Every year at the beginning of June, London serves as the setting for all things security at Infosecurity Europe, one of The State of Security‘s top 11 conferences in information security.
As always, there was an abundance of interesting talks on the first day, so much so it was impossible to see all of them. That’s especially true for years when the crowds are bigger than ever and folks are turned away before some sessions even start.
With that being said, I picked out three talks from Day One that I wanted to see. If you missed them, here is a quick recap.
Cybercrime: What Works in 2016
Speaker: James Lyne, Global Head of Security Research, Sophos
First up was James Lyne in the Intelligent Defense room. I’ve never seen James talk before, but I heard great things about him previously, so I was itching to get a good seat.
Lyne began by talking about all digital threats we’ve seen so far in 2016 (and in years before), such as exploit kits and phishing attacks. He then went on to discuss how those threats are now evolving.
As time goes by, he explained, online criminals are becoming more sophisticated, and the technology they use is improving, too. The old scams still work, but given their declining effectiveness, new scams that work even better are coming to fruition.
During his talk, Lyne told us about a social engineering experiment he recently conducted. In the campaign, he tested the stereotypical Nigerian prince ruse as well as scams leveraging fake tax refunds, Amazon package notifications, job offers, and payment advice on thousands of participants to see which ploy would obtain the “best” results. It was really interesting to review the results of James’ experiment, especially how many people tend to click on scams involving payment advice and resumes.
For fun, Lyne included in his experiment a blank email titled “FREE money,” which garnered 19 clicks. It would seem there are some people who just can’t be helped!
He spent most of the remaining time providing us with real-life examples of bad scams as well as of fascinating new scams that are becoming popular.
From listening to James, something became clear to me: we have to try to improve awareness around security, but whatever we do, there will always be people who will be susceptible as scams evolve and criminals continue to develop new and amazing ways of getting those clicks.
Sweet Security: Building a Defense Raspberry Pi
Speaker: Travis Smith, Senior Security Research Engineer, Tripwire
Next up in the same room was Tripwire’s very own Travis Smith.
This talk was an in-depth walkthrough on how to use Raspberry Pi to help monitor your networks.
Smith began his talk with a bit of background on why he was there. He talked about the restrictions with ICS security and how Internet of Things (IoT) devices are becoming ever more prominent in our lives. He then posed the following question: as we become more connected in our homes, how do we know if we have a digital intruder?
The answer: a DIY home network security system!
Smith talked us through how to get set up, what products you would need, and how you can do everything all for around US$70 – a very affordable price.
Afterwards, Smith walked the crowd through the various component parts of creating a home network security system by discussing BRO, Elasticsearch, Logstash, and Kibana.
As technology advances and the number of connectable devices increases, so too does the risk. It’s this fact of life that in part motivated Smith’s talk. He decided to help protect the unpatchable by creating something that folks can use in their own home all the way up to enterprise level.
Smith spent some time emphasizing the importance of being able to monitor all traffic inside your home. To illustrate that point, he talked about when he was at work and got a notification that a new device had connected to his system. As both he and his wife were out at the time, he was obviously pretty alarmed. However, he later found out that it was just a neighbor’s phone that had tried to connect to the network when they were cleaning their dog’s business on his front lawn.
If you want to find out more about how to set up your own home network security system, you can check out this blog post alongside Travis’s GitHub page here.
50 Shades of Dark: From the Surface of the Dark Web
Speaker: Staffan Truvé, CTO & Co-Founder, Recorded Future
I was particularly excited about this talk, as I wanted to get an insight into how criminals operate online, particularly how they exploit the surface web to drive traffic to their products and services on the dark web.
After all, there is a lot of hype around the dark web and what is “down” there. Most people think it’s used by criminals who only sell credit card data or illegal drugs.
But that’s not the case. Staffan told us that people take great care to offer a variety of goods and services on the dark web.
To illustrate that fact, he noted how folks who try to collect information about the dark web face several challenges in doing so due to nothing being indexed, a lack of tools, slang terminology, and a volatile environment.
Apparently, the dark web is a difficult place for intelligence to gather knowledge, but there is still a lot of data out there to be collected.
What I found extremely fascinating about the talk was how cyber criminals use all aspects of the internet to market their products and services.
That begs the question: when something is created on the dark web, how do people find it?
Well, if nothing is indexed, word has to get out. Staffan pointed out that usually people post on forums, but some apparently use legitimate websites and social media to drive traffic down there. (For instance, as Twitter still manually removes inappropriate tweets, there is usually a window of opportunity that criminals can exploit in order to drive traffic through the surface web.)
Staffan concluded by discussing how people now have no reason to set up their own distributed denial-of-service (DDoS) platforms, among other digital attacks, when they can simply go on the internet and find a service provider who will do it for them for next to nothing.
The key takeaway for me was how simple marketing economics applies to the dark web. Forums and social media act as the RSS feeds of the dark web, and for people to sell their products online, they need to exploit the surface web to drive traffic there.
It was also interesting to see how analyzing data within the dark web can be used to determine the next big malware threat.
The first day at Infosecurity Europe 2016 was full of big crowds and fascinating presentations. Fortunately, there’s still a lot more to explore at the conference over the next two days!
Are you attending Infosecurity Europe this year? If you are, please visit us at Booth #D20 to learn about all the exciting things Tripwire has planned for this year’s conference. And don’t forget to enter our security defender competition while you’re there!
In the meantime, please stay tuned for more coverage of Infosecurity Europe 2016!