CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
In recent years, many enterprises in the world have suffered from leaks of sensitive customer or employee information due to APT attacks, malware attacks, insider leaks, or mis-configured settings. Data breaches have a considerable impact, not only harming corporate reputations and causing business to be lost, but also causing serious risk for customers. If leaked data flows into the hands of bad actors, we can easily imagine the harmful consequences. These risks equally affect Taiwan’s 8 critical infrastructures. If sensitive information about employees or external services leaks, hackers can easily apply it to social engineering or advanced continuous penetration attacks. However, a critical infrastructure security incident can cause more than financial loss – it can also create a threat to the safety of physical equipment or to people’s lives and property.
This research will collect publicly leaked data and share some of the traps and fun that we found during the analysis. We will also share how we have conducted big data analysis on more than 10 billion pieces of data from 200 plus datasets, with a particular focus on the analysis of data leakage and password habits of 8 critical infrastructure service providers. Finally, based on the in-depth analysis of our data, we will try to provide prediction warnings to high-risk CI sectors and vendors that may be invaded due to information leakage, and finally advise how to perform prevention and mitigation measures.
Mars Cheng (@marscheng_) leads TXOne Networks’ PSIRT and Threat Research Team as their Threat Research Manager, coordinating product security initiatives and threat research efforts. He is also the Executive Director for the Association of Hackers in Taiwan and General Coordinator of HITCON CISO Summit 2024, facilitating collaboration between enterprises and the government to bolster the cybersecurity landscape. Additionally, Mars serves as a Cybersecurity Auditor for the Taiwan Government. His expertise spans ICS / SCADA systems, malware analysis, threat intelligence and hunting, and enterprise security. Mars has made significant contributions to the cybersecurity community, including authoring more than ten CVE-IDs and publishing in three SCI journals on applied cryptography. Mars is a frequent speaker and trainer at numerous prestigious international cybersecurity conferences and has presented over 50 times, including Black Hat USA / Europe / MEA, RSA Conference, DEF CON, CODE BLUE, SecTor, Troopers, FIRST, HITB, ICS Cyber Security Conference Asia and USA, HITCON, NoHat, ROOTCON, SINCON, CYBERSEC, and many others. He has successfully organized several past HITCON events, including HITCON CISO Summit 2023, HITCON PEACE 2022, HITCON 2021, and HITCON 2020, demonstrating his commitment to advancing the field of cybersecurity.
Yenting Lee is a Sr. Threat Researcher at TXOne Networks, blending a background and experience in ICS / SCADA, cyber-offensive and defensive exercises, pentest and threat hunt. Yenting has been a speaker at several cyber security conferences and classes, including FIRST Conference, ICS Cyber Security Conference USA / APAC, CYBERSEC, SECCON, PPAM India, and InfoSec Taiwan. Additionally, he also had been engaged serveral ICS vulnerability discovery and white paper writing on the topics of ICS.