CODE BLUE 2024: Taiwan's Rising Cybersecurity Stars
Unveiling Cutting-Edge Research and Solutions from CyCraft, TeamT5, Devcore, and TXOne Networks
Overview
At CODE BLUE 2024, held in Tokyo, Taiwan’s leading cybersecurity firms—CyCraft, TeamT5, Devcore, and TXOne Networks—captivated attendees with their groundbreaking solutions to modern cyber threats. From AI-driven tools for external attack management to deep insights into influence operations and advanced vulnerability research, these companies demonstrated why Taiwan has become a critical hub for cybersecurity innovation. Their presentations highlighted not only technological excellence but also the ability to address challenges unique to the Asia-Pacific region and beyond.
This article explores the contributions of these companies at CODE BLUE, emphasizing their individual innovations and the collective impact they have on the cybersecurity industry. It also examines the larger role Taiwan plays in shaping global cybersecurity strategies, driven by a unique mix of geopolitical pressures and technological ingenuity. Through these efforts, Taiwan is securing its place as a global leader in the fight against increasingly sophisticated cyber threats.
About CODE BLUE
CODE BLUE is a global cybersecurity conference that brings together leading experts, researchers, and innovators to exchange knowledge and tackle pressing security challenges. Known for fostering collaboration across borders, the event serves as a platform for sharing groundbreaking research and discovering emerging talent.
The 2024 event focused on critical issues like securing the increasingly interconnected Internet of Things (IoT), emphasizing the need for collaborative solutions to enhance global cybersecurity resilience. With its commitment to nurturing future industry leaders, CODE BLUE provides scholarships and mentorship opportunities, creating a community dedicated to advancing cybersecurity worldwide.
Read about spotlights from this year’s CYBERSEC 2024 conference.
Company Overview
Founded in 2017, CyCraft has rapidly established itself as a leader in AI-based cybersecurity solutions. Headquartered in Taiwan with offices in Japan and Singapore, the company serves a diverse clientele, including government agencies, financial institutions, and high-tech manufacturers across the Asia-Pacific region. CyCraft's focus on artificial intelligence and machine learning has earned it accolades from industry analysts such as Gartner, IDC, and Frost & Sullivan, as well as substantial support from investment groups like CID Group and Pavilion Capital.
Presentations at CODE BLUE 2024
“BullyRAG: A Multi-Perspective RAG Robustness Evaluation Framework”
In a collaborative effort, CyCraft's data scientists—Sian-Yao Eric Huang, Cheng-Lin Yang, and intern Yen-Shan Chen—unveiled "BullyRAG," an open-source framework designed to assess the robustness of Retrieval-Augmented Generation (RAG) systems. As RAG systems enhance Large Language Models (LLMs) by integrating retrieval mechanisms, ensuring their robustness against attacks is critical. The team explored how attackers could manipulate these systems by obfuscating knowledge or exploiting LLM preferences. BullyRAG provides over 10 attack techniques and supports various usage scenarios, offering a comprehensive tool for evaluating and strengthening AI systems against potential vulnerabilities.
“Next-gen EASM: AI Co-Pilot for External Attacking Path Simulation”
Benson Wu, CEO and Co-Founder of CyCraft, introduced their next-generation AI-powered External Attack Surface Management (EASM) system. His presentation highlighted how AI is revolutionizing the way organizations identify and mitigate external threats. By automating the discovery of external assets and simulating potential attack paths, CyCraft's EASM enables organizations to visualize vulnerabilities and prioritize risk mitigation strategies effectively. Wu emphasized real-world applications of this technology, demonstrating its potential to stay ahead of the evolving cyber threat landscape.
Impact and Significance
CyCraft's contributions at CODE BLUE underscored the company's commitment to advancing cybersecurity through AI innovation. By addressing both external threat management and the integrity of AI systems, CyCraft demonstrated a holistic approach to modern cybersecurity challenges. Their work not only provides practical solutions for organizations but also contributes to the broader discourse on AI safety and reliability in cybersecurity applications.
Company Overview
Established in 2017 by five security professionals, TeamT5 embodies the belief that Taiwan harbors world-class cybersecurity talent. Specializing in Advanced Persistent Threats (APTs) and malware research, TeamT5 offers cyber threat intelligence reports and anti-ransomware solutions to clients across the USA, Japan, and Taiwan. The team's deep understanding of cyber attackers in the Asia-Pacific region is a result of their geographic and cultural insights, making them a valuable asset in the global fight against cyber threat actors.
Presentation at CODE BLUE 2024
“China’s Evolving Playbook: The Combination of Hack-and-Leak and Influence Operations”
Presented by CTI Analysts Li-an Huang and Chih-yun Huang, TeamT5's session dove into the sophisticated tactics employed by Chinese threat actors. With the world gearing up for significant elections in 2024, the presentation shed light on how state-sponsored actors are evolving their strategies to influence democratic processes. The team discussed the merging of hack-and-leak tactics with influence operations, highlighting real-world case studies from Taiwan's 2024 presidential election.
The presentation also explored the role of generative artificial intelligence in enhancing these malicious campaigns. By demonstrating how AI can be used to create disinformation targeting wider audiences, TeamT5 emphasized the escalating complexity of cyber threats. The session concluded with mitigation strategies and policy recommendations, aiming to equip organizations and governments with tools to counteract these sophisticated operations at an early stage.
Impact and Significance
TeamT5's insights are critical in understanding the geopolitical dimensions of cybersecurity. Their research provides a nuanced view of how cyber threats are not only technical challenges but also instruments of political influence. By exposing these tactics, TeamT5 contributes to safeguarding democratic institutions and underscores the importance of proactive threat intelligence.
Company Overview
Founded in 2012, Devcore is a Taiwanese cybersecurity firm dedicated to enhancing enterprise security by adopting the mindset of attackers. As pioneers in "Red Team Assessment" in Taiwan, Devcore assists clients in improving their cybersecurity and response capabilities by simulating real-world attack scenarios. Their team of world-class white-hat hackers focuses on identifying zero-day exploits and providing strategic defense solutions.
Presentation at CODE BLUE 2024
“Proxying to Kernel: Streaming Vulnerabilities from Windows Kernel”
Senior security researcher Angelboy Yang presented Devcore's groundbreaking work on uncovering privilege escalation vulnerabilities within the Windows Kernel. By exploring overlooked attack surfaces, the team identified over 20 vulnerabilities in a matter of months. Their research included a novel proxy-based logical bug class that allows attackers to bypass validations and execute exploits more effectively.
Angelboy's presentation underscored the techniques used to discover these vulnerabilities and the potential impact they could have if left unaddressed. By sharing their methodologies and case studies, Devcore aimed to educate the cybersecurity community on the importance of continuous and in-depth vulnerability research.
Impact and Significance
Devcore's work highlights the critical need for proactive security measures and thorough vulnerability assessments. Their ability to uncover complex vulnerabilities in widely used systems like Windows underscores the importance of their contributions to global cybersecurity. By sharing their findings, they aid in the collective effort to strengthen defenses against potential exploits.
Company Overview
TXOne Networks specializes in cybersecurity solutions for Industrial Control Systems (ICS) and Operational Technology (OT) environments. By employing the OT zero trust methodology, they ensure the reliability and safety of critical infrastructures. TXOne Networks collaborates with manufacturers and infrastructure operators to develop practical and operations-friendly defense strategies, integrating both network and endpoint solutions to provide real-time cybersecurity.
Presentation at CODE BLUE 2024
“Attention Is All You Need for Semantics Detection: A Novel Transformer on Neural-Symbolic Approach”
The presentation by Mars Cheng, Yi-An Lin, and Sheng-Hao Ma introduced CuIDA, a neural-network-based symbolic execution model designed to improve malware detection. The team addressed the challenges of filtering unique binaries from large-scale samples, especially when dealing with obfuscated code and advanced evasion techniques.
CuIDA simulates human expert analysis strategies, such as taint analysis and understanding unknown API calls, to uncover hidden malicious behaviors. The model successfully addresses difficult detection scenarios, including dynamic API resolution, shellcode behavior inference, and detection of commercial packers without the need for unpacking.
Impact and Significance
TXOne Networks' innovation in applying advanced AI models to malware detection represents a significant advancement in protecting critical infrastructure. By enhancing detection capabilities and reducing the need for extensive human intervention, their work contributes to more efficient and effective cybersecurity measures in environments where reliability is paramount.
Shaping Taiwan’s Cybersecurity Landscape: The Rise of Homegrown Innovators
The presentations by CyCraft, TeamT5, Devcore, and TXOne Networks at CODE BLUE 2024 highlight a larger narrative: Taiwan’s ascent as a global cybersecurity leader. These companies exemplify the country’s ability to address some of the world’s most pressing cyber threats, not just through technological prowess but also by leveraging a deep understanding of the geopolitical landscape. Together, they reflect a cybersecurity ecosystem that is thriving under the pressure of necessity and innovation.
Taiwan’s unique position as both a technological hub and a geopolitical hotspot has shaped its cybersecurity industry into one of unparalleled resilience. Constant threats from advanced persistent threat (APT) groups and state-sponsored actors have forced its cybersecurity firms to develop sophisticated, adaptive solutions. This has not only elevated the capabilities of individual companies but also positioned Taiwan as a critical player in global cybersecurity, capable of addressing both regional and international challenges.
At the core of this success is the innovative approach these companies bring to solving complex problems. From CyCraft’s AI-driven attack surface management to TeamT5’s analysis of influence operations, Taiwanese firms consistently deliver technologies that are both practical and groundbreaking. These solutions are not just theoretical; they are applied tools and strategies designed to detect, analyze, and mitigate real-world threats, often faster and more effectively than their competitors. Such ingenuity is a defining characteristic of Taiwan’s cybersecurity landscape, ensuring its relevance and leadership in an ever-evolving industry.
This innovation is supported by a collaborative environment that spans government initiatives, industry partnerships, and academic contributions. Taiwan’s government has recognized the strategic importance of cybersecurity, investing in programs that foster talent, encourage research, and build a foundation for long-term success. This symbiotic relationship between the public and private sectors ensures that Taiwan’s cybersecurity firms have the resources and platforms needed to scale their solutions and share their insights on the global stage.
Events like CODE BLUE are instrumental in amplifying Taiwan’s influence in the international cybersecurity community. By showcasing their technologies and research at such prominent forums, Taiwanese companies not only demonstrate their expertise but also contribute to the global exchange of knowledge and strategies. Their presence at these events underscores their role as key contributors to the international effort to combat increasingly sophisticated cyber threats.
Despite their successes, these companies face challenges in scaling their innovations for broader global markets while staying agile in addressing rapidly shifting threat landscapes. However, Taiwan’s cybersecurity sector has consistently demonstrated its ability to adapt, innovate, and excel. The resilience and ingenuity of these firms ensure that Taiwan will continue to play a pivotal role in shaping the future of global cybersecurity.
The Taiwanese companies that took the stage at CODE BLUE are more than just representatives of a burgeoning industry; they are the architects of a cybersecurity ecosystem that is setting new standards worldwide. By combining innovation, collaboration, and a profound understanding of the threat landscape, they are not only safeguarding their nation but also contributing to a more secure digital future for everyone.
CyberSec Taiwan
About CyberSec Taiwan
Your source for the latest news and analysis on Taiwan-centric cybersecurity.
Disclaimer: The CyberSec Taiwan Substack account is not affiliated with iThome or its annual CYBERSEC conference in Taiwan.