Mis-Attribuiton
The industrial processes used to build Stuxnet and other
malware provides unique fingerprints for malware analysis investigators to
categorize it. Coding styles down to machine level language can indicate a
specific threat actor. A nation-state backed cybercriminal that doesn't want to
get noticed may place phony clues in malware to shake off investigators,
Skoudis said. The catastrophic attack on Saudi Aramco via Shamoon infections on
that company's workstations had some technical information that made
investigators think it clearly wasn't the work of a nation-state. But,
researchers at Kaspersky Lab provided evidence linking some specific
characteristics to the Flame malware, an cyberespionage attack toolkit.
Computer Attacks Resulting In Kinetic Impact
Historically we have worked to protect PII and PHI, bank
records and trade secrets, but companies haven't had a good track record,
Skoudis said. But, attackers are now targeting physical infrastructure such as
industrial control systems and SCADA systems.
"Some of it is just mischief, but it could be a
harbinger of much bigger things to come," Skoudis said. "We are
rapidly moving into the area where cyberattacks cause kinetic impact."
Smaller systems are now at risk, such as automobiles, water
distribution systems and traffic light control systems, which have buffer
overflows, SQL injection flaws and other coding problems that can be exploited,
he said. Attackers can infiltrate the devices and gain command and control of
the infrastructure.
Hacking into computers is considered a crime and can put an
offender behind bars. But what if a computer hacks another computer?
The Defense Advanced Research Projects Agency (DARPA) just
released details of a contest where seven teams from the academe and industry
will pit high-powered computers against one another at the annual DEF CON
hacking conference in Las Vegas, the MIT Technology Review reports .
The agency will provide 1,000 processor cored computers each
with 16-terabyte memory. Participants will then develop their own software that
will compete with the other computers without any human intervention.
The winning team will receive $2 million and be invited to
compete against other hackers in DEF CON’s annually held capture-the-flag
contest.
SANS experts lay out the up-and-coming trends in attack
patterns at RSA Conference.
SAN FRANCISCO, WEDNESDAY, APR. 22 -- Experts with the SANS Institute convened
at RSA Conference for their annual threats panel, this time dishing on the six
most dangerous new attack techniques. Led by SANS Director John Pescatore, the
panel featured Ed Skoudis, SANS faculty fellow and CEO of CounterHack
Challenges, Johannes Ullrich, dean of research for SANS, and Michael Assante,
SANS project lead for Industrial Control System (ICS) and Supervisory Control
and Data Acquisition (SCADA) security. Each offered up thoughts on how they've
seen threats evolving and which techniques they expect to gain steam over the
next year.
Attackers Will Expose Breached Data Dumps In
Dribbles
According to Skoudis, more organizations will need to face
the prospect of attackers not only getting savvy in how they steal information,
but also in how they disseminate it, particularly if they're looking to
publicly humiliate their targets.
"I'm talking, of course, about the Sony situation. Instead of just doing the big data dump, they
put a little bit out there," Skoudis said. "The reason this is more
damaging is the organization doesn’t really know how to respond. What is the magnitude of this whole thing?
Also, the organization’s response, by the time you get to day three or four of
the disclosures, makes what they said on day one look silly. So there’s more damage and it amplifies it for
the target organization. It’s like
you’re boxing with ghosts."
He recommends that organizations start including these
scenarios in their tabletop exercises for breach response.
Microsoft Kerberos Is Getting Spanked
As Pass the Hash attacks grew mainstream back in 2011 or so,
Skoudis explained that he and other experts always prefaced their talks about
the techniques with the aside that these attacks weren't there yet on Microsoft
Kereberos. That's no longer the case.
"So what’s happening? We have the pass the ticket
attack. That’s where a bad guy hacks
into a machine in your environment—maybe it’s a client machine, maybe it's a
server machine-- and they harvest the Kerberos tickets for the user that’s
authenticated on that machine," he says, explaining the attacker is able
to use those tickets for up to 10 hours. "You can do a lot of damage in 10
hours."
Real-World Exploits of Internet of Things Will
Multiply
The more the workforce moves beyond bring your own device
with phones and tablets and further into bring your own anything, be it
printers or wireless routers, the more that Internet of Things vulnerabilities
will intrude into the enterprise, Skoudis warned. This gets amplified as
embedded hardware in all nature of devices becomes so cheap.
"With all these different things coming into the
environment, if you don’t know it’s there, you can’t defend it," he said.
And, unfortunately, these devices are frequently vulnerable
to very old attacks and methods that were taken care of in traditional devices
years ago. But these common vulnerabilities will start causing new and
unexpected consequences in IoT devices.
For example, one device Skoudis and his team looked into was
actually irrevocably broken following a simple cross-site scripting attack.
"You could
launch a cross side scripting attack against the darn thing and it would break
the device," he said. "Look, I’ve seen a lot of scripting in my day,
I'm sure maybe you have as well, I’ve never seen one that would break a
device. It was crazy."
Post a Comment