The 30th DFN Conference “Security in Networked Systems” took place from 8-10 February 2023 in the Grand Elysée Hotel Hamburg. The event is organized yearly by DFN-CERT and well established in the security field.
Last week we visited the DFN Conference on IT Security in networked systems. The DFN Conference addressed issues relating to information security, in particular network and computer security in educational institutions, administration and industry. The event is visited by experienced professionals as well as those who are interested in information security, but have yet to become acquainted with this subject. More information about the conference and its agenda can be found on the DFN website.
The topic of this year’s conference was cyber defense. At this critical time of global cyber attacks and vulnerabilities, DFN assembled a program with speakers from the international security community. The speakers shared the latest news in cyber defense research in our industry, academia and politics. With talks ranging from new techniques to better protect against identity theft, understand the root cause of cyber attacks across the globe and leverage machine learning to protect networks.
The keynote speech this year was “The cyber attack against Münster University of Applied Sciences in June 2022” by Prof. Dr. Sebastian Schinzel which outlined, how serious the threat nowadays is and how important it is, to rollout a proper security infrastructure. A significant hacking attack against the university was discovered at the Münster University of Applied Sciences in June 2022. The attackers had gained access to the internal user administration a few days earlier. By sharing their learnings with the public, they help other institutions and organizations to better protect theirselves.
Many other informative and interesting talks were part of the DFN Conference. Some of our highlights were:
- It was demonstrated how open source tools like LibreOffice can be used safely. In particular, LibreOffice uses macros which can be embedded to documents in order to spread malware and macro viruses that spread additional threats and deliver dangerous payloads. Tipps and tricks on how to identify compromised documents were given.
- A software named Malpedia for malware inventory and comparison was introduced. Malpedia’s main objective is to serve as a resource for quick malware identification and actionable context during malware investigations.
- In the previous year E-Mail-Tracking und -Profiling was a great threat for every industry and it continues to grow. Tactics on how to raise security awareness among the own organization and how to defend the company were outlined.
A full list of the talks and their details can be found on the DFN Conference Page.
In addition to talks by experts from industry, government, and academia, there was also a hands-on blue team training. A blue team is a team in charge of protecting an enterprise’s use of information technologies by upholding its security against attackers (i.e., the Red Team). During the blue team training, the fictive servers of the University of Pellworm were attacked. The participants were separated into small groups, or “Blue Teams,” with the objective of identifying and preventing this attack. By taking part in this training, the Honcion team gained practical experience in attack detection and defense.
There were also a plenty of networking opportunities for the german-speaking IT security community. A nice evening spent in the Gröninger Braukeller offered a great chance for this community to exchange and expand.
As already mentioned in one of the previous blog posts, IT security has a top priority at Honicon. Cyber threats continue to rise and pose a threat, especially for small and medium sized enterprises. The threat actors are getting better with time and the attacks are growing more complex. Due to the lucrative nature of the industry, cyber attacks are not going away any time soon. To protect our data and minimize business downtime, Honicon educates its staff on how to spot these constantly changing workplace scams. In addition to that, we always keep up to date with the newest trends and research, and educate our team in order to protect ourselves the best way.
The DFN Conference was a great experience, we got many insights on the newest IT security topics and exchanged ideas with like-minded people. We are looking forward to the next one!