One of the common themes discussed this year was ransomware (a term which typically refers to malicious software that holds a user’s computer or files hostage, often encrypting documents so they cannot be opened, and demands a ransom be paid before returning access to the user—if they’re lucky). Ransomware was a focus due to the increasingly common occurrence of major ransomware attacks in 2016 and early 2017.
Other hot topics at RSAC 2017 included the lack of security of many “Internet of Things” (IoT) devices (more on that below), as well as how artificial intelligence (AI) and machine learning technologies could potentially benefit the information security space (and a pinch of concern about the potential dangers; who can forget the Terminator movie series and many other science fiction examples of AI going rogue and fighting against humanity?).
Over the past four weeks, RSAC has posted videos of keynotes, short “RSAC TV” interviews, and a handful of speaker sessions on the conference’s official YouTube channel.
Many of the speakers from the sessions I attended gave me permission to record the audio from their sessions. RSAC and individual speakers have also published slides from several sessions and keynotes.
Following is a brief selection of RSAC official videos and my authorized audio recordings that may be of particular interest to our readers. I’ve also included a brief synopsis and official descriptions of the sessions or keynotes, and links to download the slides if they’ve been made available.
Brief synopsis: Patrick Wardle gives an excellent overview of the Mac malware of 2016.
Official description: “Say hello to KeRanger, Eleanor, Keydnap and more! 2016 was a busy year for Mac malware authors who released a variety of new macOS malware creations. The talk will provide a technical overview of this malware, by discussing their infection vectors, persistence mechanisms and features. The talk will conclude by discussing various generic detections and best security practices to secure Macs.”
Brief synopsis: Amit Serper walks through an analysis of Pirrit, malicious Mac adware from last year.
Official description: “Adware isn’t taken seriously, especially threats targeting Macs. But OSX Pirrit, which can obtain root access and has components found in malware, shows that adware can become a huge security issue. Amit Serper will explain how OSX Pirrit works, why security professionals may want to rethink how commodity threats are handled and why Macs aren’t as secure as people think.”
Brief synopsis: Troy Hunt talks about some interesting things he has learned while operating his popular haveibeenpwned.com site.
Official description: “What motivates attackers to dump data publicly? How is it sold, traded and redistributed? These are questions the presenter dealt with while running the ethical data breach search service ‘Have I been pwned.’ This talk will share the lessons from working with more than a billion publicly dumped records and provide a unique inside look at security from a very real-world and very actionable perspective.”
Brief synopsis: Robert Graham shares his personal experience with buying an Internet-connected security camera and allowing it to get infected by Mirai so he could analyze it.
Official description: “This presentation will examine the Mirai botnet, technical details on how it operates and the technical details about the cameras it infects. It will also discuss other IoT botnet issues, such as an ‘IoT threat model,’ and how such devices will be infected in the future.”
Brief synopsis: James Lyne shares some fun things about IoT devices’ terrible security, shows ransomware in action, and reveals a Dark Web site that takes you step by step through customizing and distributing ransomware.
Official description: “Join @jameslyne for a talk with few slides and more demos than are sensible or reasonable. We will hack IoT devices, deconstruct funny ransomware fails/wins, bypass security controls and more!”
Brief synopsis: Bikash Barai explains the psychology behind habits, explaining how one can train oneself to replace bad habits (for example, not paying close attention to URLs and getting phished) with good habits.
Official description: “Forty percent of our daily activities are automated routines or habits which are not under conscious control. Learn how to use gamification beyond awareness program in the context of the science of habits.”
Brief synopsis: Charles Henderson talks about how he can still remotely control functionality of a car he owned years ago, and how the car manufacturer and dealer aren’t doing much about it.
Official description: “In the mad rush to sling electronics into the hands of consumers, developers and manufacturers are making it easier than ever to get enrolled into their IoT ecosystems. The time from sale to access is shorter than ever. The question is: Where do we go from there? This talk will analyze responsibly disclosed vulnerabilities in the next steps of identity management and access control in IoT.”
Brief synopsis: Brian Bartholomew and Juan Andrés Guerrero-Saade explain the challenges of attempting to attribute an attack or malware to a particular country of origin or government sponsorship.
Official description: “False flags are planted by threat actors to derail attribution—do they succeed? This talk will present real-world examples from unpublished research to answer this question and more.”
Brief synopsis: Charles Carmakal and Robert Wallace shared some things that IT administrators and small business owners can learn from recent destructive attacks regarding how to protect their systems.
Official description: “Learn how Mandiant has responded to incidents where attackers destroyed critical business systems, leaked confidential data, held companies for ransom and taunted executives.”
Brief synopsis: Panel discussion featuring Drs. Ron Rivest and Adi Shamir (the R and S of the RSA crypto graphic algorithm), Whitfield Diffie (co-inventor of public key cryptography), and Susan Landau (a professor with expertise in security, privacy, and policy).
Official description: “Join the founders and leaders of the field for an engaging discussion about the latest advances and revelations in cryptography, including research areas to watch in 2017 and new threats facing the field of cryptography.”
Brief synopsis: Keynote featuring noted cryptographer Bruce Schneier, wherein (among other things) he shares his perspective about government regulation of Internet security—which, he suggests, is becoming “everything security.”
Official description: “IoT security will change our industry, because failure will affect the world in a direct physical manner. Schneier discusses how.”
Brief synopsis: This is a series of sessions on the topic of ransomware; see the agenda and list of presenters here.
Official description: “Explosive growth demands focused understanding, so we’ve developed this new seminar to give attendees a full day all about ransomware, and its multifaceted implications across technical, policy, compliance and financial response. Sessions will discuss innovative research, present case studies on response and recovery to ransomware, explore combatting ransomware and debate if—and when—you should pay the ransom.”
Brief synopsis: Startup companies pitch new security-focused products and technologies (a live event, somewhat similar in nature to “Shark Tank”).
Brief synopsis: Keynote featuring astrophysicist and TV personality Neil deGrasse Tyson, wherein he talks about… science (not security)—but it’s a very fun and entertaining keynote.
Official description: “As a passionate astrophysicist Dr. Tyson will forever change the way we look at the beauty and grandeur of the universe. The world looks different when you are scientifically literate. Explore with Dr. Tyson all that is funny, illuminating and alarming about what appears in the world’s current events as seen through the lens of an astrophysicist.”
Sadly, RSAC has not posted the whole keynote, but here are some clips:
This is only a small sampling of the great content at RSAC. More videos are still being uploaded to the RSAC YouTube channel; check them out here.
Don’t forget to subscribe to The Mac Security Blog for the latest Mac and iOS tips and security news!