Young Minds Prepare For #SS18 Hack

April 21, 2018



Author: Alastair Waldeck, Head of Marketing (Snode)

 

A group of motivated young men and women gathered in the offices of The Business Clinic in Johannesburg CBD early on Saturday morning for the 2nd Annual #SS18Hack Ideathon.

The Ideathon provided these aspiring cybersecurity and IT professionals with an opportunity to meet and greet with some of the top minds in the industry as well as to learn a thing or two from the four main workshops presented on the day. The Ideathon serves as pre-selection event for the larger, main event; the #SS18 Hackathon which will be held at Vodaworld in Midrand on the 22-23 May.

The day began with an introduction from Mr Lucky Litelu (Executive Chairman and CEO of ICRD GROUP) and the sponsorship team of Tiyani Ngonyama (COO, Geekulcha), Allyson Towle (Senior Conference Director, ITWeb Events) and Alastair Waldeck (Head of Marketing, Snode).

Our first speaker of the day was Ridewaan Hanslo from the CSIR who gave the attendees a comprehensive overview of Web App Security by providing several examples of different types of attacks, attackers, interactive examples how to practically identify and prevent these attacks as well as how to ensure that your next application is created with security as a priority.

Second up was our very own Founder and CEO, Nithen Naidoo. He provided an introduction to the AI and Infosec industry by discussing the latest tools and methods within the cybersecurity and data analytics industry as well as how to analyse vast quantities of data in real-time in order to pull various insights, detect anomalies and trends and to be able to predict and defend against ever-evolving cyberattacks.

After a quick break where the guys were able to refuel, get to know one another, ask questions and discuss ideas with the presenters, sponsors and other attendees, we returned to our seats for the 3rd workshop of the day.

Francois Mouton from the CSIR was up next. Francois gave us a presentation on Ethical Hacking with a focus on his speciality, social engineering. By providing us with some simple, everyday examples of how human’s inherent trust can be our own downfall, he made us realise how simple a cyberattack can really be and how our perception of a cybercriminal being a person in a hoodie hiding behind a laptop is far from the truth.

Last, but certainly not least, Kimoon Kim from Siatik spoke us through the concepts of Big Data and Machine Learning. By focusing on powerful platforms that are readily available for us to use such as Google Cloud and BigQuery, the attendees discovered how to easily analyse all their data, regardless of size, in real-time.

The rest of the day was spent brainstorming ideas, absorbing even more information and inspiration from the mentors and speakers, and coming up with ideas that will not only take them through to the next round in Midrand, but also to potentially win them top spot at the #SS18 Hackathon later next month!

The top three teams with the ideas that showed most potential were:

  1. - Bro-Coders
  2. - CleverKleva
  3. - TechnoGeeks
  4. - A special mention went to team Nosey.

We look forward to seeing everyone again in a month’s time and would like to thank all the sponsors and speakers for their involvement in making this event successful!

 

Sponsors for the event: Snode, ITWeb, Geekulcha, The Business Clinic, Northern Cape Department of Economic Development and Tourism.

Previous

Re-invented Zeus malware Terdot, defied explanation, but cannot defeat detection

December 6, 2017

Author: Nithen Naidoo, Founder and CEO (Snode)   During October 2017, Snode's cybersecurity platform (Guardian) found an increasing trend in SA networks being infected by the well-known Zeus malware. Although the Zeus Trojan (discovered back in July 2007) is still considered one of the most prolific malware variants affecting the Internet today; the retro plague perplexed our analysts. The finding’s fallacy is that most (if not all) traditional anti-malware controls today can reliably defend against the Zeus malware threat. At the time, we could not explain how a 10-year-old Trojan was (as reported by our learning machine) effortlessly propagating through large SA corporate networks; unhindered and undetected. A fitting explanation was later provided courtesy of the global security technology firm, Bitdefender. Bitdefender’s researchers released a paper (mid November 2017) on the discovery of a new “Zeus inspired” Trojan, called Terdot. A surprising insight from their research is that they first discovered the Trojan in October 2016; which highlights a challenge in our machine-assisted analytics. You see, the machine-learnt Zeus malware's "pattern of behaviour" was now mimicked by Terdot. As a matter of fact, Snode's learning machine could only learn to accurately identify Terdot, by unlearning everything it knew about the Zeus malware. Hence why our learning machine is augmented by our (human) analysts as it allowed us to reliably distinguish between these two malware variants. Now, it is not often that a cybersecurity vendor will openly discuss the flaws in their machine learning and pattern recognition software. However, at Snode we do not build software, we deliver solutions (and we value transparency). This is why our machine-assisted analytics is backed by (and never delivered without) our human intelligence. Something to keep in mind, if you believe that AI-supported threat detection (neural network based pattern recognition) software will transcend your security posture to a cybersecurity nirvana, it won't, at least not yet. However, by enhancing your posture with such technology (defence in depth), you wont get trapped in a false sense of security, solely relying on the latest antivirus signatures to save you. Keep in mind that Terdot, was circulating in the wild for an entire year without signature-based detection. I would like to thank and give credit to the Bitdefender Research Labs for making the Terdot discovery. For more information, you can find the full research paper here.

Next

Proof: SA Is First In Line For Emerging Advanced Attacks

May 21, 2018

Author: Alastair Waldeck, Head of Marketing (Snode)   In an article published by ITWeb last week, Nithen Naidoo (Snode Founder and CEO) stated that South Africa is often first in line for newly emerging, advanced attacks. Developing economies such as Bangladesh, Vietnam and South Africa are viewed as soft, and lucrative, targets by organised crime syndicates with highly advanced cyber capabilities due to the fact that they have not made the same kind of security investments as their developed nation counterparts. One of the interesting findings mentioned in the article was the increasing trend of Snode clients being affected by an old "commercial-grade" Trojan called FinSpy, which was widely reported in 2013. "The malware is not necessarily new but the attack vectors to deliver the malware are new and quite advanced. This is similar to the Terdot malware, which delivered the old Zeus Trojan.", stated Naidoo. At the same time we were detecting this type of activity within our SA client base, AlienVault’s Open Threat Exchange (OTX) reported the discovery of a new version of FinFisher, a malware that is currently evading notice and leveraging social media to threaten critics in Turkey and beyond. It is specifically coded in order to appear as simple criminal malware, however there are several forensic artefacts which provide a clear indication that the agent identified is in fact FinSpy. The most substantial change in this latest version when compared to the original FinSpy malware is the steps it has taken to address the failures that led to the original software’s discovery and acknowledgement by security researchers. FinSpy infects its targets by redirecting the user, when downloading an application, to a version of an application that is infected with the FinFisher malware. This then allows the attacker to perform several activities such as live surveillance through webcams and microphones, keylogging, and exfiltration of files. The fact that this trend of the new, emerging FinFisher malware was detected by the Snode Guardian Cybersecurity Platform at the same time as organisations abroad is proof that South Africa is indeed a prime target for new and advanced cyberattacks. The need for South African organisations to not only ensure that they have adequate security measures in place to detect, prevent and respond against these attacks but also to share their threat intelligence and disclose when and how they are being attacked, is now more crucial than ever. In this ever-changing technological landscape, organisations are forced to find new ways to increase their security posture and minimise their risk. The Snode Guardian cybersecurity platform utilises learning machines, mathematics, and a synergy between both human and artificial intelligence (Intelligence Amplification) to monitor, detect and proactively respond to all threats on every device within your network, from traditional network devices through to BYOD, cloud and IoT devices. Naidoo will be presenting at the upcoming ITWeb Security Summit, and delegates attending his talk will learn about the emerging threats we see in Snode's South African client environments, as well as the key issues affecting the majority of its South African clients. He will also discuss the defence strategies clients have used that best address these issues. The ITWeb Security Summit is southern Africa’s definitive conference and expo for information security, IT and business professionals. This year, over 70 expert speakers will deliver key insights across 7 tracks, including workshops and training courses during the expanded 5-day event. The ITWeb Security Summit will be staged at Vodacom World, Midrand, from 22 – 23 May 2018; and CTICC Cape Town on 29 May 2018. Focused and interactive workshops as well as in-depth training courses will be run in the days around the main conference and exhibition. For more information, go to www.securitysummit.co.za. For information on Security Summit Cape Town, click here.