Expect plenty of talk about the ongoing ransomware scourge and threats against the Internet of Things (IoT) during RSA Conference 2017, which begins a week from today at the Moscone Center in San Francisco.
The conference will include 15 keynotes, including talks by RSA CTO Zulfikar Ramzan, Microsoft president Brad Smith, and Alphabet CEO Eric Schmidt. The popular cryptographers’ panel will feature Whitfield Diffie (of Diffie-Hellman-Merkle), Ronald Rivest and Adi Shamir (the R and S in RSA encryption), and Susan Landau (creator of Landau’s Algorithm). Paul Kocher, who figured out timing attacks against various RSA and DHM implementations, will moderate the panel.
Sophos global head of security research James Lyne will speak on both ransomware and IoT in a talk called Reversing the Year: Let’s Hack IoT, Ransomware and Evasive Payloads. He said he’ll “deconstruct funny ransomware fails/wins, bypass security controls and more”. The talk, scheduled for Feb. 16 from 1:30-2:15 p.m. at the Marriott Marquis, will include a security assessment of a couple IoT devices. “We’ll find bugs and exploit them to gain an insight into the common industry faults,” Lyne said. “Expect debugging, reversing and practical tips.”
Lyne will also give a talk called Demystifying Debugging and Disassembling Applications. He’ll give that talk twice: first on February 14 from 2:30-3:15pm at Moscone South room 308, and then again on February 15, 1:30- 2:15pm at Moscone West room 2001.
Mark Loman, director of engineering for next-generation tech at Sophos, will give a talk called How Nation-States and Criminal Syndicates Use Exploits to Bypass Security, which will delve into how nation-state attackers meticulously craft their attack code to evade the most advanced security products.
Attendees will also be able to visit Sophos in booth 3201 in the North Expo Hall. We’ll give demos of Intercept X, our newly released anti-exploit, anti-ransomware and anti-hacker technology. We’ll also give out free passes so those who don’t have a conference pass can come see our experts at the stand.
Emphasizing the severity of ransomware and how pervasive it continues to be, RSA will hold an all-day seminar focused exclusively on the topic. The RSA Conference website describes the event:
Explosive growth demands focused understanding, so we’ve developed this new seminar to give attendees a full day all about ransomware, and its multifaceted implications across technical, policy, compliance and financial response. Sessions will discuss innovative research, present case studies on response and recovery to ransomware, explore combatting ransomware and debate if—and when—you should pay the ransom.
The event will take place in Moscone West room 2014.
Ransomware has been a heavy focus for Naked Security and Sophos as a whole. Notable attacks we’ve covered include Texas police losing eight years of digital evidence after refusing to pay ransom in a December attack, and Los Angeles Valley College (LAVC) paying $28,000 (£22,500) in Bitcoins to extortionists after ransomware encrypted hundreds of thousands of files held on its servers.
To combat the problem, we continue to offer the following resources:
- To defend against ransomware in general, see our article How to stay protected against ransomware.
- To protect against misleading filenames, tell Explorer to show file extensions.
- To protect against VBA malware, tell Office not to allow macros in documents from the internet.
- To learn more about ransomware, listen to our Techknow podcast.
IoT threats have been discussed at RSA conference for years now, but in largely theoretical terms. This past year, the theoretical turned into reality when Mirai malware was used to hijack internet-facing webcams and other devices into massive botnets that were then used to launch a coordinated assault against Dyn, one of several companies hosting the the Domain Name System (DNS). That attack crippled such major sites as Twitter, Paypal, Netflix and Reddit.
For 2017, Sophos predicts a rise in threats against devices that are part of the IoT. Lyne recently discussed the threat in a recent interview that aired on CNBC’s On the Money. “The sharks have smelled the blood in the water and they’re now circling to use your IoT device for further attacks,” he said at the time.
In addition to Lyne’s talk, security luminary Bruce Schneier will give two presentations about regulating IoT devices. “Licenses, certifications, approvals and liabilities are all coming,” he said in one of his session descriptions. “We need to think about smart regulations now, before a disaster, or stupid regulations will be foisted on us.”
3 comments on “RSA Conference 2017: expect to hear a lot about IoT threats, ransomware”
Ransomware is a pervasive evil, but there’s not much that can be done about it. “Safe computing” habits help, but in the end, only a solid backup plan can rescue a computer.
So, how do we get the message out to the masses? We in IT know how to do backups (usually). But, the average person doesn’t even know what a backup is, let alone how to do them reliably.
Somehow, the security industry needs to package a set of simple instructions and specifications, such that normal (non-IT) people can implement backups, safely and reliably. We need to tell them, “don’t leave your backup device connected 24/7”, store the backup media offsite, etc.
Then, vendors need to create products that meet the specs. Two external disks (larger than the whole system needs itself), a backup program, and specific instructions to make it work, all in one box. And, it must work flawlessly nearly all the time.
Oh, and no IoT devices included. 🙂
I think that was part of the thinking when Apple, Microsoft, Google, et al. starting forming their cloud solutions. “Let’s get as many people as possible to use our cloud services by default.” Not just because they can in some ways profit off of analytics or ads, but because users will find having access to their stuff in more places useful. And of course the side effect to data redundancy is less susceptibility to ransomware or other faults that would otherwise result in data loss.
I wonder, though: Isn’t the cloud just as vulnerable to ransomware as any other storage medium?