Live from the RSA conference. GitGuardian Developer advocate recaps Tom Kellermann's presentation at the RSA conference which covers V4 4 of the modern-day bank heist report published by VMware, which looks at how attacks on the financial sector have changed. This presentation looks at how the Covid-19 pandemic has changed criminal organizations and how attacks on financial assets are now targeting information, not financial assets.
all right we are back at the rsa conference here for day two and uh straight away it's been a pretty awesome day and i want to talk to you about a fantastic presentation that we just came out this one was from tom kellerman from vmware now tom is a very prestigious guy in the world of cyber security sits on many different uh forums and advisory boards including a in the secret service and this is talk was all about the modern day bank heist the title was called escalation from heist to hostage so basically uh robin banks in the modern era and the talk was every bit as cool as that title made it sound so before we start so this talk was actually based on a report that vmware bring out every year so if you want to read the report i will leave a link to the to the public area where you can download that but uh i want to share with you the high level takeaways in my kind of commentary uh over what uh tom said and certainly certainly one of my favorite talks so far so let's get stuck in okay so key takeaway so what i i said is based on a report so 126 sizos were were interviewed in this and sharing some a pretty uh uh pretty in-depth uh knowledge which is kind of rare in this crowd so it's great to see a report that brings us out one of the major takeaways i guess like the headline that you want is a 400 increase in cyber security now i usually like to stay away from hyperbolic statements of fear-mongering in cyber security but if you're tom kellerman you can and you can back up statements like this which you can then it's okay so this is obviously a huge increase in security uh threats that we're facing and 400 percent of basically what these top level security executives have been feeling from and this has been a massive increase in the financial area in particular from rogue nation states as tom was saying so a lot of people don't uh really understand but places like rogue states like north korea actually do bank eyes they do this through uh cyber security they've actually conducted north korea allegedly uh was responsible for the largest bank heist in the world they aimed to seal two billion dollars i think they ended up getting away with 80 million uh but that's a story for another day so this is actually something that's kind of been increasing these attacks from rogue uh rogue nations which is pretty much trying to combat these uh the tariffs that are being put on them and other measures that uh countries are placing on these states so it's becoming from this criminal world where you can't imagine you know 30 years ago a bank robber being held up as this national icon but as tom was saying these people are now considered you know almost patriotic heroes of the country these criminals conducting this and the financial sector we know is the best protected area but it faces the most well-prepared adversaries as tom was saying now one of the most interesting things that he said in this talk is the shift that the pandemic has brought on so what he said is that the pandemic really hurt traditional crime so when you're talking about smuggling and drugs and these other organized crime sectors that the pandemic hurt just like other businesses hurt them uh significantly so then we saw this shift into cybercrime and what kind of was the second-class citizens of cybercrime what tom said actually came forward and i found this really interesting because it's not our perspective of course we saw an increase in cyber attacks but i wasn't really thinking of the cyber attacks of this really high level in the financial sector so interesting to see that and like everything with the pandemic it's going to be interesting to see if this continues or it's a you know a trend and will rotate back into traditional crime sounds weird so this here was absolutely the best fact from the talk the one that really made me uh kind of step back and say well 51 of saizo experienced attacks that targeted the head of strategy so remember we're talking about financial institutions here so so what does this mean so that stat may not mean a lot to you but if you think about it the attacks are targeting strategic people in the company because what the attackers know is that it's not the financial assets you know or capital that is of value it's the knowledge of where this company is going and their strategic inside uh kind of direction basically that knowledge of whether or not what could bring stock prices up or down and getting that knowledge this was crazy to me that uh attackers are so sophisticated that they're going on to that this really shows that this isn't kind of you know a teenager in the basement trying to hack into the bank no no this is very sophisticated uh cyber attacks that target targeting these financial sectors you know and targeting people to gain access to that information this was just a wild fact uh for me and to see that the the 51 uh of csos have experienced this it's crazy it's absolutely crazy all right now uh tom mentioned some best practices i don't want to plagiarize uh the report i just want to provide what i thought was really interesting and uh it's one thing that he said is that uh uh you know not to use messaging systems like slack if you're experiencing an attack use places like signal assume that everything has been compromised and i find this interesting because when i talk about discovering credentials inside organizations for that attack path i always talk about trying to get access to a slack channel because they're high value targets because developers often pass api keys database credentials inside slack channels and so this is really kind of kind of confirming that hey if you're experiencing something uh you know don't talk about the attack in places where the attack is probably listening assume that the listening in there thought that that was a really quite interesting uh take of it and and definitely something to consider all right uh now some other quite interesting uh good facts that tom talked about here was that he talked about going away from fort security and moving into the supermax security now i've talked about the fort uh modes where you build up the walls and insiders once an attacker comes in they can move literally between systems he went a bit further than saying that and what he talked about is that the supermax prisons weren't just built by the best prison architects they were built by psychologists uh uh cognitive psych yes cognitives and social psychologists because uh in these prison situations the kind of hostage scenarios or the prison takeovers start from the inside and he suggested that that's how we need to start thinking about security from this inside out perspective i thought that was really quite interesting because it's a take what we've probably all heard this before right you know the fort and the moat and you know insiders aren't a threat and outsiders can't get in but this is a whole nother uh kind of way of thinking about it is that okay like stopping something from building from the inside very interesting and the last takeaway that uh i want to leave that i took from this talk uh intruder suppression and uh hunting which means hunting and containing an adversary without them knowing well i was kind of thinking about okay this is this is one of those statements for it sounds really cool probably very difficult to do but something to think about and uh i i really liked the way that he thought about this it it made security uh in this financial sector sound incredibly fascinating and from it so uh again uh this is just a high levels from what uh tom's presentation was all about i highly recommend if you're in the rsa conference uh go watch that talk on the replay fantastic talk yeah you might need to listen to it a couple of time times i don't know how tom crammed so much information into there in such a short time but uh i think uh i had to watch it uh a couple of times i'm not ashamed to say uh and also check out that report if this is interesting certainly one of the best uh presentations that uh i've seen today and i'm gonna be coming back with some more videos of what i'm enjoying in the rs8 if you're at the rsa conference uh if you're loving something if you want to uh come talk to me about what what you're enjoying then reply in the comments and i'd love to hear from you guys alright thanks i'll see you soon