ÃÛÌÒTV

Data Security 08-07-2015

What We Learned from Black Hat 2015

ÃÛÌÒTV
, founded by computer security expert Jeff Moss, held its 18th annual conference in Las Vegas this week. In the first four days, attendees receive training from experts in the infosec community. The fifth and sixth days wereÌýdedicated to briefings. Over a hundred experts presented 100 briefings during the conference with topics covering everything from IoT vulnerabilities in smart firearms to understanding entropy. For those who were not able to attend, we’ve summarized three of our favorite briefings below.

By: Markus Jakobsson and Ting-Fang Yen

According to Jakobsson and Yen, scamming continues to be a profitable strategy for online criminals. One of every 10 adults in the U.S. falls for a scam every year, a third of these via the Internet (from a FTC survey). Poor attempts at social engineering and seemingly legitimate scams snare the unwary as well as the most discerning users. Surprisingly, the Nigerian scam tactic still works, says Jakobsson and Yen because gullible users still exist.

The obviously scammed email weeds out the more discerning recipients butÌýstill hooks the more gullible ones. Jakobsson and Yen saidÌýalthough this type of scam remains profitable for scammers, they are becoming more sophisticated in their attacks. This sophistication blurs the lines between the typical Nigerian scam and more elusive phishing emails. Spam filters do help, but not as much as you might think. Thirty percent of Yahoo filters and 34% of Hotmail filters were unable to detect and block scam messages.

By: Colby Moore

Until now, most talk in the news about satellite hacking has been theoretical with very little real world attacks. Moore takes us past the theoretical. He goes into detail clearly showingÌývulnerabilities within spread spectrum communication, the basis for most of our modern communication technologies (cellular, Wi-Fi, Bluetooth, ZigBee, etc.) and then exploiting them. He also demonstrates how to collect intelligence using a compromised satellite and how to use a compromised satellite to spoof.

By: Kyle Wilhoit and Stephen Hilt

Wilhoit and Hilt state that attacking gas tank-monitoring systems is a real possibility. Their research shows that attackers are targeting gas tank-monitoring systems worldwide. Most of these attacks (44%) are occurring in the U.S. Wilhoit and Hilt say attackers may be motivated to attack gas tank-monitoring systems for several reasons. Attackers may be inexperienced and want to test their skills against a vulnerable system. The attackers may be doing industry-targeted reconnaissance or sabotage. Or they may doing it to extort money.

Wilhoit and Hilt conclude that connecting devices to the Internet should only be done only when it makes sense to do so. Not every device needs to be—or even should be—connected to the Internet. Also, gas station owners should consider all the implications of adopting a gas tank-monitoring system and take the appropriate precautions if they do so.

Other Noteworthy Briefings

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205