The CCN-CERT is the Spanish Government CERT, responsible for assist Public Administration in fighting security incidents. It was created in 2006 as a part of the CCN (National Cryptology Centre), asigned to CNI (National Centre of Intelligence).
Every year it arranges for the STIC Workshop to be hold as a meeting place for security professionals; and last December we had the oportunity to attend the eighth edition.
As a novelty this year, the presentations were classified into three simultaneous modules, beside the plenary: #1 Cyberespionage / APT; #2 New threats, tools and technologies; #3 Cybersecurity estrategy ENS (National Security Scheme) and compliance.
With an attendance of over a thousand people, the first day session opened with the welcome of the Secretary of State-Director of the CNI, Félix Sanz Roldán, followed by a summary of the work of the Centre throughout 2014, as well as the upcoming activities and tools.
Next, we attended an excellent presentation about the state of art in persistence in BIOS, by Barroso (Eleven Paths).
At the end of the second day, we saw a roundtable discussion on the theme "What do the service providers and the integrators contribute to the National Cybersecurity?", as well as the following technical presentations:
Firts, Garrido (Innotec System) explained risks of a bad configuration of the Active Directory. And, last of all, Siles (DinoSec) talked about a vulnerability in the updates system of Apple which could allow and attacker to "frozen" the iOS version of a victime on a date.
As for the rest of the workshop, several tools created by the CCN were presented, all of them women named: Carmen, Pilar, Lucía, Clara, Inés, Marta, María... And we were told about many APT campaigns: Russian and Chinese APT, APT28 and an ongoing APT that has stolen 26 million USD so far. We could also see some demos about attacks on EMV NFC cards, on a SCADA system (model)... And we were told about ShellSock, BadUSB and the weareables, among others.
Among the speakers were professionals from major international companies like Kasperky, FireEye, SANS Institute as well as from different spanish enterprises and institutions.
After eight years, the CCN-CERT STIC has established itself as the most prestigious security congress in Spain.
You can download the contents of the presentations here (Spanish).