A1 Cyber Attack 2020 – Lessons Learned
A1 is the biggest telecommunications provider and incumbent operator in Austria. I will briefly explain the major cyberattack against A1 in Austria and our response. The defense was very complex and took a lot of planning and preparation. On the one hand, we had to regain complete control of our office infrastructure, on the other […]
Unveiling “Lucid” – A Silent Enabler of Financial Fraud
Unveiling “Lucid” – A Silent Enabler of Financial Fraud Lucid is a rising but under-the-radar Phishing-as-a-Service (PhaaS) platform that’s quietly fueling large-scale financial fraud across the globe. Built by Chinese-speaking threat actors, it supports phishing campaigns targeting over 200 organizations in 80+ countries, enabling cybercriminals to steal payment card data with ease. The group stands […]
Researchers vs. Threat Actors in Cloud Attacks
Security researchers push the boundaries of what’s possible. (Nation-state) threat actors push the boundaries of what’s exploitable. In this talk, a cloud security researcher and a threat intelligence analyst team up to explore how cutting-edge cloud attack research is rapidly weaponized by espionage threat groups. We’ll walk through real-world examples where newly published techniques – […]
SBOM: beyond simply listing CVEs
Organizations need to manage cybersecurity risks in increasingly complex IT and OT infrastructures that are comprised of heterogeneous systems and services, both on-premise and in the cloud. Many of these components are produced or provided by third parties, exposing organizations to various risks that need to be carefully managed and mitigated (a.o. to prepare for […]
Succes & Failures in sharing data in pub-priv coalition
Share data in public – private collaboration, do analysis together and create and distribute the findings to all concerned organizations in the Netherlands. So we can make the Netherlands an unattractive target for digital attacks. Let’s change some organizational cultures, and develop, automate and secure the platform needed for this. Maybe we need some process […]
Hackers don’t break in, they log in
In 2025, the biggest threat to your organization may already be inside — not through an elaborate breach, but through a legitimate login. Infostealer malware has surged across the cybercrime landscape, quietly harvesting credentials from unsuspecting victims and feeding a booming underground market. This trend poses a serious and often underestimated risk to all kinds […]
Inside a CTI investigation
A deep dive into an investigation on a malicious infastructure, navigating using cyber threat intelligence frameworks to your advantage. How we navigated different sources of information and collaboration, to figure out what was the heck was going on.
Cognitive Readiness for Cyber Disruptions
Cyber disruptions are rarely clear-cut. Impact is often uncertain, timelines unclear, and threats evolve quickly. Teams must make decisions under pressure, ambiguity, and while suffering from fatigue. Yet, cybersecurity as a domain continues to underestimate the role of human performance capabilities and limitations in detection, response, and recovery. This talk introduces a cognitive readiness framework […]
Cybersecurity Techniques to Solve Fraud Problems
For the last decade, tier 1 financial institutions have been using cybersecurity teams, data, and technology to address the growing challenge of digitally-enabled fraud and abuse. This session introduces some of these approaches, including how to use data, machine learning / AI, and modified cybersecurity techniques to address fraud earlier and more effectively. Specific real-world […]
CYRA: Building Resilience & Trust in Supply Chains
In this session we explain the method of cyber rating – CYRA in short. CYRA has started with an IT module (based on ISO-27001) and the OT module (based on IEC-62443) has been added recently. In this session, we present CYRA – a cyber rating methodology designed to significantly improve digital resilience across critical supply […]
