Cybercrime has matured dramatically, with large cybercriminal groups now operating as well-organized business syndicates. Under the cover of the Dark Web marketplace they offer cybercrime-as-a-service options such as turnkey ransomware services with round-the-clock customer service lines. They sell stolen enterprise credentials, malware, and other hacking services, and not surprisingly, also scam and hack one another. In this keynote, an expert on cybercrime will explain how this dark ecosystem operates and continues to flourish — and provide tips on how to protect your organization from today’s sophisticated cybercrime syndicates.

China. Russia. Iran. North Korea. These four nations represent some of the most prolific and powerful nations with state-sponsored hacking teams that conduct cyber espionage of all flavors, from geopolitical and diplomatic spying to intellectual property theft. Some now even cross the line into cybercrime with ransomware, extortion, and data-wiping attacks. Other nations are ramping up their hacking teams for their national interests as well, such as India, Pakistan, and Vietnam. In this keynote, an expert on nation-state cyber operations will share the latest trends and operations of nation-state hacking groups and the threats they pose to businesses and organizations of all sizes.

Cloud threat intelligence should simplify detection—but often creates noise instead. With vast TI data and automated attacks flooding alerts, many teams struggle to separate real threats from background noise. This session introduces the Zero Noise Approach—a methodology for ingesting and operationalizing Cloud TI through attacker-based baselines, continuous feedback loops, and a “no alert left behind” mindset. Learn how this approach turns TI from overwhelming to actionable, with real-world case studies showing how organizations achieved higher fidelity detections and clearer visibility into attacker TTPs.

Threat actors relentlessly adapt their tactics to exploit misconfigurations in the cloud, stopping at nothing to infiltrate cloud environments and perform malicious activities. So, how can organizations stay ahead and defend themselves against these sophisticated threats?

Join our upcoming Cybercrime Casefile session to see how Unit 42® experts tackled a real cloud cryptomining incident. Learn how a threat actor infiltrated a cloud environment through misconfigured resources and exposed credentials and see how Unit 42 decisively responded to secure the compromised environment.

You’ll hear our Unit 42 experts dive into:

-A firsthand account of the investigation.
-The anatomy of the attack.
-The strategic steps Unit 42 and the client took to remediate the incident.
-Insights into cloud threat actor tactics and cutting-edge techniques.
-Powerful recommendations for cloud security best practices and defense strategies.

There are various threat intelligence feeds and information about the latest threat groups, campaigns, and their tactics, techniques and procedures (TTPs) coming from security vendors as well as the Cybersecurity and Infrastructure Security Agency (CISA). How do you know which threat intel applies to your organization? How can you map MITRE’s ATT&CK framework to your security architecture? In this panel discussion, experts will provide insight and guidance on how to harness threat intelligence data as well as the ATT&CK framework and weave them into your existing security tools and operations.

Cybercrime and nation-state hacking teams continue to mature, evolve, and pivot to evade detection by security teams. For security operations teams, that means trying to stay a step ahead of the adversaries by ensuring you have visibility into all your devices, identities, and online assets, both in the network and in the cloud. It also calls for proactive security practices such as regular vulnerability scanning and penetration testing, and threat hunting by the security team or your security service provider. In this panel discussion, red team experts share insights on how to execute these practices, the emerging technologies that support them, and how to apply the findings and discoveries to shore up your defenses.

Security teams today juggle dozens or more security tools— many of which are not well-integrated. Often, they don’t have the resources needed to fully realize all the features of the tools, which can impede their ability to respond properly and efficiently to a security incident. How can the cloud and AI be harnessed to streamline and empower security analysis in the age of SaaS and other infrastructure security challenges? What types of processes and tools can help sift through this telemetry to ferret out actual threats or attacks? In this panel discussion, experts will discuss these issues and how SecOps teams can improve their detection and analysis of a security event before it escalates.