Cyberspace is becoming increasingly complex, and security challenges require cooperation from all sectors. This was precisely the key message at the second ConCERT cybersecurity conference, held on February 20th at the National and University Library in Zagreb. The conference, organized by CARNET's National CERT, brought together over 200 experts from Croatia and Slovenia, who exchanged experiences and knowledge in combating cyber threats and the best responses and procedures in the event of cyber incidents.
The conference was opened by Nataša Glavor, Assistant Director of CARNET for the National CERT, who emphasized the crucial role of cooperation among all sectors in creating a secure and resilient digital space.
Cyberspace is changing faster than ever, and the challenges require the cooperation of all of us. That is precisely why this conference is extremely important – it provides a space for open discussion, networking, and sharing experiences in a confidential environment.
As part of the event, participants had the opportunity to hear presentations from representatives from both the public and private sectors, who analyzed everything from ransomware attacks to the challenges faced in detecting cyber threat perpetrators.
Vlatka Marčan from the National Coordination Center for Industry, Technology, and Research in Cyber Security (NKS) presented in detail the work of the NKS, its users, and tasks. The NKS, as she highlighted, is engaged in four key areas, including the establishment of the Community of Expertise and cooperation with other NKS via the Network, education, and financial support within the framework of EU calls for proposals. Furthermore, Marčan emphasized the importance of cooperation in cross-border projects and the promotion of the Network and Community's work, including the European Cybersecurity Competence Centre - ECCC.
Experts from the National Cybersecurity Center shared their experiences and knowledge about modern ransomware attacks, explaining how they work on a technical level, what steps attackers take, and how we can protect ourselves. They highlighted the concerning fact that attackers often need no more than 24 hours from the moment they enter a network to achieve full administrative privileges. They emphasized that establishing adequate protection and detection measures is crucial, but investing in expensive tools alone is not enough to secure a system.
Ivan Birtić, a computer security associate in CARNet's National CERT Sector, shared his experience with web application security testing and their most common vulnerabilities. He emphasized that they most frequently encounter unpatched systems, authentication and authorization vulnerabilities, and the inertia of vulnerable parties in addressing these weaknesses. For anyone looking to make their applications more secure, his advice is to think like an attacker.
Renato Grgurić and Dragan Marić from the Cyber Security Service of the Ministry of the Interior spoke about who the most frequent perpetrators of cyber attacks are and what the main challenges are in finding them. They emphasized that identifying perpetrators can be a demanding process due to various legal regulations, inaccessibility of data, anonymization of perpetrators' identities, and the constant development of new attack methods, as well as the uncooperative stance of certain countries. They also presented an example of a successful operation in which the Cyber Security Service participated in cooperation with other European bodies.
Neven Zitek from SPAN presented the current state of the cyber environment and drew attention to the expected trends and threats in 2025. He noted that ransomware attacks are financially motivated, and that the human factor and unintentional malicious behavior of employees are still to blame for as much as 68% of compromises. He predicts an increase in existing threats for 2025, including ransomware attacks, state-sponsored attacks, AI-driven cyberattacks, and the exploitation of IoT devices, with quantum computing also set to bring change.
Gorazd Božić from the Slovenian national CERT shared data on the threats facing Slovenia. He noted the drastic increase in cyber incidents handled, which has risen since 2008. year, an increase of more than 1,300 percent, from 325 to 4,668 reported incidents by 2024. Investment fraud causes the greatest financial losses, while mobile phones are increasingly being used as attack vectors. He also highlighted the growing sophistication of social engineering, which is aided by the use of AI-based tools.
Vanja Švajcer, a security expert with many years of experience, spoke about malicious groups whose goal is financial gain. One of the tactics used by these groups is creating fake employees and recruitment agents to impersonate real software engineers and gain access to sensitive data through compromised user accounts. Švajcer also warned about the dangers of video interviews, where fake identities are often used. Finally, he provided recommendations for protection against such attacks.
Mislav Major from INFIGO IS provided insight into the work of a Red Team, a specialized group that simulates attacks on organizations to uncover security vulnerabilities. He emphasized the importance of a multidisciplinary approach, as effective security system testing requires experts with diverse knowledge. Each Red Team test, as he explained, strengthens an organization's infrastructure, enables the implementation of new defenses, and corrects vulnerabilities and misconfigurations.
Vlatko Košturjak from Diverto, Marlink Group, current CRO (Chief Research OfficerHe spoke about the use of artificial intelligence in coding and application development. Such methods can lead to vulnerabilities in applications that attackers can exploit. Košturjak warned that malicious groups have already begun using this technology, so it is important not to abandon traditional application testing methods to prevent security threats.
The turnout for the second ConCERT conference is an indicator of increased awareness regarding the importance of cyberspace protection, business resilience to threats, and a faster response to cyber incidents. Heightened awareness of network and information system security, driven by new legislation and sophisticated threats, strengthens the cooperation of experts and their mutual knowledge exchange. ConCERT has become a key event for fostering a community of trust where experts share experiences and solutions to challenges in their practice, with the aim of preventing attacks that threaten critical infrastructure and the economy.