Incident Response, Malware, TDR

RSA 2014: Experts discuss the most dangerous new attack techniques

Our reliance on rapidly advancing computer technologies in an increasingly interconnected world is enabling some dangerous new attacks.

Those techniques were discussed by Ed Skoudis, SANS instructor and Counter Hack founder, Johannes Ullrich, CTO and dean of research with Internet Storm Center, and Mike Assante, SANS Institute director, at a packed RSA Conference 2014 session on Tuesday.

“Bad guys are using wireless as their attack platform,” Skoudis said. 

He explained that being untethered gives attackers more flexibility, portability and safety in their crimes – particularly because they do not have to retrieve physical devices, such as skimmers. Skoudis pointed to retailers and hotels as recent victims of these kinds of remote attacks. 

Skoudis, who added that mobile devices are also being targeted by attackers, said the best defense against wireless attacks is turning the devices off. He added that designers of such devices should carefully consider replay attack vectors and should not rely on the obscurity of their hardware as a defense.

“Hardware is not that hard to reverse-engineer,” Skoudis said.

Air gaps – a type of security essentially designed to ensure that secured and unsecured computer networks remain isolated from each other – are dying, Skoudis said. He explained that USB devices can carry malware across air gaps and added that organizations that rely solely on air gaps will be “pwned.”

Speaking on hacking the Internet of Things – our world increasingly controlled by computers – Skoudis said attackers are reverse engineering underlying embedded systems in order to gain understanding and control.

He pointed to recent compromises of planes, trains and automobiles as examples, and added that power grids, health care environments, medical devices and weapons systems are other big areas of concern. Skoudis said best defenses include constant patches and strong patch and testing strategies, as well as engagement of the hacker community. 

Ullrich kicked off his portion by discussing the dangers of using Bitcoin, particularly relating to theft. He said that a private keys can be stolen by malware and used to transfer bitcoins to other users, and that bitcoin mining malware – often installed as an “add on” to other software – can go unnoticed for a long time.

Shifting to point-of-sale (POS) malware, Ullrich said that these malicious programs – Dexter is one example – infect Windows-based systems and exfiltrate data in real-time. Some of the best defenses against POS malware include tough passwords, firewalls and constant patching, he said.

With regard to socially engineered webmail account takeovers that could ultimately result in attackers receiving payments, Ullrich said that strong two-factor authentication and user awareness are just some of the best defenses.

“This is so simple, I'm surprised [these attacks don't] happen more often,” Ullrich said, explaining there is “very little that can be done against this” because it does not require malware to be installed and is difficult to detect.

Speaking exclusively on compromise of industrial control systems, Assante explained how attackers use research and social engineering, and even keyloggers, to take over workstations and steal credentials.

The end result could be that the attackers gain direct access to supervisory control and data acquisition (SCADA), a large-scale industrial control system spanning multiple sites, as well as can control perimeter enforcement settings. 

Best defenses include network segmentation, employee education, and alerts for abnormal user authentication, Assante said, adding that the amount of available information makes these attacks quite easy to pull off.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.