The first rule of defending networks is that a determined adversary will not be denied. This has been proven time and time again, with each high profile compromise there is a new and clever way that an advanced adversary penetrated an enterprise of interest. Whether it be through the use of 0-days, social engineering, or kompromat adversaries are going to do whatever it takes to achieve their mission objectives - whatever those might be. As organizations have gotten better at defending their networks, adversaries have recognized that in many cases it is quicker, cheaper, and easier not to target the organization directly, but to compromise a third party with a trusted relationship with the actual organization they are attempting to compromise. Enter supply chain attacks.

This talk will discuss one of the techniques we are seeing an increase in frequency supply chain attacks. Supply chain attacks are a broad topic, but one that has continued to evolve and mature over the last decade. We will walk through what a supply chain attack constitutes, the history of how these attacks have evolved, and finally where we see this attack technique moving in the future.

Nick Biasini and Edmund Brumaghin

Nick Biasini’s interest in computers and technology started at a young age when he tore apart his parents brand new 486SX PC. Ever since he has been tinkering with computers in one way or another. Nick got his start in security helping protect the National Air Space and has been working in security in one role or another ever since. In his time with Talos, Nick has been responsible for exposing new details to major threats, with a focus on crimeware. This includes exposing the Angler exploit kit, identifying new techniques like Domain Shadowing, helping to stop a large scale exploit kit campaigns, and revealing clever spam campaigns delivering malware. Nick has a master’s degree in digital forensics from the University of Central Florida and has worked for government and private sector environments in his career.

Edmund Brumaghin is a threat researcher with Cisco Talos. He has spent the past several years protecting environments across a number of different industries including nuclear energy, financial services, etc. He currently spends his days hunting malware and analyzing various threats as they emerge and continue to evolve. In his time with Talos he has researched ransomware and other threats being distributed using various attack vectors. He has also worked to expose large scale malware campaigns and raise awareness of security threats observed across the threat landscape.