SAS@home Virtual Summit Showcases New Threat Intel, Industry Changes

The free online conference, scheduled for April 28-30, will feature top security researchers from across the industry.

As the COVID-19 pandemic continues to force in-person cybersecurity event cancellations, Kaspersky is forging ahead with a virtual security summit, SAS@home.

Topics on the agenda include threat intel on advanced persistent threats (APTs), new vulnerability research, and topics related to a post-crisis world – such as how the industry is changing because of the pandemic.

The online conference, scheduled for April 28-30, is meant to complement the firm’s annual Security Analyst Summit (SAS). The in-person SAS event was originally scheduled for April in Barcelona, and will now take place in November – with SAS@home providing an opportunity for community to come together and share insights and research in the meantime.

Experts from across the IT security industry will present three days of knowledge sharing, pecha-kucha moments, “fireside chats” and Master Class training sessions. The sessions will be presented live, free to all participants via the ON24 webinar platform, with on-demand replays available after the fact. The event will run each day from 11 a.m. to 1 p.m. ET.

“[Attendees] will enjoy a unique opportunity to chat online and learn from some of the world’s leading cybersecurity researchers and influencers in a welcoming atmosphere, while also taking a deep dive into a top-notch program of topical presentations typical for the regular SAS,” Kaspersky said in a media statement.

Presentations will cover new, unpublished research as well as the latest evolutions of known trends. For instance, “Hiding in Plain Sight: An APT Comes into a Market” on Tuesday will feature Kaspersky researchers Alexey Firsh and Lev Pikman opening the kimono on previously undisclosed threat intelligence regarding a nation-state cybercriminal group.

Meanwhile, “Zero-day Exploits of Operation WizardOpium,” also on Tuesday, will feature Kaspersky researchers Anton Ivanov and Boris Larin offering a deep dive and new information regarding the weapons arsenal of a sophisticated threat group. The group shares characteristics with known APTs like DarkHotel and Lazarus Group – but have evaded any serious attribution attempts. WizardOpium attacks were seen in November using a zero-day for Google’s Chrome browser (CVE-2019-13720) and in December exploiting yet another to gain elevation-of-privilege (CVE-2019-1458) on targets as well as to escape the Chrome process sandbox.

Also of note in the agenda are presentations from third-party researchers, including Joe FitzPatrick, researcher with Securing Hardware; Ryan Naraine, director of security strategy at Intel; Sounil Yu, CISO in residence at YL Ventures; and Alex Frappier, director of strategic partnerships with the CanCyber Foundation. Other third-party speakers are to be announced.

FitzPatrick, who spoke at last year’s SAS event in Singapore, will use his session on Tuesday, “Hardware Hacking Under Quarantine,” to show off almost a dozen unique avenues where an attacker might access PCI express interfaces in a computer’s hardware in order to mount a direct memory access (DMA) attack on the target system.

“Up to this point the majority of the research has been done against laptop, desktop and server systems through full-size PCI express ports or Thunderbolt ports,” FitzPatrick told Threatpost. “I quickly show a bunch of places, including on smaller embedded devices, where this can also be done.”

FitzPatrick’s session will be in a pecha-kucha 20×20 presentation format, where the speaker shows 20 images, each for 20 seconds, to tell a 400-second story with visuals guiding the way. Another pecha-kucha presentation will come from Kaspersky’s David Jacoby, who also spoke at last year’s event. For SAS@home, he’ll be presenting on “How Does COVID-19 Affect the Internet?” on Wednesday.

CanCyber’s Frappier meanwhile will be giving a deep-dive training Master Class on Thursday on the importance of body language. Specifically, he’ll be discussing how red teams can use an understanding of nonverbal cues as a way to increase their chances of success while making impersonation or “vishing” attacks.

Frappier told Threatpost that the subject is important in the context of today’s threat landscape given that falling for social-engineering attacks is an enduring issue, and at the same time, video has become an important communication avenue in today’s challenging times.

“We have a difficult time reading people, and our adversaries are aware of this,” he told Threatpost. “Yet, this is a two-way street. Better reading and understanding of the nonverbal will make us better at detecting important threats. Better encoding for our nonverbal message will allow us to become better communicators. We will get our message across and will get buy-in from managers and commercial partners.”

As for the other planned sessions, Intel’s Naraine will offer a Tuesday fireside chat on what cybersecurity could look like in a post-crisis world, on the other side of the pandemic. Kaspersky’s Costin Raiu meanwhile will offer another Master Class (topic to be determined) on Wednesday; and on Thursday, Igor Kuznetsov of Kaspersky will present a session on “Static Binary Analysis: The Essentials.”

The agenda will also feature a few surprise guests, according to conference organizers.

You can keep up with the event via Threatpost, which will be providing daily reports on the virtual conference.

Worried about your cloud security in the work-from-home era? On April 23 at 2 p.m. ET, join DivvyCloud and Threatpost for a FREE webinar, A Practical Guide to Securing the Cloud in the Face of Crisis. Get exclusive research insights and critical, advanced takeaways on how to avoid cloud disruption and chaos in the face of COVID-19 – and during all times of crisis. Please register here for this sponsored webinar.


Suggested articles