PHDays 11 wrap-up: interest in cybersecurity explodes, pipeline shutdown demo

Information security is directly linked to the security of the general public and the entire state. This was underscored repeatedly at the international practical security forum Positive Hack Days 11. A live demonstration of white-hat hacking took place as part of the world’s biggest open cyberbattle, The Standoff.

PHDays 11 was the most visited in the forum’s history: over 130,000 viewers watched it online, and 10,000 people visited the offline site in Moscow. The PHDays 11 program included around 100 talks, discussion sections and round tables, contests with cash prizes (for example, hacking an ATM, POS terminal, or cash register), the creative festivals Positive Wave and HackerToon, the final of the first All-Russian open-source project competition for schoolchildren and students, a cyberart theft competition, and much more besides.

Over 100 guests visited the on-air studio broadcasting live for three days, including Russian Minister of Digital Development, Telecommunications, and Mass Media Maksut Shadayev and Director of the Information and Press Department and official spokesperson of the Russian Foreign Ministry Maria Zakharova.

PHDays also featured The Standoff, the largest open cyberbattle in the world. The main theme was the butterfly effect: spectators and competitors saw how an unacceptable event in one industry can affect others and even entire nations. The virtual State of F was set up at the venue in Moscow. It had three main industries: iron and steel, power, and oil and gas. Each had mutually linked facilities, from extraction to end-user delivery. The State F’s economy was represented by other segments as well (transport, banking, housing and communal services), each of which also made up of various facilities.

157 security researchers from 17 teams came together to find security weaknesses in these facilities, which were controlled by real-life systems. The attackers looked for vulnerabilities and attempted to trigger a range of incidents, such as causing airport chaos or shutting down an oil refinery. In the course of the four-day event, hackers actualized a total of 63 unacceptable events, 30 of which were unique.

For comparison, the previous edition of The Standoff, which took place in November of last year, saw just 6 unique risks actualized. This year almost all companies suffered, with the exception of the banking system. The transport company Heavy Logistics was attacked most frequently. The red teams managed to actualize 22 negative events in this segment, 6 of which were unique. Of the 17 Red teams, 14 managed to disrupt the railway ticketing system. The attacking Red teams consisted of security researchers and white-hat hackers targeting the State F’s infrastructure.

The oil industry was also subjected to a barrage of attacks, with 20 risks actualized over the four days. It was this industry that was hit by the largest attack at The Standoff, carried out by the Codeby team.

The attackers first interfered with the operation of a refinery, changing the distillation column settings, which caused flooding, and then completely paralyzed an oil product pipeline, halting fuel supplies to the airport. This led to the cancellation of many transit flights, as fuel stocks at the airport quickly ran out. Next, the team managed to infect the IT infrastructure of the oil and gas company Tube with a ransomware virus and shut down its oil product pipeline.

A similar real-life scenario played out last year when hackers attacked Colonial Pipeline, the largest pipeline system in the U.S. The shutdown caused hundreds of flight cancellations and delays nationwide. Airlines had no choice but to increase the number of aircraft refuels on many routes, which drove up flight duration and ticket prices.

The winners of the cyberexercise on the attacking side were the Codeby team (27,715 points), with True0xA3 in second place (23,381 points) and Invuls in third (12,352 points). During the four-day event, the attackers submitted 295 vulnerability reports. About 40 percent of these reports were sent by three teams: Codeby, DeteAct, and Bulba Hackers. More vulnerabilities were found in Heavy Logistics than in any other company.

It fell to five teams of defenders to investigate the incidents, track the attackers’ movements inside the infrastructure, and study their techniques and tactics, which gave them valuable experience in preventing unacceptable events. For them, The Standoff is an opportunity to use cutting-edge infosec tools and get detailed feedback from cybersecurity experts based on practical results.

Over the four days, the blue teams submitted 287 incident reports and 10 investigation reports.

The leading team by number of submitted investigation reports was ZoneZone. The minimum investigation time was one hour and 13 minutes, and the average time was nine hours and 15 minutes. The defending Blue teams investigated incidents during the cyberexercise, tracked the attackers’ movements inside the infrastructure, studied their techniques and tactics, and gained experience in preventing unacceptable events.

On May 19, The Standoff 365 Bug Bounty platform was unveiled at PHDays, which will unite companies and infosec experts in searching for vulnerabilities and assessing corporate security.

The launch of public bug bounty programs allowing any system to be tested in practice by a large number of security researchers with different skills and experience was a logical response to the sharp rise in cyberthreats. The platform will enable companies with mature information security to assess the robustness of their business reliably and objectively.

For the first time, security researchers will be rewarded not only for finding vulnerabilities, but for discovering ways to actualize unacceptable business events.

In addition, the forum hosted a series of events dedicated to cybersecurity investment. Participants discussed the state and prospects of the infosec market, experiences of floating on the stock market, and new approaches to working with investors.

Today the company already has more than 44,000 shareholders, 99% of which are individuals.

In conclusion, Positive Technologies top managers told how the company plans to double its business and attract at least 100,000 shareholders over the coming year. As ever, PHDays and The Standoff were organized by Positive Technologies. And for the third time running, the co-organizer was Innostage Group. Innostage experts deploy and maintain the cyberrange infrastructure. Specialists from the CyberART cyberthreat prevention center monitor the battle, supervise team actions, act as mentors for one of the defense teams, and demonstrate implemented attack chains to forum guests.

The business partners of the forum are Security Vision, a developer of cybersecurity solutions, Rostelecom-Solar, a national provider of information security services and technologies, and MONT, a distributor of software for any business. The technological partner is Azbuka Vkusa. The partners of PHDays 11 are Axoft, Fortis, Gazinformservice, IBS Platformix, ICL System Technologies, InfoWatch, Jet Infosystems, Liberum Veritas, Marvel Distribution, Pangeo Radar, R-Vision, and USSC.