Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Protecting Your Network from Bunnies and More

579 views

Published on

15 seconds is all an attacker needs to steal your sensitive information from any workstation. Attendees will participate in an interactive demonstration while learning about:

* Inconspicuous USB devices attackers use to create hidden backdoors into your network

* Common ways attackers quickly capture passwords and other sensitive data without your knowledge

* Tips for securing your network against such unscrupulous attacks

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Protecting Your Network from Bunnies and More

  1. 1. Hacked in 15 Seconds Brian Johnson Sr. Security Engineer
  2. 2. NOT either of these Brians Who is this guy?
  3. 3. Sr. Security Engineer for Emergent Networks Podcaster Miniscule movie star Who is this guy?
  4. 4. Agenda • A review of 2017’s security “highlights” • USB drives – an old and new threat
  5. 5. Wannacry/WCRY Impact: infected several hundred thousand computers beginning in May Payload: encrypt files, demand $300-500 in Bitcoin
  6. 6. Wannacry/WCRY Lessons learned: • Solid backup plan • Solid patching program
  7. 7. Petya/Notpetya Impact: infected computers in at least 65 countries in May Payload: encrypt files, demand $300-500 in Bitcoin P.S. even if you pay, you lose 
  8. 8. Petya/Notpetya Lessons learned: • Solid backup plan • Solid patching program
  9. 9. May: Thousands of HIPAA- protected medical records exposed due to misconfigured backups
  10. 10. Lessons learned: • Security is hard! • Conduct regularly vulnerability scans
  11. 11. July: an analyst’s contacts, account credentials, email and other sensitive company data leaked Update from FireEye on Aug 7: “The analyst wasn’t hacked…”
  12. 12. Lessons learned: • We need long, strong, unique passwords for every service we use Microsoft recommends…
  13. 13. • Minimum password length: 14 • Passwords must meet complexity requirements • Do not store passwords using reversible encryption • Enforce password history of 24+
  14. 14. September: 143 million American consumers affected Breached data includes: • Social security numbers • Birthdates • Addresses • Driver’s license numbers • Credit card numbers How did this happen?!
  15. 15. Lessons learned: Regularly refresh your… • Social security number • Credit card number • Mailing address • Birthdate 
  16. 16. Monday: network compromise through an administrator’s account • Deloitte’s entire internal email system exposed • Several gigabytes of data exfiltrated to a server in the United Kingdom • No two-factor authentication used on critical systems Source: Brian Krebs
  17. 17. Lessons learned: • 2FA is a good layer of security • Put complex, unique passwords on everything!
  18. 18. Who are the 2016-2017 breach victims? Source: Verizon DBIR
  19. 19. What tactics are being used? Source: Verizon DBIR
  20. 20. USB devices: And old and new threat
  21. 21. Once upon a time we were worried about…
  22. 22. +
  23. 23. .com
  24. 24. What did the bunny steal?
  25. 25. What did the bunny steal?
  26. 26. How did that happen? “Hey PC, I’m a USB drive, but I’m pretending to be a keyboard!” “You got it! I totally trust you!”
  27. 27. How did that happen? C:> netsh wlan export profile key=clear “Sure, here are all the wifi passwords I’m storing!”
  28. 28. Anti-Bunny defensive tactics: • Take away local admin rights? • Would disabling AutoPlay help? • Locked workstation? • Regular wireless password rotation? • 802.1x wireless authentication? • Application whitelisting?
  29. 29. What if we set USB to “read only”?
  30. 30. “Sorry, you’re ‘read only!’ “Gimme all your wifi passwords! Put them in this folder please.”
  31. 31. “Ok, then run this script: http://badguy.com/BadScript.ps1” “You’re the boss!” Send email with all wifi passwords to: attacker@badguy.com All the passwords!
  32. 32. What if we block USB?
  33. 33. We blocked the bunny! (Or did we?)
  34. 34. Bunnies are sneaky… “I totally believe you! “Hey PC, now I’m going to pretend to be a network card!”
  35. 35. Ahnuld PC Great! Here comes some authentication info! Sorry, nope! Never heard of it. DNS Server It’s me, fileservr!!! Evil Bunny Hey DNS server, know a computer named fileservr? MUAHAHAHAAHAHAHA!!! Ahnuld PC Aaaaaanybody else? Ahnuld PC
  36. 36. PASSWORDS!
  37. 37. Conclusion To defend your network against “bunnies,” consider: • Physical security • Enterprise level wireless security • Application whitelisting • Good password hygiene • Centralized logging and alerting
  38. 38. Thank you!
  39. 39. Brian Johnson Emergent Networks BrianJ@EmergentNetworks.com @7MinSec www.7ms.us
  40. 40. Brian Johnson Emergent Networks BrianJ@EmergentNetworks.com @7MinSec www.7ms.us

×