RSMUS.comSimilar to prior years RSM Security and Privacy teams have a heavy presence at Blackhat and DefCon this year. With 20+ people attending the various talks, contests, working groups, and other activities we are able to compare notes and put together some major themes for this year’s conferences. These issues will impact many of our clients across various industries, and almost all individuals in regards to their personal data and physical safety. Autos: This area of research has been highly publicized over the last two weeks due to the revelation of major attacks against variety of auto vendors. Hackers were able to take control over various models including being able to start, stop, and shutdown several vehicles. This year the “car hacking village” at DefCon is enormous, covering at least several hundred square feet. Attendees are provided access to a variety of pre-staged testing systems that they can use to attempt to execute the attacks themselves or discover new vulnerabilities of their own. As autos become more and more like rolling data centers this type of research will only become more popular. 
Resurgence of Honeypots: Honeypots have been around for close to 3 decades, but while attractive in concept they often failed in execution. Honeypots are purposefully vulnerable systems placed on a network with the intention of luring attackers. Since the systems are not “real” valid users should never have any reason to touch them, meaning that if a user does interact with the system it is highly likely that it is a malicious internal user or attacker. For those used to “chatty” IDS systems honeypots are often hard to justify because they may only fire off alerts once in a blue moon, but when they do alert it is almost guaranteed to be a critical issue. (e.g. an attacker moving laterally through the environment) They fell out of favor in the early 2000’s due to difficulty installing and maintaining, but new developments have lead to new rapid methods of installation and updating. Add in almost plug and play connection into existing monitoring technologies such as SIEMs and honeypots may be coming back into favor in a big way. Windows getting better: Windows is the traditional security punching bag, often viewed as the most vulnerable operating system family. Microsoft appears to have taken this to heart with a multitude of defenses being presented for traditional attack methods such as Pass-the-Hash and token nabbing. In addition, Windows 10 sports a variety of methods meant to prevent attackers from accessing credentials and sensitive areas of the operating systems. Windows getting worse: While Microsoft has taken up the challenge of addressing many traditional attacks, hackers being hackers leads to the natural pivot to other methods. A variety of methods were shown utilizing built-in Windows components such as Powershell and WMI that provide attackers an immense amount of power in compromising networks with methods that leave little or no forensic evidence. Two steps forward, one step back for Microsoft. Macs are no longer sacrosanct: Sorry Mac elitists. RSM has often stated the belief that Mac’s perceived security advantage over Microsoft was more about economics than any pure technical advantage. Over the last decade Windows still owned a huge percentage of corporate environments, and hackers “followed the money” and spent far more of their time researching the more popular corporate OS. Why spend your time coming up with new hacks for a Mac OS that had 2% of the target environment? However, as Mac usage has surged over the last few years the interest of attackers followed. The conferences this year demonstrated a wide variety of promising new methods for researchers to dig deeper into the Mac and iOS operating systems, and proof of concept attacks were released for Mac firmware. The clock is ticking on the viewpoint that Macs are “perfectly secure”. IoT: The Internet of Things is still a new and growing concept but hackers are already exploring it for their amusement. A variety of network devices (cameras, refrigerators, robots, etc.) were shown to be victims at the conferences, with the headliner being the take-over of a smart sniper rifle. We are starting to cross into the age where hacks in “cyber space” will have direct, often spectacular, impacts within physical space. Mobile devices: The explosion in the use of mobile devices has naturally lead to a corresponding surge in mobile security research and hacking. Android and iOS hacking methods and tools were keystone subjects for both conferences, but the clear headliner was the StageFright hack which showed how almost any Android device could be compromised simply by sending an image to a victim over text messaging, emails, or URLs. Google has already produced a fix but phone vendors have been slow to deploy it. Needless to say most conference attendees put their droids in airplane mode after seeing the presentation. Read McGladrey’s article ‘Five reasons to re-evaluate your mobile security policy’ to learn of common challenges when developing a mobile strategy and how to execute a comprehensive policy.
