Press Release: Ransomware Attacks Are No Force Majeure
DeepSec security conference reminds you of basic IT protection and secure system architecture.
Malware attacks that encrypt data of victims seem to have increased recently. In fact, these ransomware attacks are only part of an evolution among the attackers. Attack software moves with the times. An important reason for the accumulation is the standstill in defense. This year’s DeepSec security conference offers exchange with experts and high-quality further training for protecting your own IT.
Basic Misunderstandings
Comparing the reports of incidents involving ransomware attacks, one might conclude that these are inevitable natural events. Of course, that’s not the case. If one sticks to the biological analogy of the virus, a favorable combination of prerequisites for the infestation of ransomware results. In the beginning, there is always a deception in the form of a fake message, to which there is a reaction. This is followed by an action by the recipient by reading and processing the message or document. This leads to the execution of malicious code, which then exploits further vulnerabilities in the installed software and in the IT architecture. There is little information in the media on this point because it is about technical details. On the surface, however, one thing is clear: if an entire organization or at least its critical business data can be compromised by a single system, then internal barriers to limit the damage are missing. As a result, this indicates errors in the authorization system or in the access controls. The concept of fire protection doors or locks is known from other areas. Exactly this concept also exists in IT security, but it often cannot be implemented organizationally. The misunderstandings then arise when dealing with the technology and in assigning blame when looking for the causes. Unfortunately, the explanation that these attacks are caused only by social engineering is insufficient, since a successful attack exploits a whole series of vulnerabilities.
Standard tools for protecting IT systems
Most applications and operating systems offer their own means of protection installing no additional tools. These are not active by default because most platforms are universal. Platforms, whether in hardware or virtualized in the cloud, are designed to run all conceivable applications. The platform code cannot guess which solutions each IT department would like to have in detail. For this, you need to know the context of data processing well. And this is exactly where the intersection with the security configurations is, because these are often missing because of the complexity of the applications and the infrastructure used. To ensure that everything still works after a software upgrade, only certain deviations from the standard configuration are used.
The on-board resources mentioned differ from system to system. However, there are some basic principles that apply regardless of the technique used. Data backups (i.e. backups) and archives must not take part in the organizational authorization system, i.e. no system and no person from production operations may have access. The security systems have to use their own accesses, which all servers and clients do not know or which only work in one direction. There are multi-level configurations that implement such a scenario. Finally, the appropriate encapsulation of the applications should also be mentioned. This means granting minimal rights to program code. Specifically, desktops may not perform privileged operations.
Trainings to improve your IT protection
Since ransomware attacks exploit multiple vulnerabilities, the defense cannot resort to a single countermeasure. The first step in an attack is a ruse to gain support from someone on the inside. One can start educating about social engineering and deploying meaningful alerts on the desktop. Mobile devices and desktops have become the most dangerous point in a company. Critical vulnerabilities and poor security design are no longer just found in networks or servers. The training courses “Hacking JavaScript Desktop Apps” and “Mobile Security Testing Guide” are aimed at the applications that users use in their daily work. In two days, you can learn what threats exist and how to counter them. This knowledge is essential for defending modern digital environments.
In terms of infrastructure, there are also two training courses. “Mobile Network Security” deals with mobile networks. Cellular and mobile clients are in use worldwide. Attacks are widespread and more common than you might think. Trainer Bart Stidham introduces the threat landscape and attacks, touching on all technical levels. It’s about geolocation attacks, attacks against radio cells and the paralysis of mobile phone clients via the network. The two-day training will also include live demos. Another workshop, “Mobile Security Testing Guide Hands-On”, is entirely dedicated to the analysis of Android and iOS apps on smartphones. Every smartphone carries around hundreds of apps that have a set of privileges and access to the network. Sven Schleier teaches how to find vulnerabilities in these apps to make mobile devices the perfect target.
If your defense develops gaps, we recommend the “Network Threat Hunting & Incident Response” training course on incident response and finding threats in and from networks. The course is intended for developers, administrators, security experts and forensic scientists. Participants learn to isolate threats, apply forensic methods to compromised systems, and extract important clues. IT defense can thus be carried out in the implementation. There is no mention of force majeure in any training.
Programs and booking
The DeepSec 2022 conference days are on November 17th and 18th. The DeepSec trainings take place on the two previous days, November 15th and 16th. All training courses (with a few exceptions) and lectures are intended as face-to-face events, but can take place partially or completely virtually because of future COVID-19 measures. For registered participants, there will be a stream of the lectures on our internet platform.
The DeepINTEL Security Intelligence Conference takes place on November 16th. Since this is a closed event, we ask that you direct inquiries about the program to our contact addresses. We provide strong end-to-end encryption for communication: https://deepsec.net/contact.html
You can order tickets for the DeepSec conference and the training courses online using the link https://deepsec.net/register.html. Sponsor discount codes are available to you. If you are interested, please contact deepsec@deepsec.net. Please note that we depend on timely ticket orders to ensure planning security.