Expect plenty of talk aboutthe ongoingransomware scourge and threats againstthe Internet of Things (IoT) during RSA Conference 2017, which begins a week from todayat the Moscone Center in San Francisco.
The conference will include15 keynotes, including talks by RSA CTO Zulfikar Ramzan, Microsoft president Brad Smith, and Alphabet CEOEric Schmidt. The popular cryptographers’ panel will featureWhitfield Diffie (of Diffie-Hellman exchange fame), Ronald Rivest and Adi Shamir (the R and S in RSA encryption), and Susan Landau (creator of Landau’s Algorithm). Paul Kocher, who developed attacks that can break RSA, and Diffie-Hellman, will moderate the panel.
Sophos talksSophos global head of security research James Lynewill speak on both ransomware and IoTin a talk called Reversing the Year: Let’s Hack IoT, Ransomware and Evasive Payloads . He said he’ll“deconstruct funny ransomware fails/wins, bypass security controls and more”. The talk, scheduled for Feb. 16 from 1:30-2:15 p.m. at the Marriott Marquis, will include a security assessment of a couple IoT devices.“We’ll find bugs and exploit them to gain an insight into the common industry faults,” Lyne said. “Expect debugging, reversing and practical tips.”
Lyne will also give a talk called Demystifying Debugging and Disassembling Applications . He’ll give that talk twice: first on February 14from 2:30-3:15pm at Moscone South room 308, and then again on February 15, 1:30- 2:15pm at Moscone West room 2001.
Mark Loman, director of engineering for next-generation techat Sophos, will give a talk called How Nation-States and Criminal Syndicates Use Exploits to Bypass Security, which will delve intohow nation-state attackers meticulously craft their attack code to evade the most advancedsecurity products.
RansomwareEmphasizing the severity of ransomware and how pervasive it continues to be, RSA will hold an all-day seminar focused exclusively on the topic. The RSA Conference website describes the event :
Explosive growth demands focused understanding, so we’ve developed this new seminar to give attendees a full day all about ransomware, and its multifaceted implications across technical, policy, compliance and financial response. Sessions will discuss innovative research, present case studies on response and recovery to ransomware, explore combatting ransomware and debate if―and when―you should pay the ransom.
The event will take place inMoscone West room 2014.
Ransomware has been a heavy focus for Naked Security and Sophos as a whole. Notable attacks we’ve covered include Texas police losingeight years of digital evidence after refusing to pay ransom in a December attack, andLos Angeles Valley College (LAVC) paying $28,000 (22,500) in Bitcoins to extortionists after ransomware encrypted hundreds of thousands of files held on its servers.
To combat the problem, we continue to offer the following resources:
To defend against ransomware in general , see our article How to stay protected against ransomware . To protect against javascript attachments , tell Explorer to open .JS files with Notepad . To protect against misleading filenames , tell Explorer to showfile extensions. To protect against VBA malware , tell Officenot to allow macros in documents from the internet. To learn more about ransomware , listen to ourTechknow podcast.
IoT attacks
IoT threats have been discussed at RSA conference for years now, but in largely theoretical terms. Thispast year, the theoretical turned into reality whenMirai malware was used to hijack internet-facing webcams and other devices into massive botnets that were then used to launch a coordinated assault against Dyn , one of several companies hosting the the Domain Name System (DNS). That attack crippled such major sites as Twitter, Paypal, Netflix and Reddit .
For 2017, Sophos predicts a rise in threats against devices that are part of the IoT. Lyne recently discussed the threat in arecent interview that aired on CNBC’s On the Money. “The sharks have smelled the blood in the water and they’re now circling to use your IoT device for further attacks,” hesaid at the time.
In addition to Lyne’s talk, security luminary Bruce Schneier will givetwo presentationsabout regulating IoT devices. “Licenses, certifications, approvals and liabilities are all coming,” he said in one of his session descriptions. “We need to think about smart regulations now, before a disaster, or stupid regulations will be foisted on us.”
