Investments in education and awareness programmes for employees in cybersecurity are essential, given that social engineering attacks remain among the most frequent, cybersecurity experts drew attention at this year's edition of the DefCamp specialist conference, organized in Bucharest over November 28-29.
"The coordinated attack by the Russian hacker group NoName057(16) on the DefCamp 2024 website is clear evidence of the growing notoriety of our conference in the region, but also of the relevance of the topics we address. It is very possible that this incident was instigated by the fact that one of our speakers was going to give a presentation on the activities of this group. Although the current geopolitical context and the coincidence with the elections in Romania brought additional challenges, our team of specialists managed to quickly neutralize the attack, without any damage or interruptions in the event," said Andrei Avadanei, founder of DefCamp, in a press release sent to AGERPRES on Wednesday.
According to the same source, the 60 speakers at the DefCamp 2024 emphasised the need for awareness of cyber risks, constant security training and accountability of those involved in the digital ecosystem. The risks associated with cloud resources were also discussed, such as massive exploits that can compromise AWS accounts without targeted attacks. The persistent vulnerabilities in public cloud resources highlight the urgent need for improvements and more effective solutions.
"Cybersecurity experts emphasised that an effective defence strategy, applicable to both IT and OT networks, must include minimizing the attack surface, securing data transfers, and implementing advanced threat prevention measures. They also emphasised the need to focus on vulnerable points, rather than conventional security perimeters. Moreover, companies were advised to prioritize measures such as implementing multifactor authentication and strict access control to sensitive systems to reduce risks. Continuous monitoring of network activities, along with regular updates to systems and software, significantly contribute to preventing the exploitation of known vulnerabilities. Investments in employee education and awareness programmes are fundamental, given that social engineering-based attacks remain among the most common. In addition, developing a solid incident response plan and conducting periodic simulations help organizations be better prepared for potential attacks," the same press release states.
As many as 18 educational activities were organized this year within the Hacking Village, hosted on the technical educational platform CyberEDU, which allowed participants to test their skills in an applied environment, not only to improve their technical expertise, but also to contribute to the development of an informed and strong community.
The most important competition, DefCamp Capture the Flag (D-CTF), attracted almost 800 teams from 92 countries in the 2024 edition, 30% more than in 2023. Of these, 16 teams qualified for the final stage, held "live" on November 28.
The winner of the competition this year was the Hackemus Papam team from the Vatican, the 2nd place went to The Few Chosen, a local team that also won the award for "the best team in Romania," and the 3rd place went to the Wreck the Line team, an international team including members from Romania.
At the same time, DefCamp 2024 offered participants the opportunity to make a real difference and directly influence the lives of those in urgent need of help. Thus, with the support of the local authorities, the Trace Labs OSINT Search Party CTF competition brought a unique experience, in which teams of ethical hackers used OSINT (Open Source Intelligence) techniques to contribute to finding missing persons. The 45 participants analyzed eight cases, and in five of them new information was discovered to support local authorities in finding missing persons - a record result in the history of competitions organized by Trace Labs.
The DefCamp 2024 event was organized by the Association of the Centre for Computer Security Research in Romania (CCSIR), powered by Orange Romania, and benefited from the support of Data Core Systems and Secureworks, as Platinum partners, Adobe, OPSWAT, Booking Holdings, Keysight Romania and Bit Sentinel, as Gold partners, Pentest-Tools.com and KPMG as Silver partners, as well as CyberEDU.
From 2011 to the present, DefCamp has managed to attract over 15,000 participants from about 60 countries and over 150 cities to Bucharest. In 2024, the conference audience spanned various professional roles and included 5% IT operations specialists, 5% auditors and consultants, 29% security engineering experts, 6% executive leadership members, 4% software engineering professionals, 10% sales and marketing people, 10% education representatives, 3% researchers, 12% managers and 16% participants falling into other categories.
Comentează