By: Kelsey Atherton
“The Five Most Dangerous Attack Techniques” read the marquee guiding attendees of the RSA cybersecurity conference to this morning’s keynote panel. As the audience shuffled to regain seats inward the bluely lit room, the 4 panelists from SANS institute launched into a rapid burn assessment of multiple threats, to a greater extent than or less of which sure seemed dangerous. Alan Paller, query managing director too founder of SANS Institute, together alongside SANS teacher Ed Skoudis, SANS Dean of Research Johannes Ullrich, too SANS Head of R&D James Lyne, are inward the delineate organization of grooming people inward threat response. So, what threats lurk inward the shadows of 2018, waiting to ruin the lives of whatever authorities agency or contractor that uses computers? They ranged from de-anonymizing information stored inward the cloud to infiltrating server farms primarily to bag processing powerfulness to finding novel exploits against industrial controls.
Cloud City
The cloud, metaphorical repository of everything non on computers straight owned yesteryear users, is exactly a fancy term for “someone else’s computer.” Putting information on the computers of others yesteryear necessity requires surrendering to a greater extent than or less command over the devices, therefore Skoudis suggested that when using cloud assets, agencies too contractors invest specifically inward information inventories too a guide hold a mortal assigned equally information curator. If the computers aren’t in-house, keeping an oculus on the information even therefore tin terminate be, too since therefore much of everything inward technology today is the collection, maintenance, too role of data, it makes feel to invest resources inward tracking information similar other inventory.
For preventing developers from leaking credentials, Skoudis recommended git-seekrat too git-secrets, too to regain sensitive information inward repositories, Skoudis pointed users to gitrob. Amazon, Microsoft, too Google all offering tools for threat detection too information loss prevention. And too therefore at that topographic point is the basic safety chore of penetration testing, finding vulnerabilities yourself before an adversary does.
“You tin terminate do a pen exam inward the cloud - you lot exactly demand permission from the cloud provider,” said Skoudis. “The provider tin terminate do it themselves or you lot tin terminate do a pen exam of the terminate system.”
Besides tracking the information itself, Skoudis highlighted the adventure of how data, fifty-fifty anonymized data, could locomote correlated alongside open-source information to locomote de-anonymized, citing specifically an lawsuit of anonymized Netflix user information that, paired alongside information gleaned from IMDb, tin terminate disclose who those anonymized users were.
Looming over this give-and-take of information safety was the European Union’s GDPR, a laid of potent information privacy protections laid to come upward into resultant adjacent month
“I recollect it volition Pb to improve protection of data,” said Skoudis. “I worry it volition remain inward Europe. I would similar to meet it here.”
Mine Craftiness
Pivoting sharply from Skoudis’ presentation on keeping cloud information secure, Ullrich began his presentation inward front end of a sign that blared “Nobody Wants Your Data Anymore.” He pointed to the life bike of information theft: stealing information too selling it to others, too therefore stealing information too locking it upward alongside ransomware to sell dorsum to users, too and therefore skipping the information alone too only stealing the processing powerfulness of a companionship too its customers.
Why processing power? Bitcoin, too other blockchain-mined digital commodities, may guide hold the best economical homecoming on investment for intruders, therefore sneaking code inward that tin terminate borrow a computer’s resources, patch sending the returns dorsum to the mortal who laid it up, gives hackers a covert income stream. How tin terminate people spot miners? High CPU load, network traffic, too hotness are the primary way of discovery, applicable for outsider too insider threats, since the computers themselves volition demo signs of misuse.
“Someone brought a cryptocoin miner into a information center, topographic point it nether the floor. ” said Ullrich, “Maybe role a thermal photographic telly camera inward information centre security.”
In add-on to checking computers for signs of hijacking yesteryear miners, too also inward calorie-free of major safety hardware failures similar Spectre, safety professionals should halt assuming that hardware is automatically trustworthy. Hardware tin terminate locomote isolated if it is physically isolated, but the to a greater extent than it is inline, the to a greater extent than possibility at that topographic point is for the network to locomote infiltrated. Going forward, Ullrich recommended non exactly encryption for communications betwixt networks, but encryption too authentication “on the wire” within networks, betwixt private machines. Fortunately, placing a miner on a estimator isn’t the terminate of the world.
“[Miners] guide hold to ex-filtrate data,” said Ullrich. “Miners acquire found, too guide hold uncomplicated fixes in 1 lawsuit found.”
That miners tin terminate locomote institute inward the hereafter does non hateful that miners volition locomote equally slow to regain equally they were inward the past.
“Coinjacker miners used to locomote greedy, clock things fast, create obvious problems,” said Ullrich, “Users quit jacked browsers. New miners don’t overclock equally obviously.”
Power overwhelming
Industrial too infrastructure systems are at a unique minute of risk, argued Lyne, because they are existence moved to a greater extent than too to a greater extent than online, but the industrial command community doesn’t guide hold the same decades of expertise inward defending against attacks that commercial too personal estimator companies guide hold seen. The employment is a fit of both increased vulnerability on behalf of the targets too increased involvement from attackers.
“I recollect it is inevitable nosotros volition meet to a greater extent than focus on attacks from groups similar acre states too others beyond those interested inward money focused on industrial controls too retentiveness overloads,” said Lyne. Sabotage equally rationale itself, divorced from economical incentive, changes the calculus of security, too probable requires unlike responses at the highest levels. Nations guide hold already explored how to acquire into vulnerable infrastructure systems.
That vulnerability powerfulness come upward inward the degree of non exactly taking information from industrial controllers, but changing what information the controllers fifty-fifty receive.
“We’ve seen attacks on controllers; what scares me is when attacks motion from controllers to sensors themselves,” said Lyne. “What happens when your rootage of truth is manipulated?”
Learn from the yesteryear to avoid fallout
Tying the diverse themes together, Paller asked the panel to consider the words of an before speaker inward the day, Cisco Senior Vice President John N. Stewart, almost the demand to shift the cybersecurity perspective from blaming users to blaming vendors.
“I wishing nosotros could halt patching vulns on default passwords,” said Ullrich, “and exactly shipping hardware dorsum to vendors to fix.”
That vendors guide hold shifted the burden of safety onto terminate users, rather than guide hold on the burden of securing their products themselves, is 1 hurdle facing the future, but the other panelists suggested other lessons learned.
“There’s lots of operate to retrofit safety today,” said Lyne, noting that inward the commercial too personal computing worlds, the mutual do is ship vulnerable too patch later. Perhaps the industrial computing the world could larn that lesson, too patch this wouldn’t hateful a the world alongside no patches, it would hateful that the supposition of immediate patches because the production shipped insecure could locomote challenged.
Buat lebih berguna, kongsi:
