The days of stolen data being dumped all at once after a breach may have reached their twilight, Ed Skoudis, SANS instructor and founder of Counter Hack, said during a rapid-fire session at RSA Conference 2015 in San Francisco that examined six dangerous attack techniques.
Kicking off the discussion with a look at data breaches, Skoudis explained that, instead, attackers have begun trickling out information a little bit at a time.
Pointing to the recent Sony breach, he indicated that organizations could have a tougher time dealing with that method of exposing data. He explained that organizations could have trouble determining the magnitude of an incident, and said that these types of scenarios should be added to incident response.
Skoudis next turned to Microsoft Kerberos - which he said is used for authentication in large enterprise environments - and discussed a variety of attacks, including Pass-the-Ticket attack, the Golden Ticket attack, and the Silver Ticket attack.
“[Kerberos] has been a concern for a long time, but finally this year there has been a lot of tools to attack it,” Skoudis said.
Skoudis closed his portion of the session by discussing exploitation of the Internet of Things, notably focusing on the proliferation of small and cheap devices such as locks, light dimmers, thermostats - and toys.
By hacking a talking doll, for example, an attacker could possibly make the toy swear, Skoudis said; however, he added that certain attacks could lead to heat generating, which could possibly lead to physical harm. Furthermore, attackers nowadays can leave cheap, malicious devices lying around and hope someone plugs them in - part of what Skoudis referred to as “disposable hacking technology.”
Johannes Ullrich, CTO and Dean of Research at the Internet Storm Center, stepped in next to discuss encryption. He said that encryption is not dead, but that it should not be “the only thing you should rely on when trying to protect information.”
One of the biggest encryption-related issues in recent years is ransomware, Ullrich indicated, explaining that attackers have found a way to extort users out of millions of dollars by simply locking up their data and charging a fee to unlock the files.
“At this point, crypto ransomware is much more of a consumer problem,” Ullrich said, explaining that enterprises should already be using backups that can be used to restore affected data.
After Ullrich finished up a quick discussion on the future of distributed denial-of-service (DDoS) attacks - in which he cited recent incidents reportedly involving the so-called Great Firewall of China - Michael Assante, director of the SANS Institute, came forward to discuss threats targeting industrial control systems (ICS).
Assante pointed to a recent incident involving a German steel mill as a fairly significant new development in attacking ICS. He said that specific details have not been made available, but that attackers - said to have good knowledge of the systems - were able to cause physical damage to a blast furnace.
Assante said that spear phishing emails, watering hole attacks and trojanized ICS files are methods used to target ICS. He added that education and good cyber security hygiene, active defense and response, and cyber informed engineering are ways to defend against ICS threats.