NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Malware, Democracy and ICS at Risk – And Other Thoughts Following Blackhat and Defcon 2017 Conferences

August 8, 2017

  • Blog
  • Archive

Every year in late July or early August, a legion of hackers, crackers, makers, and feds, swarm into the dry heat and bright lights of Las Vegas on a mission to be part of the info sec scene at the Blackhat and Defcon conferences. Some may play a large part and others much smaller, but it’s clear that everyone who goes is part of a special community.  That community is special not only because of the incredibly diverse and intelligent membership, but also because it is currently engaged in something akin to a cold war that most folks have no idea is being waged. More on that later, so go get your tinfoil for hats while we wait.


Also ever year, about two weeks after the last $12 beer has been drunk and the last hand has been doubled down on, folks who were lucky enough to go to this party on a company sponsorship fire up their Macbooks and pen a blog highlighting their experiences of that year. Some articles are great, others (dare I rhyme) are click bait; but overall, they are useful summaries of what happened during that week. No substitute for being there, but you can get a good run down of what went on.

Since I fall into the category of mid-August authors, I’ll say this year was a special year for both conferences. It was 25 years and 20 years ago that Jeff Moss (aka @thedarktangent), launched the first DefCon and BlackHat conferences respectively.  It was special for me personally as this was the first year I got to spend time with the dark agent himself. Now to be fair, I did accost him in the foyer of a men’s room where he had escaped to do some email, and managed to chat him up for about 15 minutes. Obviously no shame in my game, but if you want to hear that story, make sure you come out to some of the events where we are presenting The Six Steps to Secure Access.

As for trends and take-aways from ‘hacker camp’, three areas stood out to me as common themes from both events:

1) Malware, Malware, Malware

It felt to me like malware was getting the attention that it needs at both conferences this year. You might say that was clearly bolstered by WannaCry and Peyta, but the speaker submissions were due long before those attacks hit – so we can chalk it up as a good coincidence. The clear take away for IT Operations teams is to keep systems patched and focus on the fundamentals of security. What was also clear, is there isn’t enough attention on the remote access pathways that exist in our organizations that make remotely accessing a system that has been popped all the easier. Self-serving yes, but I would like to see these topics discussed in concert.

I’d be remiss if I didn’t mention the post conference shocker that involved the hero of WannaCry, Marcus Hutchins (aka @malwaretech), being arrested after being indicted by a grand jury for the creation and sale of the Kronos Malware. As of this writing, he has pleaded not guilty and the security community has rallied to his defense both on line and physically by raising money for his bail. We are all standing by to see how this one plays out.

2) Democracy at Risk

Remember that tin foil hat mention earlier? Here is the part where you might consider folding one up for yourself. This year DefCon spawned a new village thanks to voting machine hacking being a hot topic after the presidential election. The Voting Machine Village had more than 30 Voting machines purchased mostly on eBay and ready to be hacked on. It only took about 90 minutes for the first group to find and exploit vulnerabilities in five different machines. We saw some early tweets with pictures from the help/about on one of the units showing the versions of open source software it was leveraging. Of course, these voting machines were using old versions of that software with known vulnerabilities, that have since (mostly) been patched.  It didn’t take much from there to compromise a machine. Many experts at the event complained that the average desktop in today’s modern enterprise has light years more security than these voting machines. The scary thing, according to event co-coordinator and University of Pennsylvania professor Matt Blaze, is "only one of these models has been decommissioned. The rest are in use around the country." Now the good news is, all of these attacks required physical access so all is not lost (yet) - but we should demand real info sec around these systems while we have some breathing room.

3) Industrial Control System (ICS) Wake Up Call

This is the part where you put on the tin foil hat you just made. To be fair, ICS researcher and CEO of Dragos, Rob Lee, cautioned that we need to be careful fanning the 'sky is falling' flames.However, I don’t think anyone would question that we need serious focus on these systems. After all, ICS are used in all of our critical infrastructure like power, water, oil & gas, and manufacturing; and these systems are coming more frequently under attack. As proof, Dragos and eSIT shared their research at Blackhat on the first ever malware framework designed and deployed to attack electric grids called both CRASHOVERIDE and Industroyer. There is some good news here. This malware is not mature enough to function at the real scale it would need to take out New York or cause us to lose Texas if the target was the power grid. However, it is a huge start for the Advanced Persistent Threats (APT) that are likely behind the development and deployment, and we should continue to voice concerns until we see governments publicly and globally embrace their roles in cyber warfare and espionage before those APTs can begin to work at scale.

If you want to learn more about what goes on at these events, I’d start by grabbing the media that Defcon.org makes available. It generally takes a bit of time for the talks to upload post conference, but they put a ton of the content out there for those that may have missed a talk or want to experience 2017 over again. My personal recommendation would be to watch the DefCon talk that Chess Master Gary Kasparov gave on AI and its potential to separate us from our jobs and maybe our humanity. He blew hacker minds when he expressed that no matter the sophistication of AI, AI and humans can live together because Humans make up that last decimal - and that last decimal is what makes the difference. 

Photograph of Sam Elliott

Sam Elliott, SVP, Products, Applications, PPM

At Bomgar, Sam is responsible for the product management group that is driving product strategy for Bomgar’s security products. He has more than a decade of information security, ITSM, and IT operations management experience. He also is a seasoned expert in the areas of cyber-security, data center discovery, systems configuration management, and ITSM. Sam has a Bachelor of Science from Florida State University and is certified in ITIL v3 and Pragmatic Marketing. He resides in Atlanta, GA with his family and can be found on twitter @samelliott.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.