News
PHDays 2022: cyberart is at risk. Again
Collectors no longer store works of art in safes—galleries and museums are now no less secure than the most impenetrable vaults. But can criminals steal a painting without leaving home? PHDays 2022 in May will see a revamped edition of The Standoff Digital Art: intrepid researchers will again try to steal cryptomasterpieces right there in the metaverse, while forum guests will be able to visit London without leaving Moscow. Last year can be safely called the year of NFT. Trade on the NFT art market reached $41 billion, coming close to the traditional art market. Tokens allow everyone to become owners of unique items. When artists, especially during lockdown, had new opportunities to sell their works, cybercriminals came knocking: phishing and exploitation of smart contract vulnerabilities are now all too common in the NTF sphere.Experts do not rule out the emergence of new methods of fraud in this market.
PHDays 2022 contests: ML techniques, ATM hacking, and IDS bypass
The pandemic was followed by a real epidemic of cyberattacks, making the PHDays forum more relevant than ever in the new reality. As ever, there won’t be a dull moment. In addition to in-depth talks on information security, you will witness The Standoff cyberbattle, while the wide range of contests will not only keep you entertained, but deliver new knowledge and valuable experience. The competitions are open to all interested researchers. You can take part online or offline. Last year, there were a lot of venturous participants: each of the five contests at PHDays X gathered dozens of information security enthusiasts—a total of more than 200 people. This time, we want to attract even more, so we have refined and updated the formats of our contests. Artificial intelligence (AI) technologies have already become a part of our lives. The kidding is over. Now that cybercriminals have started using deepfakes in their attacks, AI is no longer a gimmick, rather the source of new incidents, some curious, some terrifying. At the AI Track, participants will hear talks on the role of AI in security, as well as on the security of AI itself. AI experts will share their experience in using machine learning (ML) for protection, and researchers will talk about the risks of AI-based solutions. The AI CTF competition will acquaint information security specialists with various ML techniques and vulnerabilities in CTF gaming services. The tasks of varying difficulty levels will fascinate both experienced CTF players and beginners. In the Payment Village, you can try your hand at finding vulnerabilities in banking systems. Our experts will tell you about various payment devices and their protection flaws. After getting acquainted with the theory, you’ll have the chance to test the security system of a real ATM, cash register system, or POS terminal. Even those without their own laptop can still take part. At the IDS Bypass stand, you can put a real network protection system through its paces. Not only will participants have to find weaknesses in six services and get flags for fulfilling certain conditions, but also bypass an intrusion detection system (IDS), which allows traffic through and blocks attempted network attacks. Vulnerable services are selected so that competitors focus their efforts on bypassing the IDS, and the number of possible solutions is unlimited. Such contests have been chosen for a reason. Cybercriminals, with their rich imagination, can weaponize any payment terminal, allowing them to attack banks and cardholders alike. And as the boom in biometrics continues, we can expect ever more deepfakes and other AI-related challenges in the near future. The PHDays 2022 program does not end there. Far from it. HackerToon, an experimental animation festival, and the final of the first All-Russian open-source project competition for schoolchildren and students await forum visitors and participants. In addition, music will feature heavily at PHDays: the finalists of the Positive Wave festival will perform, and a well-known Russian musician will play AI-composed tracks. The co-organizer of PHDays 2022 is InnoSTage Group, a key cybersecurity player. The business partners of the forum are Rostelecom-Solar, a national provider of information security services and technologies; MONT, a distributor of software for any business; and Security Vision, a developer of cybersecurity solutions. The partners of PHDays 2022 are Axoft, Fortis, ICL System Technologies, InfoWatch, MARVEL Distribution, R-Vision, Azbuka Vkusa, Gazinformservice, and Pangeo Radar.
Positive Hack Days 2022 to take place on May 18–19
New Year has arrived, which means that the cyberindustry's most eagerly awaited event is already on the horizon: the Positive Hack Days international practical cybersecurity forum, held annually since 2011. This year's event will take place on May 18–19 at the now traditional venue of the World Trade Center Moscow. For those unable to attend in person, an online broadcast of all talks and presentations will be available. PHDays is a meeting place for hackers, security researchers, key experts, opinion leaders, business heads, government officials, scientists, journalists, and more. Here we not only discuss the latest tech challenges and cybersecurity research, but unwrap the most pressing issues facing business and government, and ways to solve them through information security. Past headliners include: legendary cryptographer Bruce Schneier, co-developer of the FaceDancer tool for USB emulation Travis Goodspeed, co-creator of the concept of public key cryptography Whitfield Diffie, and Embedded Security Lead at NVIDIA Alexander Matrosov. Last year's anniversary event brought together more than 2,500 guests, and over 35,000 people tuned in to the forum and The Standoff cyberbattle online. The PHDays formula is time-tested and unchanged: a vast testing ground for experiment, unique insight and expertise, professional on-topic conversations, informal communication with hackers, and lots and lots of practical drills—a place where eyes sparkle with the thrill of discovery. As in previous years, the eleventh PHDays conference will provide its own surprises, united by the general theme of this year's forum, which we will announce in the near future. Participants can look forward to a rich program of contests, developed by leading cybersecurity experts. The contests are an important part of the event, helping to visualize the infosec threats around us. Our traditional mix of open-to-all contests includes: legally attacking a payment system, hacking a smart contract, learning about machine-learning techniques in game-based CTF services, and testing them for robustness. All you need is a laptop, curiosity, and passion. Observe attacks by ethical hackers on a virtual city-state at The Standoff, cyberrange, where the world's largest open cyberbattle will once again unfold. In November, 65,000 people worldwide followed the cyberspace clash between attackers and defenders. Ten powerful teams of white-hat hackers spent 35 hours non-stop testing the robustness of the city-state's systems. This year's confrontation will feature all-new tasks and targets, corresponding fully to the realities of the current threat climate and corporate infrastructure. Forum participants will earn recognition from colleagues and make useful contacts in an informal setting—the reports and presentations will be seen by thousands of infosec stars from around the globe. Anything goes at the forum: if you have a cybersecurity report on a burning topic that you want to share, just submit an application. Anyone can be a speaker: from budding specialists to established pros. You have until March 1 to apply. The program committee will consider all submissions by April 1. Watch this space for more details of the new PHDays forum and The Standoff cyberdrills. In the meantime, get your applications in and mark May 18–19, 2022, in your calendars. See you at PHDays 2022!
Testing the security of the virtual state: The Standoff returns on November 9–10, 2021
This fall, a major cyberbattle will erupt at Moscow's VDNKh Exhibition Center. If the black-hat hackers win the two-day clash, the entire state of F will be plunged into chaos. The bravest companies in industry, retail, and finance will test the robustness of their systems. Our task is to protect the virtual state and learn how to thwart attacks in real life. The world's largest cybertraining, featuring an expanded business and technical program, will be held in hybrid format. Now The Standoff is more than a virtual city—it is a whole country, where we will simulate the technological and business processes of real companies from steel and chemical industries, energy, transport and logistics, and municipal services. There, organizations can test their in-house systems: analyze the level of security, trace typical cyberattack chains, correctly verify unacceptable events and their consequences, and assess potential damage. In 2020, held separately from the Positive Hack Days Forum, the world's largest open cyberbattle moved up a gear. The event was watched live on air by 20,000 captivated viewers. The defending and attacking teams comprise experts from real companies and independent security researchers from across the globe. The Standoff will present an opportunity for them to hone their skills and, in just a few days, gain unique cyberconfrontation experience. In ordinary life, this would take years. The Standoff is not only a thrilling and dynamic cyberbattle, but also a platform for dialog about information security. It is here that world-renowned experts, including professionals from Cyber R&D Lab, Hack In The Box, Positive Technologies, and other international companies, pool their vast knowhow. We consider and debate how the cybersecurity industry will evolve. And if that wasn't exciting enough, we also hold contests for participants. The dramatic rise in the number of cyberthreats in Russia and worldwide requires new security solutions. Together with leading infosec experts, we will take a no-nonsense, no-preaching look at the latest cybersecurity challenges and protection methods. We will talk about pressing business problems, develop the important dialog with the government on import substitution, discuss prospects for investing in cybersecurity, and explain how rising cybercrime affects the investment appeal of the industry. See you at The Standoff!
Breaking AI: writeups of AI CTF tasks at PHDays 10
We keep elaborating on the topic of AI security and risks and, for PHDays (phdays.com), we put together a track with talks and organized a CTF competition for cybersecurity experts, which addresses the risks of AI. In this article, we will tell you about the competition: what tasks were there and how everything went. AI CTF has taken place before, and we already published the last description of the format and tasks on Habr.
Breaking AI: writeups of AI CTF tasks at PHDays 10
We keep elaborating on the topic of AI security and risks and, for PHDays (phdays.com), we put together a track with talks and organized a CTF competition for cybersecurity experts, which addresses the risks of AI. In this article, we will tell you about the competition: what tasks were there and how everything went. AI CTF has taken place before, and we already published the last description of the format and tasks on Habr.
A city's electricity and oil production are knocked out, and a container falls onto a barge — PHDays 10 has concluded
The reviews of the jubilee PHDays 10 are in, and attendees are calling it dazzling and invigorating, much like the weather in mid-May. Nothing was out of place on-site: jackets, T-shirts, and even the Russian minister of digital development were spotted. This was much more just than a gathering of over 2,500 information security specialists who had grown tired of being isolated during the pandemic. More than 20,000 people in different countries logged on to watch the forum and the action at The Standoff, the world's largest cyber-range. We talked candidly about important topics, brand-new technologies and approaches, geopolitical issues, business headaches, investor hopes, and troubles encountered by private users. We demonstrated how hackers are able to cripple the modern city, and we presented a methodology to protect against such damage that is nothing short of revolutionary.
The first day of PHDays 10: who blew up the gas distribution station, who deleted information about fines, and how to protect against unacceptable damage
May 20 saw the beginning of Positive Hack Days 10, an international forum on practical security organized by Positive Technologies and Innostage. On the first day, dozens of talks, round tables, and hands-on labs were held at the WTC Moscow. There is news about The Standoff, the largest open cyberbattle—accidents have been added to scams and leaks, and the city’s infrastructure has already been badly damaged by the attackers. However, threats such as a railroad accident have not yet been implemented. There is one day left. It will all end on May 21, but for now let’s summarize the interim results. On Thursday, the True0xA3 team caused an explosion (in the cyber-range’s terms, the risk was triggered) at the Tube company’s gas distribution station, which serves several urban infrastructure facilities. As a result, the gas supply to the city was cut off. The attackers continued to compromise the IT systems of Heavy Ship Logistics, the city’s largest transport company, which serves the airport, railroad, and seaport. The most popular activity was scamming the train ticket system (at the time of this writing, the teams SPbCTF, TSARKA, True0xA3 were involved). A little earlier, Codeby caused a malfunction in the passenger registration system, and an hour later Invuls disrupted the passenger information system. The Codeby team obtained access to a commercial proposal from Nuft, a large regional corporation involved in the extraction and processing of petroleum products. As a result, a major tender for the company was disrupted. The same team deleted information about citizens’ fines in the computer system of 25 Hours, which recently won a tender to modernize and manage the traffic light network. The citizens are happy, but the treasury is out of half a billion. If the management of 25 Hours does not take measures to prevent similar incidents, then the city officials may reject their incompetent cooperation. The folks from True0xA3 once again became interested in the FairMarket retail chain. This time they changed the price tags in the ERP system. Codeby repeated the True0xA3 team’s efforts to coerce the store into illegal alcohol sales by breaking into the store’s ERP system and removing a special excisable product mark from hard liquor items. Several teams succeeded in leaking the personal data of employees and stealing strategic documents. By the 56th hour of the battle, True0xA3 was in the lead, with Codeby in second place, and SPbCTF in third. Many well-known cybersecurity experts spoke at the forum at the same time. «PHDays: The Origin» — the beginning of a major common cause In information security, the most important thing is practice, says Boris Simis, Deputy CEO of Business Development at Positive Technologies: «The manager of one of the partner companies, whose employees worked at SOC for The Standoff in the fall, suggested increasing the specialists’ salaries, since they saw in seven days as many attacks as they might have observed in five—seven years. This allowed them to essentially ascend to another professional level,» Boris recalled during the round table «About PHDays, and why we hold it.» Denis Korablev, Product Director at Positive Technologies, admitted that he had never imagined two writers writing books together. «However, the new task (the practical implementation of Information Security 2.0) taught us to combine the strengths of the development teams into a single whole and to stop thinking in terms of individual products and niches. The work was herculean, and someday we will write a book about it, which we must do together,» said Denis Korablev. «All these years, many companies and people have been working on PHDays, investing their knowledge and their soul, and providing equipment and products,» said Boris Simis. «But this year, for the first time, we have a full-fledged co-organizer, Innostage, and we are extremely grateful to them for that. We also invite other companies to be co-organizers. We want PHDays to become a common cause.» How Tinkoff started antifraud development
Food stores and air ticket systems raided by hackers in Moscow—The Standoff cyber-range is in full steam
The contentions at The Standoff cyber-range are at their equator now, after two days out of four. Digital twins of real retail stores, airport, railway, seaport, traffic light system, power plant, chemical plant, and oil terminal are continually attacked by competing teams. In parallel, lectures are presented by our guests, some of whom contribute to defending the city model. The international forum Positive Hack Days begins on May 20 to end on Friday, together with The Standoff. By Wednesday evening, the attackers gained access to a point-of-sale terminal of the cyber-range’s retail network and "purchased" 68,950 rubles worth of alcohol at 100% discount against a real till slip. They hit the store’s ERP system and managed to remove the special excisable product mark from the hard liquor items, which resulted in withdrawal of the selling license for the products. The hackers also accessed personal data of the outlet’s staff and clients and stole some strategic documents. The transportation industry facilities were truly bombarded by hackers. Several teams were able to defraud the ticket selling system of the transportation company Heavy Ship Logistics, which serves the airport, railway, and seaport. One team gained access to the operations data. So far other facilities prove more robust. The petroleum production and refining corporation Nuft had its "Loss of massive contract due to bid theft" risk triggered by the team True0xA3. The same team has sent the Tube company’s plans to take over the advertising market down the drain: they hacked into the Tube CEO’s computer, stole information about the forthcoming deal, and sold it to rivals. Tube shares fell to a record low. 25 Hours, a commercial real estate complex and amusement park management company, and the city’s energy operator Big Bro Group are still going strong, but the situation can change any minute.
thrEat reSearch Camp: large defensive track at PHDays
Initially, PHDays was centered around attacks, vulnerabilities, and hack techniques. However, we think that it is equally important to pay attention to cyberattack protection methods. Starting from 2019, a large technical defensive track called thrEat reSearch Camp has been organized at the forum along with the offensive track. As was planned by the Positive Technologies Expert Security Center (PT ESC), this track became a platform for defensive experts to share their experience. During the two days, experts will discuss new APT campaigns, share effective methods and tools for detecting incidents, darkweb monitoring, and open sources’ analysis. They will also pick apart complex malware. Elmar Nabigaev, Deputy Director of PT Expert Security Center and Head of the thrEat reSearch Camp program committee explains: «Cyberattacks can affect even top public officials and present an acute risk for any company. However, as before, very few people know how to deal with cyberattacks effectively. Our platform continues to be a space where experts share their opinion and knowledge on current threats and protection methods.» Oleg Skulkin, Senior Digital Forensic Analyst at Group-IB, will give a talk in which he will explain how to stop analyzing ransomware and start collecting actionable CTI data for your team. Alexey Pronin, CISO at RBK.money, will talk about tactics and techniques hackers use to attack financial institutions, ways of penetrating the company’s internal information systems, and protection methods. Sergey Golovanov, Principal Security Researcher at Kaspersky, will talk about the most impressive incident response activities over the past two years—with a focus on APT and analysis of fashionable, stylish, modern virtual and remote infrastructure. It is but a small part of our rich program. Keep an eye on the news at the forum’s site. The forum's co-organizer Innostage will deploy and maintain The Standoff's infrastructure, monitor and control the teams' actions. Rostelecom-Solar, a Russian provider of information security services and technologies, has become a business partner of the forum. PHDays technology partners: Russian private grocery chain Azbuka vkusa, e-payment service RBK.money, and e-banking software developer iSimpleLab. PHDays exhibitors: Axoft, CrossTech Solutions Group, ICL, OCS Distribution, R-Vision, Security Vision, and Jet Infosystems. ARinteg will be partner of the forum's contest program.