Upload
frost-sullivan
View
1.569
Download
1
Tags:
Embed Size (px)
Citation preview
Black Hat Conference 2009 Findings: What Can the Network Security Industry
Expect in 2010?
Chris Rodriguez
Research Analyst, Network Security
September 15, 2009
2
Focus Points
• About Vulnerability Research
• Overview of the Black Hat Conference
• Major Highlights of the Conference
• Expected Trends
• Key Conclusions
3
About Vulnerability Research
• Vulnerability research is the foundation for numerous network
security solutions such as IPS devices and endpoint protection software.
• Vulnerability research is the frontline of defense from malicious
code writers and cyber attackers.
4
Overview of the Black Hat Conference
• The Black Hat Conference is the largest, and best known securityconference series in the world.
• This conference is designed to serve the information security community by “delivering timely, actionable security information in a friendly, vendor-neutral environment.”
5
Overview of the Black Hat Conference (cont.)
• Historic Black Hat Conference events:
- Dan Kaminsky’s DNS cache poisoning vulnerability
- Cisco IOS flaw that resulted in a lawsuit
- Using virtualization to create undetectable malware
- Weaknesses in network security technology, i.e. NAC
- Vertical-specific exploits, (GSM, ATMs, public transportation)
2000 2005 2006 2007 2008 20092000 2005 2006 2007 2008 2009
Blue Pill, the
undetectable
rootkit
Kaminsky’s
DNS attacks
Cisco
sues
Black Hat
called “a series
of rock throwing
incidents”
NAC
bashed
6
Major Highlights of the 2009 Black Hat Conference
• MMS and SMS flaws (mobile phone hijack via text message)
• iPhone code execution/denial-of-service MMS attack
• Advanced Mac OS X rootkits
• Factory-installed BIOS rootkits
• Apple keyboard rootkit
• SSL encryption protocol flaws
• SSL spoofing
• Fake ATM/card skimmer
• Conficker discussion sanitization
7
MMS and SMS Flaws
• MMS and SMS data use has grown at a high rate over the years,
and is forecasted to continue to grow significantly.
• 900 billion SMS messages sent/received in 2008 (an increase of
132% from 2007)
8
MMS and SMS Flaws (cont.)
• Luis Miras and Zane Lackey, of iSec Partners,
presented a vulnerability in the way mobile phones handle SMS messages.
• This flaw enables an attacker to hijack
smartphones, with varying degrees of control.
• An app called There’s an Attack For That
(TAFT) is a suite of hacking tools for jailbroken
iPhones.
• A related presentation demonstrated an attack
that uses a corrupt MMS message to kill
iPhones.
9
Rootkits
• A rootkit is software designed to secretly control a computer.
• A rootkit uses advanced techniques to take full control of a
system, obscure itself, and survive most attempts to remove it.
• Rootkits are very dangerous, and are often used by hackers to make malware more effective and nefarious.
• Researchers at CoreSecurity announced that they discovered
factory installed software that behaved as a rootkit.
• Absolute Software’s CompuTrace LoJack for Laptops is designed
to protect and help locate stolen laptops.
• While not inherently malicious, the researchers claim that it’s not very secure - leaving the possibility for devastating attacks.
10
Rootkits (cont.)
• Security researcher Dino Dai Zovi demonstrated how to load an
advanced rootkit on Mac OS X machines.
• This is a severe issue with Mac OS X, which has been struggling
for market share against Windows.
• An Apple keyboard was also discovered to be susceptible to a
rootkit attack through its firmware update system.
11
SSL Encryption Issues
• SSL is a trusted, secure protocol for encryption and
authentication.
• Dan Kaminsky presented on problems with X.509 certificates,
which are used for SSL encryption and authentication.
• X.509 certificates use an outdated and weak cryptographic hash
function, MD2.
• VeriSign, the leading provider of digital certificates, downplayed
this announcement, saying that they no longer use MD2.
• Regardless, businesses have invested millions of dollars in
X.509, and yet it suffers both from technical and structural issues.
12
SSL Encryption Issues (cont.)
• In a similar presentation, security researcher Moxie Marlinspike
showed how an attacker could spoof SSL certificates.
• Marlinspike was able to trick a Web browser into accepting code,
which can give an attacker a number of attacks to perpetrate.
13
Fake ATM/Card Skimmer
• A card skimmer was installed on an ATM near
the hotel that the Black Hat Conference attendees were using.
• Chris Paget, an security expert for Google, was
attending the conference when he discovered
the device and reported it to authorities.
• This follows the recent report of a complete,
working, fake ATM that was placed at the
DefCon convention.
• Coincidentally, a presentation about this
banking technology was pulled in order to give
the affected vendors time to resolve the issue.
14
Conficker Discussion
• Conficker is a computer worm that infected up to 10 million
machines.
• The botnet had an activation date of April 1, 2009, but nothing
happened after all.
• The security community is still trying to track down the
perpetrators.
• Conficker uses numerous advanced malware techniques to avoid
detection and deletion.
• A presentation about the Conficker worm was censored to avoid
tipping off the malware’s authors.
15
Expected Trends
• What are customer and vendor plans for SSL communications?
• What this SSL vulnerability means for browser developers.
• Attackers continue to become increasingly nefarious, while their
tools grow in sophistication and complexity.
• Is criticism of factory installed grayware warranted?
• Mobile phones are the next major platform to be targeted for
attacks.
• How will cell phone manufacturers react to these security
threats?
• Who’s responsibility is it to secure third-party apps?
• The security industry is becoming more responsible and
cooperative in its efforts of defeating hackers.
16
Major Industry Participants
17
Key Conclusions
• The demand for original vulnerability research will only grow as
the race to defeat hackers intensifies.
• Key Internet infrastructure still has high risk vulnerabilities that
have not been fixed yet.
• As mobile devices become more connected and powerful, these
devices will become primary targets of hackers.
• Mobile phone developers generally have less experience with QA
and security testing, which may leave this attack vector exposed.
• With mobile devices, third-party applications are unregulated,
which introduces a critical attack vector.
• Responsible reporting and cooperation indicates an immense
potential for success against cyber threats.
18
Next Steps
� Request a proposal for a Growth Partnership Service to support you and your team to accelerate the growth of your company. ([email protected])1-877-GoFrost (1-877-463-7678)
� Register for the next Chairman’s Series on Growth:
The Growth Excellence Model: Competitive Benchmarking & Growth
Investing (October 6th) (http://www.frost.com/growth)
� Register for Frost & Sullivan’s Growth Opportunity Newsletters and keep abreast of innovative growth opportunities.(www.frost.com/news)
19
Your Feedback is Important to Us
Growth Forecasts?
Competitive Structure?
Emerging Trends?
Strategic Recommendations?
Other?
Please inform us by taking our survey.
What would you like to see from Frost & Sullivan?
20
For Additional Information
Jake Wengroff
Global Director
Corporate Communications
(210) 247-3806
Craig Hays
Sales Manager
Information & Communication Technologies
(210) 247-2460
Robert Ayoub
Industry Manager
Network Security
(210) 247-3808