Tales from Black Hat 2014: Beating the Monsters Under the Cyber-Bed

The key take-away from Black Hat, according to a Business Spectator article written by Ty Miller, founder and CEO of Threat Intelligence, is that “the times, they are a-changin’.” This translates to: “Most enterprises need to overhaul their security strategies, products and processes not just to adapt to the increasingly malicious and sophisticated Internet environment, but to survive,” the article tells us.

Some other things to think about are the frightening things hackers can actually hack into, thanks to a round-up by PC Magazine. The Internet of Things repeatedly came up at Black Hat, and many of these devices are incredibly easy to access. One team hacked a Nest smart thermostat in 15 seconds – yes, 15 seconds. Ruben Santamarta of IOActive demonstrated another hack that is certainly one for concern. PC Magazine says he hacked a nautical distress beacon to display a video slot machine instead of an SOS, and Santamarta said he could similarly hack airplanes using in-flight Wi-Fi. Another demonstration dealt with credit cards, and it wasn’t very comforting. There is the ability to load a card with a Trojan virus that harvests PINs onto the card reader – all with just a swipe of the malicious card. A second card then copies the file containing the harvested information, according to PC Magazine, and could even delete the Trojan so the retailer might never know there was a breach.

Jon Oltsik shares his final impressions of Black Hat in a www.networkworld.com article.

Oltsik writes: “I left Black Hat with even more cybersecurity concern. I’m in the middle of this world all the time so I hear lots more about the bad guys’ Tactics, Techniques and Practices (TTPs) than most people do. Even so, I spent the week hearing additional scary stories. For example, Blue Coat labs reported on 660 million hosts with a 24-hour lifespan it calls “one-day wonders.” As you can imagine, many of these hosts are malicious and their rapid lifespan files under the radar of signature-based security tools and threat intelligence. I also learned more about the “Operation Emmantel,” (i.e. from Trend Micro) that changes DNS settings and installs SSL certificates on clients, intercepts legitimate One-time passwords (OTPs) and steals lots of money from online banking customers. Black Hat chatter served as further evidence that our cyber-adversaries are not only highly-skilled, but way more organized than most people think.”

As cyber criminals get smarter and more daring, as the Internet of Things grows and more devices become vulnerable to attacks, companies have to step up their game. The Business Spectator article by Miller tells us, “Organizations will need to plan not only for today’s known challenges but also for what comes next.”

As a final reminder, Miller writes: “Faced with such a ‘dynamic’ time for hackers and cyber criminals it will be incumbent upon enterprises to overhaul their approach to security if they are to adequately defend themselves from potential attack. Identifying threats before they occur becomes imperative and the intelligent application and rigorous distillation of big data is a critical part of this. Organizations that fail to recognize this do so at their peril; the times are certainly changing and so must security strategies.”


For PC Magazine’s round-up of hacks from Black Hat 2014, click here: http://www.pcmag.com/slideshow/story/326355/10-scariest-hack-attacks-from-black-hat-2014/1

For the Business Spectator article, click here: http://www.businessspectator.com.au/article/2014/8/18/technology/how-beat-new-cybersecurity-megamonsters

For more of Jon Oltsik’s impressions of Black Hat, click here: http://www.networkworld.com/article/2462116/cisco-subnet/my-final-impressions-of-black-hat-2014.html