html5-img
1 / 28

Doom and Gloom

Doom and Gloom. Dave Packham. Here we are again. How can we fix this? What's wrong with the human condition? They are still the number 1 issue. Nice Title. Posted on May 28, 2012 at 5:15pm ‘ ONE OF THE MOST COMPLEX THREATS EVER DISCOVERED’: NEW CYBER WEAPON FOUND IN IRAN.

amymartinez
Télécharger la présentation

Doom and Gloom

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Doom and Gloom Dave Packham

  2. Here we are again • How can we fix this? • What's wrong with the human condition? • They are still the number 1 issue

  3. Nice Title • Posted on May 28, 2012 at 5:15pm • ‘ONE OF THE MOST COMPLEX THREATS EVER DISCOVERED’: NEW CYBER WEAPON FOUND IN IRAN

  4. Why should this be scary? • How bad • Is it?

  5. How • In one case, the attackers used a specifically targeted email with a Microsoft Word document. The Word document contained a currently undisclosed 0-day kernel exploit that was able to install Duqu. It is unknown whether the attackers used the same methodology and the same 0-day in all other cases.

  6. Duqu

  7. Keys to your computer • One of the variant’s driver files was signed with a valid digital code signing certificate that expires on August 2, 2012. • The digital code signing certificate was issued to a company headquartered in Taipei, Taiwan and was revoked on October 14, 2011.

  8. Last Month • (Reuters) - Security experts said on Monday a highly sophisticated computer virus is infecting computers in Iran and other Middle East countries • May have been deployed at least five years ago to engage in state-sponsored cyber espionage.

  9. Not that we need to worry • Cyber security experts said the discovery publicly demonstrates what experts privy to classified information have long known: • That nations have been using pieces of malicious computer code as weapons to promote their security interests for several years.

  10. Stuxnet Worm • Stuxnet is a computer worm discovered in June 2010. It initially spreads via Microsoft Windows, and targets Siemens industrial software and equipment. • While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.

  11. Hmmmm • Iran's National Computer Emergency Response Team also said Flame might be linked to recent cyber attacks that officials in Tehran have said were responsible for massive data losses on some Iranian computer systems.

  12. SCADA/Flame hacks destroy stuff like buildings

  13. CHECK NOW. • What happens when Flame or Stuxnet gets out into the hands of the script kiddies…

  14. Siemens S7 hack  • Hack a Siemens S7 computer, gain read-and-write access to the memory, steal data, run commands and shut the computers off. • All this is very bad when you consider these devices are used to control machines in factories, utility networks, power plants, chemical factories and the like -- a major security threat. • Findings so troublesome that data pulled until Siemens could patch the vulnerabilities he exposed. • And the Department of Homeland Security monitored his talk to make sure it didn't reveal too much.

  15. VoIP botnet control  • Botmasters can use VoIP conference calls to communicate with the zombie machines in their botnets, • At Defcon. They released a tool called Moshi Moshi that converts touchtonesinto commands the bots can understand and turns text into speech to capture information on compromised corporate computers and read it into voicemail for the botmaster to pick up later. • The techniques enable botmasters to control their hijacked machines from wireless phones and even payphones (if they can find one). • The botmasters call in to the conference bridge, the zombies connect via the corporate network and data can flow, the researchers showed.

  16. Powerline device takeover • Device customized that can tap into home powerlines to monitor and control home alarm and security camera systems. • Using the device and broadband-over-powerline technology, burglars could plug the device into an electric outlet on the outside of a house and monitor devices inside the home. • They could deduce, for example, that if the alarm system is turned on and security cameras activated then the residents are not at home. • The device can send signals that jam signals from the security devices, leaving burglars free to break in without worry that alarms will be set off, the researchers say.

  17. Hacker drone  • A spy drone made from off-the-shelf electronics was demonstrated at both Black Hat and Defcon • The model plane -- Wireless Aerial Surveillance Platform (WASP) -- was tricked out with electronics that can crack codes and pick off cellphone calls, and an onboard computer that can execute a flight plan designed to have the plane circle above a target while it does its work. • The researchers say that if they can build one, so can just about any country or corporate espionage group that puts its mind to it, so beware.

  18. Car hijack via phone networks  • Subaru Outback car alarm, unlocked the doors and started the vehicle, all using text messages sent over phone links to wireless devices in the vehicle. • The same type of exploit could just as easily knock out power grids and water supplies, • The common thread is that the car alarm and certain devices on critical infrastructure networks are all connected to public phone networks in ways that are fairly simple to compromise, and the prospect is threatening enough that the Department of Homeland Security wanted a briefing beforehand.

  19. Hack faces to find Social Security numbers  • it's possible to acquire a person's Social Security number using nothing more than a photo publicly available in online social-network databases, • face-recognition software and an algorithm for deducing the numbers. • The point is to show that a framework of digital surveillance that can go from a person's image to personal data exists today, • "This, I believe and fear, is the future we are walking into,"

  20. Remotely shut down insulin pumps  • Insulin pumps that diabetics rely on to keep their blood sugar in balance can be shut off remotely,  • Jerome Radcliffe, a diabetic himself, showed how he could pick off wireless signals used to control the pump, corrupt the instructions and send the altered commands to the machine. • He could force the wrong amount of insulin to be pumped or shut the device off altogether, either of which could be fatal in the wrong circumstances. • The problem, he says, is that the devices weren't designed with security in mind.

  21. Embedded Web server menace  • There are embedded Web servers that come in photocopiers, printers and scanners meant to make administering the devices easier, but they lack security, leaving them open to being pilfered for documents recently scanned or copied, • find these Web servers through scripts he wrote to scan huge blocks of IP addresses and recognize telltale Web header fingerprints. • "There's no breaking-in required," Sutton says.

  22. Spreading false router tables  • Black Hat revealed a vulnerability in the router protocol Open Shortest Path First (OSPF) that lets attackers install false route tables on uncompromised routers in an OSPF-based network. • That puts networks using the protocol at risk of attacks that compromise data streams, falsify network topography and create crippling router loops. • The solution? Use another protocol such as RIP or IS-IS or changing OSPF to close the vulnerability

  23. SAP flaw  • A flaw in SAP's NetWeaver software enables hackers to dodge authentication into the ERP system, • The implications of this are that attackers could gain access to data and delete it, he says. • Ablilityto Google hack servers that contained the flaw, • Present on about half the servers they tested. • SAP says it plans to issue a fix for the problem.

More Related