CypherCon 2023

Operation BORDERLAND:  Ransomware vs. Horizon MDR



“Who do you think has the easier job; those of us who are charged with defending our systems and information, or those who we fight each day against who seek to engage in espionage, war, and acts of terror?  In my opinion, it’s the offensive guys who have it easy…  you see, they only have to be right once and they will win.  Us, we have to be right every single time or we lose.  And for us losing is not in the cards.” (Former Head of Digital Forensics, CIA).

The Cyberspace Domain…  We exist in a world of hostility and uncertainty.  Much like in the hit series Alice in Borderland, it would seem our world today is consistently plagued by unpredictable challenges and unforeseen dangers; so much so that no one, can escape this maelstrom – all of us have our part to play and our toll to pay.  We are playing a game with exponentially increasing stakes and today living in a world where packets can decide the fate of not just individuals or whole countries, but our entire civilization.   Code has now become the latest entry on the exclusive and terrifying list of Weapons of Mass Destruction.  “It’s better to get used to the game while we still have time to spare.” (Watabe et al., 2020).

Nearly every day we hear of new “Easy Button” solutions; solutions promising to make life simpler – proudly proclaiming to ease the burden of protecting ourselves and our organizations.  Despite the questionable validity of such claims, we are continually asked to invest unimaginable amounts of capital into these “widgets”; hoping for nothing more than providing us a leg up in our fight – or at least trying to make it appear as if we are doing what we can.  Even so, we hear of new breaches and attacks and see the horror of the damage they cause play out every single day.  Are we doomed to this new reality?  Have we really reached the point where Pandora’s Box has been opened so long that nothing can bring us back from this brink?  Perhaps there is a better way?  What of solutions that don’t simply give you a widget, but provide you the service of taken on some of this burden?  What of Managed Detection and Response (MDR)?  These are the questions we will attempt to answer…

Join us on this never-before-attempted journey to answer these questions in front of a live audience by pitting a tailored zero-day ransomware against the acclaimed Horizon MDR offering by Check Point Software.  Come see the impacts of our ransomware campaign (dubbed “King of Spades”) on the systems we have targeted and witness first-hand the response of the Horizon MDR team – that is, if they catch it…  Hear from the real actors behind this audacious operation who make up an impressive collection of expertise from Incident Response to Endpoint Security and Digital Forensics to Nation-State Offensive Operations.  Don’t forget to stop by the Check Point Software booth before our presentation as one lucky attendee will be selected to play the role of the offensive operator and signal our Command-and-Control system to start encrypting each of our infected hosts.