Thoughts from the IDC Security Roadshow in South Africa

Greetings from the IDC Security Roadshow in Johannesburg, South Africa! I am sitting here in the hotel lobby looking out at the Nelson Mandela Square listening to the explosive track from DJ Fresh – The Feeling (Ft. RaVaughn) (Metrik Remix), reflecting on the last couple of days and the discussions Ive had with various people.

I have been giving a few interviews and I was also presenting at the IDC security conference; my presentation is called The Diary of a Security Geek and it includes material from a one year long research project I have had. It basically contains observations made during these conferences and some really interesting facts on how security managers see IT security, how they prioritize and some interesting false perceptions on IT security and risks. I know that some of you might be interested in this research, so dont worry – I will publish my research at a later date and I will also be giving the same presentation on quite a few conferences around the world this year.

The presentation was very well received and I had some really interesting discussions afterwards. Maybe it is time to write another diary?

During the conference I also had the opportunity to listen to some interesting presentations. They included:

  • Mythbusting Converged Physical, Logical and Remote Access by Paul Anderson from Active Identity.
  • Stepping Away from Your Desk: Shifting Perspective And Going Mobile by Nader Henein from Research In Motion.
  • Security Privacy and Social Networking by Kovelin Naidoo from eBucks NFB
  • Securing The Next-Generation Enterprise by Ranjit Rajan from IDC

It was really interesting to see what some of the IT security companies out there are working on, and also some of the issues the CXO and other IT managers struggle with every day. Coming from a European country with fast Internet and suitable weather for building data centers, you get a different view on IT security.

When traveling the world and meeting all these interesting people it becomes really clear that IT security is not just a product, a service and a mindset; it can also be a cultural problem. For example, how do you enforce a security policy when people from different cultures simply have a different mindset on what constitutes confidential information, or about access rights? When, for example, the king of a country can make changes in the nations firewall rules? When certain religious views affect working hours?

IT security is not only a local problem for your organization, it is also a global problem because we are all connected with each other, and we rely on each others security. Im pretty sure that everyone who read this have heard about the saying: The security is only as secure as the weakest link. Today we share data with many different partners, and we simply have to rely on their security. To really build good security we all need to work together, share experiences and ideas. And speaking at conferences around the world provides a really good opportunity to share this information with everyone.

I had the opportunity to talk about this for a quick five minutes at Summit TV while I was down in South Africa. They have published the interview online and if you are keen to see it, just tune in here:

I hope to see you at a conference close to you and hear about your experience on this journey!

Thoughts from the IDC Security Roadshow in South Africa

Your email address will not be published. Required fields are marked *



Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox