 2 year old malware package that is used to intercept banking info. He explained how it worked and he walked through an example of the malware capturing user data.
Ron summarized the best approach to stopping hackers: “Think like a hacker!” We (as in government, business infosec personnel, law enforcement, etc.) need to be skilled resources who think like hackers, not like PEN testers. That’s the only way we’re going to identify and fix threats before the damage is done.
Ron walked us through the investigation steps for an information security incident. The full steps are exhaustively highlighted in the National Institute of Standards and Technology’s (NIST) Computer Security Incident Handling Guide.
Overall, this was a fantastic presentation: plenty of great material, articulate and engaging speaker and interesting topic.