So these are my Cybersecurity focused thoughts on RSA conference ending today(02/17/17):
Top 7 new attack vectors (from SANS team youtube):
- IoT as attack platform
- Ransomware on IoT
- ICS attacks more sophisticated
- random number generators cause problems for Bitcoins and elsewhere -- Impact of random numbers on WPA2 - if not random then can be guessed
- Insecure software components (Private Master Key Input)
- Service integrity (including cloud)
The Ransomware as IoT deserves special scrutiny:
With the following questions -
- What would you pay to turn your lights back on? your heat? your car?
- What would you pay to get your factory running again?
Factory running again is also in the ICS(Industrial Control Services) attacks area -
If somehow the ICS devices such as PLC controlling the factory floor are hijacked?
German Steel Mill destruction in Wired story where a German steel mill had "failures in control systems that did not allow a blast furnace to shut down in a controlled manner which resulted in massive damage".
Here is a picture of an Eagle PLC:
There is no confirmation of the type of equipment in the German company with the problem, the above picture is only to illustrate what a typical PLC (Programmable Logic Controller) looks like. The PLC is programmed to perform tasks such as open and close a circuit within certain conditions. So whatever was controlling a PLC in Germany blast furnace was disabled or otherwise controlled when the furnace was given a shutdown command by the operator. A DOS (Denial Of Service) Attack could have also caused this at the right time.
As a note to this post portion about SANS video, there were 2 guys on there well known in the CyberSecurity field Dr. Ullrich (of Internet Storm Center) and Ed Skoudis on staff at Sans.edu (and has been in the community for years. Ed had the first 3 points of top7 new attack vectors, the bottom 2 were Dr. Ullrich, and Michael Assante had the middle 2 (4&5) as he is the ICS specialist.
Now I want to move to the 2nd of the important videos (I'm still watching the multiple videos available from RSAC2017.
This one is from a top NGFW(Next Generation FireWall) company CEO Mark McLaughlin of Palo Alto.
It is no surprise from a firewall vendor to try to explain how their product is better than others, but there was a "new" theme in this talk by Mark McLaughlin, the theme of sharing collaboratively with other vendors and potentially allowing their clients to share some data to make us all more safe.
The same themes were there (since they did not go away)
- 80% of board of Directors were concerned or very concerned
- 72% of CEO's are not feeling fully prepared for a cyber attack.
The new model (i.e. this is what 2017 will bring) is to include
- More innovation
- More sharing
- More automation
- More software
- More ease of deployments
- More flexibility of usage.
This is not a surprise we must improve or we will fall, so moving ahead the main theme that I got out of the videos watched: Ransomware and new ways ransomware will attack us is coming soon. As well as collaboration by the security vendors, although I suspect this will take time.
Contact Us to discuss