Ransomware attacks are not force majeure

pts20220707004 trade / services, media / communication

The DeepSec security conference is reminiscent of basic IT protection and good system architecture

The DeepSec security conference provides useful information on IT security (Image: Florian Stocker)

Vienna (pts004 / 07/07/2022 / 09:30) –

It seems that the number of malware attacks that encrypt victims’ data has increased recently. In fact, these ransomware attacks are only part of the evolution among attackers. Attacking software is moving with the times. An important reason for accumulation is defense downtime. This year’s DeepSec security conference offers exchange with experts and high-quality further training on protecting your own IT.

Basic misconceptions

Comparing reports of ransomware-related incidents, it can be concluded that these are inevitable natural events. Of course it is not so. If you stick to the biological analogy of a virus, a favorable combination of preconditions for a ransomware infection arises. In the beginning, there is always a fake message scam that comes up with a reaction. This is followed by the action on the part of the recipient to read and process the message or document. This leads to the execution of malicious code which then exploits other vulnerabilities in the installed software and IT architecture. There is little information in the media on this because it is about technical details.

Apparently, however, one thing is clear: if an entire organization, or at least its critical business data, can be compromised by a single system, there are no internal barriers to limiting harm. In effect, this is a clear indication of errors in the authorization or access control system. The concept of fire doors or locks is known from other fields. This exact concept also exists in IT security, but often cannot be implemented organizationally. Misunderstandings arise when there is technology and blame attribution when looking for causes. Unfortunately, the explanation of social engineering attacks is insufficient as a successful attack exploits a whole series of vulnerabilities.

On-board resource to protect IT systems

Most applications and operating systems offer their own protection measures without installing additional tools. They are not active by default as most platforms are universal. Platforms, whether hardware or cloud-virtualized, are designed to run all possible applications. The platform code cannot guess what solutions each IT department would like to have. To do this, you need to know the context of data processing well. This is exactly where the intersection with security configurations is, as they are often missing due to the complexity of the applications used and the infrastructure used. To ensure that everything still works after a software update, only some deviations from the standard configuration are applied.

These on-board resources vary from system to system. However, there are some basic rules that apply regardless of the technique used. Data protection (ie backups) and archives cannot take part in the system of organizational rights, ie no system and no person from production operations can access them. Security systems must use their own accesses that are not known to all servers and clients, or that only operate in one direction. There are multi-level configurations that implement such a scenario. Finally, the appropriate encapsulation of the application should also be mentioned. This means granting minimal rights to the program code. In particular, desktops cannot perform privileged operations.

Training to improve IT protection

As ransomware attacks take advantage of many vulnerabilities, the defense cannot resort to a single countermeasure. The first step in attacking is tricking into getting support from an insider. At this point, your social engineering education can begin and implement meaningful desktop alerts. Overall, mobile devices and desktops have become the most dangerous point in the company. Critical vulnerabilities and weak security are no longer just found in networks or servers. The “Hacking JavaScript Desktop Apps” and “Mobile Security Testing Guide” training courses are aimed at applications that users use in their daily work. In two days you can find out what threats exist and how to counteract them. This knowledge is essential to defend modern digital environments.

There are also two trainings in the field of infrastructure. Mobile Network Security deals with mobile networks. Cellular and mobile customers are in use all over the world. Attacks are common and more frequent than you might think. Coach Bart Stidham presents the landscape of threats and attacks touching on all technical levels. It is about geolocation attacks, attacks on radio cells and paralysis of cell phone customers over the network. The two-day training will also include live shows. The next “Mobile Security Testing Guide Hands-On” workshop is entirely devoted to the analysis of Android and iOS applications on smartphones. Each smartphone contains hundreds of applications that have a set of permissions and access to the network. Sven Schleier teaches you how to find vulnerabilities in these applications to make mobile devices your ideal target.

If your defense has vulnerabilities, we recommend Network Threat Hunting & Incident Response training on how to respond to incidents and find threats on and off networks. The course is intended for developers, administrators, security experts and forensics. Participants learn to isolate threats, apply forensic methods to compromised systems, and extract important clues. IT defense can therefore be realized in implementation. Force majeure is not mentioned in any training.

programs and reservations

DeepSec 2022 days are November 17 and 18. DeepSec training sessions take place on the previous two days, November 15 and 16. All training (with a few exceptions) and lectures are intended for face-to-face meetings, but may be partially or fully virtual due to possible future COVID-19 activities. The lectures will be broadcast on our internet platform for registered participants.

The DeepINTEL Security Intelligence conference will take place on November 16. As this is a closed event, please send your inquiries regarding the program to our contact addresses. We provide strong end-to-end encryption for communication: https://deepsec.net/contact.html

Tickets for the DeepSec conference and training can be ordered online at any time via the link https://deepsec.net/register.html. Sponsor discount codes are available to you. If you are interested, please contact us at deepsec@deepsec.net. Please note that we are dependent on timely ticket orders to ensure planning security.

(End)

Leave a Comment