Takeaways from Disobey.fi Security Conference

The Disobey Security Conference 2025, held on February 14th and 15th at Kaapelitehdas in Helsinki, Finland, featured a diverse range of topics in the current cybersecurity landscape. A significant emphasis was placed on ransomware, reflecting its escalating threat to various sectors and how the ransomware groups operate.

Ransomware Focus

Several sessions addressed the multifaceted challenges posed by ransomware:

• "Guardians of the Hypervisor" by Nicklas Keijser and Anders Olsson delved into strategies for safeguarding VMware ESXi servers and hypervisors against ransomware attacks.‍
• "Navigating Chaos: A Prison's Struggle with Ransomware and Legacy Systems" presented by Richard Suls provided insights into ransomware detection and response within environments reliant on outdated infrastructure.‍
• "Ransomware Leaks Lead To Floods - How Leaked Files From Ransomware Can Be Weaponized Against Further Victims" by Roman Sannikov and Lorenzo Nicolodi explored the utilization of compromised customer data from ransomware incidents for threat intelligence and how attackers exploit leaked information to identify new targets.

Challenges in Cybersecurity

The adage "Old is New" resonated throughout the conference, highlighting that many cybersecurity issues from two decades ago persist today. This theme was evident in sessions such as:

• "Ten Security Design Strategies from 2004" by Camillo Särs, which revisited enduring security design principles and their relevance in addressing current challenges.
• "Flipping Bits: Your Credentials Are Certainly Mine" by Joona "joohoi" and STÖK, demonstrated how single-bit errors in domain names can redirect traffic to attacker-controlled domains, exposing sensitive data like OAuth tokens and emails.

AI in Cybersecurity

Artificial Intelligence (AI) was a prominent topic, especially within vendor discussions:

• "Hacking AI Models" offered a hands-on workshop focusing on the fundamentals of responsible AI practices, security testing principles, and exploring how AI models can be manipulated to perform unintended actions.
• "Deep Fake It Till You Make It!" by Ross Bailey examined the implications of deepfake technology, shedding light on AI's role in creating sophisticated digital fabrications.

In the vendor space, companies showcased AI-driven solutions:

• Various cybersecurity providers demonstrated their SOC Operations with their chosen toolsets.
• ‍Patria highlighted the use of Large Language Models (LLMs) for analyzing news feeds and translating content to bolster awareness among military operations.

Sofecta Labs has deployed similar solutions, using Large Language Models (LLMs) to analyze vulnerability information from multiple sources and deliver timely insights to our SOC analysts and customers for swift response and mitigation. Sofecta Labs' SOC/MDR solution leverages industry-leading technologies to provide nimble and agile responses to customer alerts and security situations.

Conclusion

Disobey continues to maintain its unique character as a hacker-friendly conference that doesn't shy away from controversial topics. The mix of technical deep-dives and broader strategic discussions provided valuable insights for both security practitioners and organizational leaders.

The conference's format, featuring two main tracks plus workshops, created an engaging environment where attendees could either focus on specific technical skills or explore broader security themes. The venue at Kaapelitehdas, with its cool industrial atmosphere, perfectly matched the conference's underground hacker feeling.

Looking forward to seeing how these discussions and insights will shape the security landscape in the coming year, particularly in areas like ransomware protection and mitigation and also how the security field integrates AI into products, for good and bad. Disobey 2025 has once again proven itself as an interesting and engaging platform for the Nordic security community.