Terbium Labs attended the first CyberThreat event this week, hosted in the UK and intended to bring together Europe’s technical cyber security community. While exhibiting, we had the opportunity to have a number of interesting conversations with fellow attendees. It was a great crowd, composed primarily of practitioners, and spanned the full breadth of cyber defense and incident response disciplines.
Located in London’s EQII Conference Center, the event was hosted by the National Cyber Security Centre and SANS Institute. In addition to talks from cyber security practitioners CyberThreat 2018 also featured plenty of hands-on opportunities for delegates in the form of capture the flag events, team problem solving, and a substantial retro gaming area. (At least one of us could be found at the N64 during more than one break.)
Many attendees had the new European General Data Protection Regulation (GDPR) on their minds, and wanted to discuss its implications for their risk management and dark web monitoring priorities. It was interesting to get the perspectives of a diverse audience, from a cyber insurance underwriter to law enforcement, with the common theme emerging that companies are not yet sure how to properly protect their data in a new era in which that data cannot be shared, and must be more carefully monitored for exposure.
We did escape the booth for a few sessions, too, with some highlight talks from a dark web perspective being:
- Kevin Breen, Head of Content at Immersive Labs, discussed his findings on Pastebin in “Hunting Pastebin for Fun and for Profit,” in which he overviewed the vast amount of data dumped to Pastebin and other paste sites on a daily basis—some maliciously, some accidentally—and the vulnerabilities exposed as a consequence of even seemingly limited personal or corporate data which may be leaked.
- Jason Smart and Rachel Mullan, who work together on threat intelligence at PricewaterhouseCoopers, discussed their investigation into one of the largest sustained espionage campaigns focused on the supply chain, how they tracked the actor, and the aftereffects of publicly reporting on the process.
With our recent expansion into the European market, it was an honor to have a presence at the first CyberThreat Summit, being a part of the community and gleaning insights from the conversations. We look forward to participating in future ones and returning to the UK and Europe in the upcoming months!