Error Code

There’s a lot of talk about using AI and LLM in security. For example, could ChatGPT detect the vulnerable spots for power for analysis in particular pieces of code using Advanced Encryption Standard?  Witold Waligora, CEO of CloudVA, talks about his Black Hat Europe presentation, How We Taught ChatGPT-4 to Break mbedTLS AES With Side-Channel Attacks.

You might think that internet connected cameras would be limited in use by a bad actor. Actually such devices can be an entry point into an organization, providing yet another means of accessing the internal network. Mohammad Waqas, a field CTO at Armis, spoke at SecTor 2023 about the threat posed by IoT and OT devices in future cyberwarfare and discusses here why we need to broaden our attack surface defenses to include them. 

There’s a fake news report about three million internet-enabled toothbrushes contributing to a botnet. Unfortunately the mainstream media ran with the story before questioning its basic assumptions. This is a story about IoT devices and the fact that we still don’t understand how they are vulnerable. Tom Pace, co-founder and CEO of NetRise, talks about vulnerabilities inherent in the IoT space that are often misconstrued and how we need to ask more questions about the software and the hardware being used if we want to secure critical infrastructure tomorrow.

Ransomware groups have bifurcated with some doing pure ransomware and others going straight to extortion; it's whether the data is ransomed on your network or theirs. Nick Biasini from Cisco Talos talks about the threats he’s seeing, in particular, SapphireStealer which is open source and using GitHub to crowdsource new features.

The Purdue Model used in OT is essentially network security from the 1990s. New threats and new tech however required us to rethink that on the network side so how do we bring that new thinking to work with legacy OT systems? John Taylor of Versa Networks explains how there's a lot of implicit trust in the IoT and OT devices themselves, yet they don't have antivirus. Or firewalls. Worse, you're basically depending on the manufacturer of that device to provide security updates if necessary, and oftentimes they don't. Perhaps it’s time for a new approach such as SASE or secure access service edge.

Flaws within the chips in our laptops, in our homes, and in our critical infrastructure could become the access one needs to steal data if not just shut down an assembly line, or hold up production of a vital resource like power or water. Josh Salmanson, senior vice president at Telos, discusses why we’re seeing more and more pre-compromised routers in critical environments today and what we might do to mitigate that in the near future.

Can your OT function if the IT system goes down? OT self-sufficiency is critical for infrastructure such as rail systems. Christopher Warner, from GuidePoint Security, discusses how this infrastructure resilience is important not only for the rail industry but for most of the other critical infrastructures in general. 
 

Quantum computers will change and even break the cryptography we have today. To defeat a "Harvest Now, Decrypt Later" strategy by bad actors (even nation states), Denis Mandich, CTO and co-founder of Qrypt, is proposing a type of crypto agility that compiles the keys on your laptop instead of distributing them across the internet. He also talks about how you won’t need a quantum computer in your home; you’ll be able to access one in the cloud the way you can access AWS today.

When we think of massive compute power, we think of the Cloud when we really should consider the millions of unprotected OT devices with even greater slack computer power than all our current Cloud services combined. Sonu Shankar, Vice President of Product at Phosphorus Cybersecurity, talks about the challenge of communicating with PLCs and other devices, the risks from newer OT devices, and how all password-less OT devices really need to be protected. He says attacks aren’t just DDoS; today OT attacks can exfiltrate data as well.

There’s much of the electromagnetic spectrum that we cannot see. Like how LED wristbands are triggered at concerts or how to identify someone at DEF CON in a crowd of cellphones and electrical devices. Eric Escobar of SecureWorks provides some really clear analogies to help anyone visualize the differences between NFC, Bluetooth, and Wi Fi such as how your router and your microwave are both 2.4GHz - the difference is the number of watts behind each signal.