Sherri Davidoff
CEO of LMG Security, co-author of "Ransomware and Cyber Extortion"
Actions
Sherri Davidoff is the CEO of LMG Security and the author of three books, including “Ransomware and Cyber Extortion” and “Data Breaches: Crisis and Opportunity.” As a recognized expert in cybersecurity, she has been called a “security badass” by the New York Times. Sherri has been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien.” She is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN) and received her degree in Computer Science and Electrical Engineering from MIT.
Zero-Day and Mass Supply Chain Attacks
The epidemic of zero-day exploits has led to widespread outages data breaches, especially when third- and fourth- party suppliers get hacked. Security teams have little visibility and often find out about vulnerabilities, exploits, and supplier compromises far too late. Moreover, when suppliers get hacked, responsibility for covering downstream response costs may be unclear, and insurance coverage is often limited at best.
For example, in the case of MoveIt, attackers exploited file transfer servers at PwC, E&Y and others, which created ripple effects for customers and THEIR customers. Similarly, in the case of Colonial Pipeline, the shutdown affected gas stations that had only indirect relationships with the victim.
In this fast-paced talk, we'll dissect real “next-gen” DFIR cases involving zero-day exploits and supplier compromises, including practical guidance for adapting your response processes to meet today’s global threats. This will include a walkthrough of the recent MoveIt zero-day exploits, as well as prior cases associated with the same attackers (the Clop ransomware gang). We’ll also review case studies such as Log4j, Exchange, Colonial Pipeline, and more.
We are on the precipice of seeing major changes to standard response best practices. All of us need to expand DFIR processes to account for mass 0-day exploits and supplier compromises. This includes strategies for threat intelligence, methods for obtaining early information about a potential incident, obtaining and vetting IoCs, risk evaluation strategies, and more. We also need to integrate threat hunting into response operations and prepare for potential unexpected law enforcement access to systems. Join us and get practical strategies for adapting your DFIR response best practices to reflect today’s increasingly interconnected threat landscape.
Ransomware: New Trends & Prevention Strategies
Ransomware gangs have gotten sneakier and more destructive. In response to highly-publicized law enforcement busts and more effective response techniques, criminals have developed novel tactics such as partial encryption strategies, which are designed to speed destruction and evade detection. In this fast-paced talk, the authors of the new book, “Ransomware and Cyber Extortion,” will demonstrate the latest techniques and provide critical guidance for protecting your organization. We’ll showcase:
* The latest attacker tactics used to spread more quickly and maximize impact, such as targeting hypervisors, partial encryption and more
* Videos and screenshots of an actual ransomware infection in the lab
* Current evasion trends, such as living off the land, no-malware ransomware, and more
* How hackers steal your data silently, including the latest clandestine exfiltration techniques
Watch a seasoned ransomware expert share techniques for effectively containing and eradicating the adversary. We’ll also cover mistakes to avoid and tactics for thwarting the stealthiest new threats. Join us and learn the proactive steps you can take to keep a ransomware attack from becoming a major catastrophe.
SAINTCON 2023 Sessionize Event
Sherri Davidoff
CEO of LMG Security, co-author of "Ransomware and Cyber Extortion"
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top