Well here we are, all settled back into our normal lives after a week of excitement and fun at the industry’s annual hacker getaway known to the world as Black Hat / DEF CON. As expected, this year’s event included technologies from the completely weird to the cutting edge in the various ways to exploit everything from wireless networks to smart cars. The old moniker of “What happens in Vegas DEF CON, stays in the storage array of any number of entities for the rest of humanity’s existence” truly rang throughout. We obviously focused our attendance on talks around Network Security, and this year was a veritable smorgasbord of valuable insight into the latest trends in our field. It was a tough task to undertake, but here are my top five highlights from the week.
1. Our Files May Be Spying on Us
The Crowley and Smith duo gave an interesting talk about “features” in file formats that allow for embedded content to be hosted on external sources. Once the file is opened, these items, like an SVG graphic in a PDF, call out to another server to retrieve data, thus enabling things like NTLM proxy attacks to occur. The scary part is that this all occurs via things like simple distribution of a file or even a calendar invite and thus are not affected by perimeter controls or even visible to most enterprises. Also, this is not a bug and as such will not be fixed. Organizations need to ensure that they always have proper policies in place to mitigate such communications (e.g. NTLM should only be allowed to go to a data center within your network). For more details on this topic, see their slides here.
2. Honeypots - The Winnie the Pooh of Network Defenders
Honeypots also had a big presence this year and the folks from Thinkst gave an informative talk about their version of the Open Canary project. Thinkst believes this technology is crucial for both external threat research and internal threat protection. These types of innovations make it possible for future architectures to provide new defense tactics, like infinite attack surfaces and next-generation methods for tricking attackers using honeypot detection capabilities.
3. Boosting Network Defense
In our vArmour world of data center security, we recognize that the systems that most networks are built upon are often the attack vectors attackers used to exploit their networks. This was the focus of Sean Metcalf’s talk on the defense of Active Directory. His session was filled with information on popular hacker tools, like Mimikatz for Windows security, as well as best practices for network infrastructure security that are often ignored. Metcalf also called out the glaring gap that remains in east-west visibility and security - the lack of Layer 7 analytics and controls that exist as well as the pitfalls of relying on host-based security solutions alone. For more details, see his slides here.
4. Visual File Exfiltration
The highlight of the conference came from a talk by Ian Latter where he described his TGxF protocol that allowed him to transfer data via QR codes and devices that are able to capture video. His talk started with the ominous statement “I have to warn you, I don’t believe what I am about to show you has a solution,” which typically is just marketing speak, but this one absolutely delivered. His demonstration showed a laptop, without any connection to the internet, utilizing its webcam over USB to create a Network Connection to a second laptop via its webcam and then facilitating communication over his protocol. He then used this webcam-to-computer interaction to negotiate a connection to a third computer and manipulate it, which immediately sent the audience into an uproar of excitement. To top it all off, Ian delivered his whitepaper explaining this new “threat” tactic to some of his critics via a YouTube video made of QR codes. You can see his slides here.
5. Our Castle
And finally, if you’re worried about the thousands of clever hackers who could be stealing your data out on the Vegas strip, why not rent a mansion out of public WiFi distance for you and some of your closest friends instead?
My team and I are already counting down the days until next year to see how things continue to evolve between both Red and Blue teams. Overall, what we already see every day from the never-ending media coverage of data breaches remained clear at Black Hat and DEF CON - the attackers are ahead. It’s time for enterprises to evaluate and start deploying new security architectures to close this gap and keep them safe from future cyber-warfare.
Learn how distributed systems can provide a new architecture for data center security in our technical whitepaper - download now.