Best tweets of #TheSAS2015

Kaspersky Security Analyst Summit brought forward a lot of things to think about, and in this post we’ll pick a handful (well, actually quite a lot) of twitter highlights from those two days of security-related keynotes and presentations.

Kaspersky Security Analyst Summit brought forward a lot of things to think about, and in this post we’ll pick a handful (well, actually quite a lot) of twitter highlights from those two days of security-related keynotes and presentations.

Insecurity isn’t coincidence, it’s consequence“, said famous security researcher Dan Kaminski in his keynote.

Wise words indeed: both security and the lack of it are the results of certain decisions and actions, and negligence is a sort of action as well.

It’s a big mistake to think that vulnerabilities exploited by the cybercriminals are coming out of the blue: they may be unexpected, but it’s “an expected unexpectability”. A proper approach to security allows for the protection from next to any sort of threat. In reality, though, “holes in the fence” are ubiquitous (just look at the graph below), which allows for large-scale campaigns.

Carbanak, for instance, or another drawing card of SAS 2015: The Equation APT. A lot has been said about both of them: Carbanak, for instance, is a huge APT campaign – a Great Bank Robbery of XXI century’s second decade. The still-active APT was reported at SAS by Kaspersky Lab’s researchers Sergey Golovanov and Sergey Lozhkin. The audience appeared quite impressed by the Carbanak-related keynotes.

https://twitter.com/k8em0/status/567366634038251520

A full report is available here.

The Equation has also stirred a lot of interest, and the fact that this APT has some apparent ties to Stuxnet (and actually precedes it) drew additional attention as well.

People just couldn’t pass by the fabulous Grzegorz Brzęczyszczykiewicz. How many times have you tried to learn how it is properly pronounced?

Yet another point of interest for The Equation is that its main component appears to be only removable by physically destroying the infected hard-drive. Pictures of a totally ruined HD have been tweeted quite a few times.

Hardware was a hot topic throughout the entirety of SAS 2015. As Runa A. Sandvik summarized it, “That feeling when you wake up, read Twitter, and question whether you can trust any of the hardware you own.”

And indeed: here goes some biohacking:

https://twitter.com/k8em0/status/567446257950400513

then – obtaining the data by scanning the Bluetooth-enabled wearables:

The much-glorified and eagerly-expected Internet of Things looks anything but secure, right now, yet it is being quickly implemented. Even on the urban level, as pointed out by Cesar Cerrudo from IOActive Labs, an expert researcher on ICS/SCADA and Smart Cities, “Smart city becomes Dumb city when the tech is implemented with no security in mind”.

The lack of the “security in mind” approach is the cornerstone of a lot of today’s security issues with software, especially the legacy ones, and especially with the aging ICS designed in the pre-Internet era. If “Smart Cities” will be plagued by the same problems, it’s a bit scary to imagine what may follow.

A full summary of the Kaspersky Security Summit is available in our blog here.

Tips

How to travel safely

Going on vacation? We’ve compiled a traveler’s guide to help you have an enjoyable safe time and completely get away from the routine.