Tori Norris

Tori is the Content Marketing Manager at NetSPI, where she supports the development of blog posts, webinars, resources, and more. Prior to NetSPI, she worked at public relations agencies across the country leading various B2B healthcare, technology, and cyber security accounts. Tori earned her BA in Public Relations and Marketing from Winona State University.
More by Tori Norris
WP_Query Object
(
    [query] => Array
        (
            [post_type] => Array
                (
                    [0] => post
                    [1] => webinars
                )

            [posts_per_page] => -1
            [post_status] => publish
            [meta_query] => Array
                (
                    [relation] => OR
                    [0] => Array
                        (
                            [key] => new_authors
                            [value] => "89"
                            [compare] => LIKE
                        )

                    [1] => Array
                        (
                            [key] => new_presenters
                            [value] => "89"
                            [compare] => LIKE
                        )

                )

        )

    [query_vars] => Array
        (
            [post_type] => Array
                (
                    [0] => post
                    [1] => webinars
                )

            [posts_per_page] => -1
            [post_status] => publish
            [meta_query] => Array
                (
                    [relation] => OR
                    [0] => Array
                        (
                            [key] => new_authors
                            [value] => "89"
                            [compare] => LIKE
                        )

                    [1] => Array
                        (
                            [key] => new_presenters
                            [value] => "89"
                            [compare] => LIKE
                        )

                )

            [error] => 
            [m] => 
            [p] => 0
            [post_parent] => 
            [subpost] => 
            [subpost_id] => 
            [attachment] => 
            [attachment_id] => 0
            [name] => 
            [pagename] => 
            [page_id] => 0
            [second] => 
            [minute] => 
            [hour] => 
            [day] => 0
            [monthnum] => 0
            [year] => 0
            [w] => 0
            [category_name] => 
            [tag] => 
            [cat] => 
            [tag_id] => 
            [author] => 
            [author_name] => 
            [feed] => 
            [tb] => 
            [paged] => 0
            [meta_key] => 
            [meta_value] => 
            [preview] => 
            [s] => 
            [sentence] => 
            [title] => 
            [fields] => 
            [menu_order] => 
            [embed] => 
            [category__in] => Array
                (
                )

            [category__not_in] => Array
                (
                )

            [category__and] => Array
                (
                )

            [post__in] => Array
                (
                )

            [post__not_in] => Array
                (
                )

            [post_name__in] => Array
                (
                )

            [tag__in] => Array
                (
                )

            [tag__not_in] => Array
                (
                )

            [tag__and] => Array
                (
                )

            [tag_slug__in] => Array
                (
                )

            [tag_slug__and] => Array
                (
                )

            [post_parent__in] => Array
                (
                )

            [post_parent__not_in] => Array
                (
                )

            [author__in] => Array
                (
                )

            [author__not_in] => Array
                (
                )

            [ignore_sticky_posts] => 
            [suppress_filters] => 
            [cache_results] => 
            [update_post_term_cache] => 1
            [lazy_load_term_meta] => 1
            [update_post_meta_cache] => 1
            [nopaging] => 1
            [comments_per_page] => 50
            [no_found_rows] => 
            [order] => DESC
        )

    [tax_query] => WP_Tax_Query Object
        (
            [queries] => Array
                (
                )

            [relation] => AND
            [table_aliases:protected] => Array
                (
                )

            [queried_terms] => Array
                (
                )

            [primary_table] => wp_posts
            [primary_id_column] => ID
        )

    [meta_query] => WP_Meta_Query Object
        (
            [queries] => Array
                (
                    [0] => Array
                        (
                            [key] => new_authors
                            [value] => "89"
                            [compare] => LIKE
                        )

                    [1] => Array
                        (
                            [key] => new_presenters
                            [value] => "89"
                            [compare] => LIKE
                        )

                    [relation] => OR
                )

            [relation] => OR
            [meta_table] => wp_postmeta
            [meta_id_column] => post_id
            [primary_table] => wp_posts
            [primary_id_column] => ID
            [table_aliases:protected] => Array
                (
                    [0] => wp_postmeta
                )

            [clauses:protected] => Array
                (
                    [wp_postmeta] => Array
                        (
                            [key] => new_authors
                            [value] => "89"
                            [compare] => LIKE
                            [compare_key] => =
                            [alias] => wp_postmeta
                            [cast] => CHAR
                        )

                    [wp_postmeta-1] => Array
                        (
                            [key] => new_presenters
                            [value] => "89"
                            [compare] => LIKE
                            [compare_key] => =
                            [alias] => wp_postmeta
                            [cast] => CHAR
                        )

                )

            [has_or_relation:protected] => 1
        )

    [date_query] => 
    [request] => SELECT   wp_posts.* FROM wp_posts  INNER JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) WHERE 1=1  AND ( 
  ( wp_postmeta.meta_key = 'new_authors' AND wp_postmeta.meta_value LIKE '{33123a0cc4ce84a1d236212695fdfd11dfff302fe73e9e3a633c15b867d192a6}\"89\"{33123a0cc4ce84a1d236212695fdfd11dfff302fe73e9e3a633c15b867d192a6}' ) 
  OR 
  ( wp_postmeta.meta_key = 'new_presenters' AND wp_postmeta.meta_value LIKE '{33123a0cc4ce84a1d236212695fdfd11dfff302fe73e9e3a633c15b867d192a6}\"89\"{33123a0cc4ce84a1d236212695fdfd11dfff302fe73e9e3a633c15b867d192a6}' )
) AND wp_posts.post_type IN ('post', 'webinars') AND ((wp_posts.post_status = 'publish')) GROUP BY wp_posts.ID ORDER BY wp_posts.post_date DESC 
    [posts] => Array
        (
            [0] => WP_Post Object
                (
                    [ID] => 26144
                    [post_author] => 89
                    [post_date] => 2021-08-17 07:00:00
                    [post_date_gmt] => 2021-08-17 12:00:00
                    [post_content] => 

At the beginning of the month, the NetSPI team ventured out to Las Vegas for the highly anticipated Black Hat USA and DEF CON 29 cybersecurity conferences. Given the hybrid nature of the events this year, the crowd was much thinner and the halls of Mandalay Bay much quieter – reports mention that Black Hat attendance was one-fourth of a typical year’s attendance pre-pandemic. 

While quieter than usual, there were still many opportunities to connect with one another face-to-face, rather, mask-to-mask. I sat down with my colleagues who attended the conferences – both in-person and virtually – to get their take on what went down at the events this year. After all, “What happens in Vegas… gets posted on the NetSPI blog.” Right? From keynotes to topics/themes to hacks, read on for five of the greatest moments from Team NetSPI’s time in Las Vegas.

1. Call for collaboration: The Joint Cyber Defense Collaborative

Jen Easterly, the newly appointed head of the Cybersecurity and Infrastructure Security Agency (CISA), used her platform at Black Hat to build trust and personal relationships with the private sector. During her talk she noted her plans to continue the work that former CISA head Chris Krebs started, specifically around building relationships between CISA, the private sector, and government. 

Secretary of Homeland Security Alejandro Mayorkas delivered the final keynote at Black Hat which echoed much of Easterly’s call for collaboration. He took to the virtual stage to recruit security professionals to work for DHS and to talk about the need to diversify the workforce. He cited two specific ways hiring private sector professionals at DHS could increase collaboration: acting as a bridge between the hacker community and DHS as well as mentorship.

Both keynotes highlighted the Joint Cyber Defense Collaborative, a new CISA initiative that plans to “bring together public and private sector entities to unify deliberate and crisis action planning while coordinating the integrated execution of these plans.”

Read more about the keynote speeches online at SC Media:

2. Caution around supply chain attacks

Supply chain attacks are just getting started, warned Corellium COO Matt Tait during his keynote speech. He cited the exploitation of zero-day vulnerabilities as the driver for the increase in software supply chain attacks. Since 2014, the number of zero-day vulnerabilities detected “in the wild” has increased 236 percent. 

The road to securing the supply chain is not going to be easy, Tait reassured. But he did share his thoughts on two critical steps we can take to get started: improvements to bug bounty programs and Certificate Transparency. Contrary to the keynotes from Easterly and Mayorkas, Tait suggested that platform vendors hold most of the responsibility for securing the supply chain, and government intervention or regulation will not do much to address the problem.

For more, read Channel Futures and The Daily Swig’s coverage of the keynote.

3. Ransomware policy panel

The panel on ransomware policy solutions at DEF CON was a highlight for the NetSPI team. It featured co-chair of the Ransomware Task Force Chris Painter, security researcher Robert Graham, and lawyer Elizabeth Wharton.

They discussed the varying aspects and challenges of handling a ransomware attack. (Hint: it’s not as cut-and-dry as banning ransom payments). The panel debated the role of cybersecurity insurance, whether to pay a ransom, the need to understand the granular details of an attack, and more.

Robert Graham pointed out that the true problem with ransomware is that organizations aren’t looking at how the ransomware is getting into the systems, they’re focusing more on whether their recovery efforts are hardened. He brings up a great point and highlights a problem that NetSPI is helping to solve with its new Ransomware Attack Simulation service.

Info Security Magazine wrote a detailed recap of the panel – check it out.

4. Team NetSPI at DEF CON

We may be biased but learning from colleagues at DEF CON was certainly a “greatest moment” from the conference. This year, Portland-based practice director Karl Fosaaen and our newest NetSPI practice director Chad Rikansrud presented at the conference. 

Karl is one of the foremost experts on Azure penetration testing. His presentation at the DEF CON Cloud Village focused on Azure password extraction. In the talk he showcases how to use the password extraction functionality in MicroBurst, a toolkit he created that contains tools for attacking different layers of an Azure tenant. He also walked through a real example of how it was used to find a critical issue in the Azure permissions model that resulted in a fix from Microsoft. For those that missed Karl’s talk, register for his upcoming webinar: Azure Pentesting: Extracting All the Azure Passwords.

During Chad’s talk he and container security expert Ian Coldwater told the story of the first mainframe container breakout. They became the first people on the planet to escape a container on a mainframe, and they explain how they did it. Watch on YouTube: Crossover Episode: The Real-Life Story of the First Mainframe Container Breakout.

5. More DEF CON talks worth watching

Our services team looks forward to meeting up at DEF CON each year. And while the annual NetSPI happy hour on the Las Vegas Strip is likely everyone’s top moment of the weekend, there were plenty of interesting talks held during the conference. Here are five talks worth watching on-demand if you didn’t catch them at the show:

  1. New Phishing Attacks Exploiting OAuth Authentication Flows – Jenko Hwong, Researcher at Netskope
    Overview: This talk details OAuth authentication flow for phishing and abusing refresh tokens to pivot and avoid audit log entries.
  2. Offensive Golang Bonanza: Writing Golang Malware – Ben Kurtz, Host of the Hack the Planet Podcast
    Overview: This talk breaks down why Golang is so useful for malware with a detailed tour through the available components used for exploitation, EDR and NIDS evasion, and post-exploitation, by one of the main authors of the core components.
  3. Hacking G Suite: The Power of Dark Apps Script Magic – Matthew Bryant, Red Team at Snapchat
    Overview: This talk delves into the dark art of utilizing Apps Script to exploit G Suite (AKA Google Workspace).
  4. Bundles of Joy: Breaking MacOS via Subverted Applications Bundles – Patrick Wardle, Creator of Objective-See
    Overview: This session provides an easy way to bypass all of Mac's native malware protections. For a summary of the bypass, view the slide at 24:50.
  5. Hacking Humans with AI as a Service – Eugene Lim, Glenice Tan, Tan Kee Hock
    Overview: They present the “nuts and bolts” of an AIaaS phishing pipeline that was successfully deployed in multiple authorized phishing campaigns.

The conversations around collaboration, securing the supply chain, ransomware, and more were invaluable. As were the opportunities for those that were able to meet safely in-person. Whether you were there in person, attended virtually, or simply kept an eye on the announcements/news coming out of the event, it feels great to feel a sense of community in the security space yet again.

Join Team NetSPI at Black Hat and DEF CON next year – we’re hiring!

[metaslider id=26145 cssclass=""]
[post_title] => Greatest Moments from Black Hat 2021 and DEF CON 29 [post_excerpt] => A recap of the events at Black Hat and DEF CON in 2021, featuring talks on collaboration, supply chain attacks, ransomware, Azure cloud pentesting, and much more. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => greatest-moments-black-hat-2021-defcon-29 [to_ping] => [pinged] => [post_modified] => 2021-08-16 13:12:05 [post_modified_gmt] => 2021-08-16 18:12:05 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=26144 [menu_order] => 10 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [1] => WP_Post Object ( [ID] => 25461 [post_author] => 89 [post_date] => 2021-05-25 00:00:00 [post_date_gmt] => 2021-05-25 00:00:00 [post_content] =>

RSA’s 2021 virtual conference wrapped up last week and inspired attendees around the theme of resilience. While the definition of resilience is “the capacity to recover quickly from difficulties,” the conference was equally focused on how to adjust an organization’s security posture to focus and prepare for proactive protection and cybersecurity readiness rather than incident response. As we consumed the content from the conference, we saw three common themes that resonated with us around change as a concept, proactive protection versus incident response, and the workforce implications of 2020. Read on as we dig deeper on these subjects.

Cybersecurity at the speed of change

In his RSAC session, Cisco’s Chairman and CEO Chuck Robbins rightly observed that the world transformed over the past year as it adjusted to a new, hybrid workplace model. He pointed to the fact that every organization in every industry focused on keeping their business resilient while facing more complexity than ever before. Speaking of complexity, he points to the security landscape. According to Robbins, employees, by just having 30 extra minutes on their mobile devices, created 20 percent more vulnerabilities than we would have in a normal time, vulnerabilities that could open organizations to breaches, hacks, and bad actors.

With the monetary loss from cybercrime, estimated at $945 billion in 2020 according to McAfee, managing risk should be critically important for all cybersecurity teams. And reportedly CISOs are paying attention by devoting time, attention, and funding to cybersecurity initiatives. Reported in VentureBeat earlier this year, global cybersecurity spending is expected to grow 10% in 2021 as new types of threats emerge along with an increasing volume of attacks. With enterprises adapting their infrastructure to new cloud architectures and new work configurations, the need to address potential vulnerabilities is taking on greater urgency.

With organizations across the country now working through return-to-office and work-from-home issues, one thing is clear: cybersecurity teams must plan for the fact that a portion of tomorrow’s workforce will be working out of their homes permanently. Robbins says that end-to-end encryption is foundational to being able to deal with all users, data and applications in this scenario.

Succeed with a more proactive cybersecurity program

Mary O’Brien, General Manager for IBM Security, and Mauricio Guerra, CISO for Dow Chemical, discussed putting zero trust into action to manage security and enable business. They said that today’s security leaders are now responsible for helping their businesses deliver new capabilities grounded in security – while also managing threats and compliance – with the zero trust security concept a cornerstone of proactive security programs that can help achieve these objectives.

Relatively in its infancy in adoption, CSO Magazine defines zero trust as a security concept centered around the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. Historically, organizations focused on defending their perimeter. Now, however, some of the most egregious data breaches happened because hackers, once they gained access inside corporate firewalls, were able move through internal systems without much resistance.

While in support of zero trust planning, we counsel our CISO clients to also develop a business-aligned vulnerability management program that takes into consideration the vulnerabilities that would have the most significant, negative impact on the business. A vulnerability management program looks at the most relevant threats that could exploit those vulnerabilities and remediation strategies as well as the controls needed to counter those threats. Such a strategy is built on a framework that enables, implements, and maintains the program and informs all security initiatives, controls, and processes.

Additionally, adding threat modeling to an organization’s cybersecurity arsenal is also critically important as the process looks at a system from an architectural level and identifies potential security design flaws. This is critical because, based on experience and empirical data, we know that almost 50 percent of security issues are design level flaws. Organizations must start doing threat modeling to uncover the inner workings of how its systems are working and interacting together and whether they pose a threat. It is essential to identify who would want to attack your systems, and where the assets are to understand the potential attack vectors and to best enable the appropriate security controls. This analysis takes place during threat modeling.

Promoting workplace culture without relaxing security

2020 was full of challenges, not only for our NetSPI team, but also for our clients. A prediction of ours heading into 2021 was that there would continue to be more security jobs than people to fill the roles. Even with the pandemic subsiding this has proven to remain true. Security leaders have been challenged to fill roles that require candidates with mid- to senior- level experience, and entry level job openings have continued to be in high demand. Hiring and the workforce and culture implications were popular topics at RSAC.

Jinan Budge with Forrester Research discussed the importance of putting people at the heart of security and aligning vision and approach to achieve strategic organizational security culture change. Further, we also believe strongly in the importance of culture within an organization, and that hiring for skills beyond the technical – like curiosity, memory recall, innovation – will foundationally help organizations grow and excel during times of talent shortages.

As CISOs focus on building strong teams with exceptional culture, organizations must also remain vigilant for insider threats. Protecting against internal threats should be part of any threat detection program; the SolarWinds breach also brought to light this under-discussed application security challenge. The frequency and financial impacts of insider threats—defined as a careless or negligent employee or contractor; a criminal or malicious insider; or a credential thief—has grown dramatically in just the past two years. In a recent Ponemon Institute study, the overall average cost of insider threats per incident increased by 31% from $8.76 million in 2018 to $11.45 million in 2020. In addition, the number of incidents has increased by a staggering 47% in just two years, from 3,200 in 2018 to 4,716 in 2020. This data shows that insider threats are still a lingering and often under-addressed cybersecurity threat within organizations, compared to external threats.

A thriving future

To quote RSA: “Because being resilient requires infinite strength. There can be no let ups. No breaks. No finish lines. Just an unending passion to evolve, adapt and do everything possible to protect the people and organizations that rely on us as their advocates. We will do more than survive. We will thrive.” Indeed. We stand fully behind RSA’s quote. The reality is that cybersecurity attacks today are inevitable and put organizations at grave risk making it imperative to stay one step ahead of adversaries by focusing on prevention-based security techniques. With a pat on the back to all professionals in this business, the cybersecurity profession not only survived the past 16 months, but all indicators also show that it is thriving.

[post_title] => RSA 2021 Conference Recap: Resiliency in the Face of Change [post_excerpt] => Read our recap of RSA 2021, where we highlight three common themes: change as a concept, proactive cybersecurity, and the workforce implications of 2020. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => rsa-2021-conference-recap-resiliency [to_ping] => [pinged] => [post_modified] => 2021-05-25 18:23:50 [post_modified_gmt] => 2021-05-25 18:23:50 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=25461 [menu_order] => 38 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [2] => WP_Post Object ( [ID] => 24940 [post_author] => 71 [post_date] => 2021-04-20 07:00:00 [post_date_gmt] => 2021-04-20 07:00:00 [post_content] =>

Unless you’re Pfizer, Moderna, or Johnson & Johnson, you may not consider your biotech or pharmaceutical organization a lucrative target for cyberattacks as COVID-19 vaccine production and distribution ramps up. However, it is important to note that the larger, well known organizations in the vaccine pipeline are well funded and staffed and have the ability to prioritize cyber security - and sophisticated adversaries know this well. In turn, this makes smaller organizations involved in vaccine development, distribution, and administration a prime target.

Notably, we expect to see increased threat activity among the small to midsized biotech organizations that are collecting patient data or have access to vaccine research and development (R&D) information. Whether or not your organization is working directly or indirectly with the COVID-19 vaccine, there’s a lot to learn from the security concerns and activity to date. In this article, we explore the motivations for vaccine cyber security threats, reasons why biotech organizations should prioritize security, and pragmatic steps organizations can take now to proactively prepare for imminent attacks.

The vaccine security threat landscape

Cybercrime is known to increase amid chaos or crisis, when people are the most vulnerable. And the COVID-19 pandemic is certainly no exception. Large-scale data breaches increased 273 percent in the first quarter of 2020 versus 2019. The U.N. Security Council reported a massive 350 percent increase in phishing websites in the first quarter of 2020, many targeting hospitals and healthcare systems. And now, capitalizing on the vaccine rollout, the number of phishing attacks targeting the healthcare industry increased by 189 percent from December 2020 to February 2021.

There are three realistic motivations for adversaries as it pertains to vaccine security: 1) the theft of personal health data, 2) to compromise business systems, and 3) to access intellectual capital. To gain a better understanding of the threat landscape, let’s take a deeper look at each scenario.

To steal sensitive health data:

Protected health information (PHI) includes identifiable information in a person’s health data records, such as health details, date of birth, Social Security number, fingerprints, and even financial information. Given biotech firms are working with patients to develop and test vaccines in a medical setting, they are also responsible for managing and securing PHI. PHI can be used by adversaries for identity theft, medical fraud, access computer networks, and to learn more about the capabilities and processes of an organization for future large-scale attacks.

To access intellectual capital:

An approved vaccine is a very valuable source of intellectual capital. COVID-19 vaccine production data is extremely valuable today as the global race to administer vaccines continues. Biotech firms house a lot of intellectual capital, from R&D information to vaccine formulas to testing and drug trial data, making them a lucrative target. According to research from F5, “threat actors in this case are advanced cyber attackers, either working for or hired by nation states. This makes them the most capable and well-resourced threat that organizations could face.”

In early 2021, the European Medicines Agency (EMA), a regulatory agency tasked with vaccine assessments and approvals for the EU, found that hackers stole COVID-19 vaccine data belonging to Pfizer and BioNTech. Further, leveraging intellectual capital for misinformation is another key motivator. The data in the EMA breach had been leaked online only after manipulating the exfiltrated data to undermine public trust in the vaccine.

To compromise business systems:

Whether it’s a ransomware attack on a healthcare organization or an attack on the vaccine appointment scheduling software, adversaries could also aim to interfere with business operations in the vaccine pipeline. Biotech firms have a critical role to play in ensuring the security of its partners.

Third-party security is a major challenge for healthcare organizations - and one that is very relevant to vaccine rollouts. A 2020 survey of healthcare CISOs, CIOs, and other C-suite leaders discovered that four out of five organizations experienced a cybersecurity breach precipitated by a third-party vendor over the past year.

Right now, there are many third-parties working hand-in-hand with biotech firms to coordinate the rollout of the COVID-19 vaccine, from logistics and transportation to the on-site distribution locations. How can we ensure each organization involved follows the right security protocols? A recent example of a third-party breach attempt is the targeted attacks on cold storage company Americold and global firm Miltenyi Biotec. The companies were targeted with cyberattacks in an apparent attempt to disrupt the vaccine supply chain.

Making the case for cyber security in biotech, pharma, and other healthcare industries

We recently attended a webinar on medical device security presented by Kevin McDonald, a cyber security advisor for Mayo Clinic. At the end of the discussion Kevin highlighted the core drivers for security investments in healthcare: patient care, revenue loss, and public perception.

Above all, continuation of patient care is the end goal of all security activities in healthcare organizations. Security is put in place to not hinder the quality of care, but to ensure it can continue without interruption from adversaries.

Revenue loss and public perception are fairly self-explanatory for most healthcare organization, but there are some nuances regarding the biotech industry. The goal of many biotech firms is to raise funds and eventually get purchased, and according to Silicon Valley Bank, in 2020 acquisitions of biotech startups increased. If your organization experiences a security breach, your chances and/or valuation may decrease given the increased risk and the reputational damage created.

4 security activities to implement to proactively protect your assets

Once you’re aware of the most likely risks, it’s important to understand the steps you can take to proactively protect your organization and its sensitive data. To get started, here are four activities we recommend:

  • Red teaming: Red team operations allow you to test your security controls and processes for a specific target or goal, such as vaccine formulas or patient social security numbers. Hire a red team or equip your internal red team with the right tools to simulate the stealthy approach a real adversary would take.
  • Detective control testing: Correctly configured detective controls are vital to network security. Test your detective controls against the tactics, techniques, and procedures (TTPs) used by real-world attackers to ensure your layers of
    defense in depth are working as intended.
  • Internal network penetration tests: Given the increase in phishing attempts and the vulnerability of humans in a crisis scenario, it’s likely that sophisticated adversaries will inevitably find a way to access your network. This is where internal network penetration tests prove necessary. An internal network
    penetration test
    evaluates a network for security vulnerabilities and provides actionable recommendations for remediation. It allows an organization to discover where your internal network gaps are before an adversary does.
  • Continuous testing: Often it is the case that an organization’s attack surfaces are only evaluated via a penetration test on an annual basis. Implementing more
    frequent, lighter touch tests
    throughout the year, or when a new technology or partner is added to your infrastructure, helps teams stay up to date on any recently introduced vulnerabilities.
[post_title] => Vaccine Security is Not Exclusive to Pfizer, Moderna, and Johnson & Johnson: Here’s Why [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => vaccine-security-biotech [to_ping] => [pinged] => [post_modified] => 2021-05-06 19:54:49 [post_modified_gmt] => 2021-05-06 19:54:49 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=24940 [menu_order] => 49 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) ) [post_count] => 3 [current_post] => -1 [in_the_loop] => [post] => WP_Post Object ( [ID] => 26144 [post_author] => 89 [post_date] => 2021-08-17 07:00:00 [post_date_gmt] => 2021-08-17 12:00:00 [post_content] =>

At the beginning of the month, the NetSPI team ventured out to Las Vegas for the highly anticipated Black Hat USA and DEF CON 29 cybersecurity conferences. Given the hybrid nature of the events this year, the crowd was much thinner and the halls of Mandalay Bay much quieter – reports mention that Black Hat attendance was one-fourth of a typical year’s attendance pre-pandemic. 

While quieter than usual, there were still many opportunities to connect with one another face-to-face, rather, mask-to-mask. I sat down with my colleagues who attended the conferences – both in-person and virtually – to get their take on what went down at the events this year. After all, “What happens in Vegas… gets posted on the NetSPI blog.” Right? From keynotes to topics/themes to hacks, read on for five of the greatest moments from Team NetSPI’s time in Las Vegas.

1. Call for collaboration: The Joint Cyber Defense Collaborative

Jen Easterly, the newly appointed head of the Cybersecurity and Infrastructure Security Agency (CISA), used her platform at Black Hat to build trust and personal relationships with the private sector. During her talk she noted her plans to continue the work that former CISA head Chris Krebs started, specifically around building relationships between CISA, the private sector, and government. 

Secretary of Homeland Security Alejandro Mayorkas delivered the final keynote at Black Hat which echoed much of Easterly’s call for collaboration. He took to the virtual stage to recruit security professionals to work for DHS and to talk about the need to diversify the workforce. He cited two specific ways hiring private sector professionals at DHS could increase collaboration: acting as a bridge between the hacker community and DHS as well as mentorship.

Both keynotes highlighted the Joint Cyber Defense Collaborative, a new CISA initiative that plans to “bring together public and private sector entities to unify deliberate and crisis action planning while coordinating the integrated execution of these plans.”

Read more about the keynote speeches online at SC Media:

2. Caution around supply chain attacks

Supply chain attacks are just getting started, warned Corellium COO Matt Tait during his keynote speech. He cited the exploitation of zero-day vulnerabilities as the driver for the increase in software supply chain attacks. Since 2014, the number of zero-day vulnerabilities detected “in the wild” has increased 236 percent. 

The road to securing the supply chain is not going to be easy, Tait reassured. But he did share his thoughts on two critical steps we can take to get started: improvements to bug bounty programs and Certificate Transparency. Contrary to the keynotes from Easterly and Mayorkas, Tait suggested that platform vendors hold most of the responsibility for securing the supply chain, and government intervention or regulation will not do much to address the problem.

For more, read Channel Futures and The Daily Swig’s coverage of the keynote.

3. Ransomware policy panel

The panel on ransomware policy solutions at DEF CON was a highlight for the NetSPI team. It featured co-chair of the Ransomware Task Force Chris Painter, security researcher Robert Graham, and lawyer Elizabeth Wharton.

They discussed the varying aspects and challenges of handling a ransomware attack. (Hint: it’s not as cut-and-dry as banning ransom payments). The panel debated the role of cybersecurity insurance, whether to pay a ransom, the need to understand the granular details of an attack, and more.

Robert Graham pointed out that the true problem with ransomware is that organizations aren’t looking at how the ransomware is getting into the systems, they’re focusing more on whether their recovery efforts are hardened. He brings up a great point and highlights a problem that NetSPI is helping to solve with its new Ransomware Attack Simulation service.

Info Security Magazine wrote a detailed recap of the panel – check it out.

4. Team NetSPI at DEF CON

We may be biased but learning from colleagues at DEF CON was certainly a “greatest moment” from the conference. This year, Portland-based practice director Karl Fosaaen and our newest NetSPI practice director Chad Rikansrud presented at the conference. 

Karl is one of the foremost experts on Azure penetration testing. His presentation at the DEF CON Cloud Village focused on Azure password extraction. In the talk he showcases how to use the password extraction functionality in MicroBurst, a toolkit he created that contains tools for attacking different layers of an Azure tenant. He also walked through a real example of how it was used to find a critical issue in the Azure permissions model that resulted in a fix from Microsoft. For those that missed Karl’s talk, register for his upcoming webinar: Azure Pentesting: Extracting All the Azure Passwords.

During Chad’s talk he and container security expert Ian Coldwater told the story of the first mainframe container breakout. They became the first people on the planet to escape a container on a mainframe, and they explain how they did it. Watch on YouTube: Crossover Episode: The Real-Life Story of the First Mainframe Container Breakout.

5. More DEF CON talks worth watching

Our services team looks forward to meeting up at DEF CON each year. And while the annual NetSPI happy hour on the Las Vegas Strip is likely everyone’s top moment of the weekend, there were plenty of interesting talks held during the conference. Here are five talks worth watching on-demand if you didn’t catch them at the show:

  1. New Phishing Attacks Exploiting OAuth Authentication Flows – Jenko Hwong, Researcher at Netskope
    Overview: This talk details OAuth authentication flow for phishing and abusing refresh tokens to pivot and avoid audit log entries.
  2. Offensive Golang Bonanza: Writing Golang Malware – Ben Kurtz, Host of the Hack the Planet Podcast
    Overview: This talk breaks down why Golang is so useful for malware with a detailed tour through the available components used for exploitation, EDR and NIDS evasion, and post-exploitation, by one of the main authors of the core components.
  3. Hacking G Suite: The Power of Dark Apps Script Magic – Matthew Bryant, Red Team at Snapchat
    Overview: This talk delves into the dark art of utilizing Apps Script to exploit G Suite (AKA Google Workspace).
  4. Bundles of Joy: Breaking MacOS via Subverted Applications Bundles – Patrick Wardle, Creator of Objective-See
    Overview: This session provides an easy way to bypass all of Mac's native malware protections. For a summary of the bypass, view the slide at 24:50.
  5. Hacking Humans with AI as a Service – Eugene Lim, Glenice Tan, Tan Kee Hock
    Overview: They present the “nuts and bolts” of an AIaaS phishing pipeline that was successfully deployed in multiple authorized phishing campaigns.

The conversations around collaboration, securing the supply chain, ransomware, and more were invaluable. As were the opportunities for those that were able to meet safely in-person. Whether you were there in person, attended virtually, or simply kept an eye on the announcements/news coming out of the event, it feels great to feel a sense of community in the security space yet again.

Join Team NetSPI at Black Hat and DEF CON next year – we’re hiring!

[metaslider id=26145 cssclass=""]
[post_title] => Greatest Moments from Black Hat 2021 and DEF CON 29 [post_excerpt] => A recap of the events at Black Hat and DEF CON in 2021, featuring talks on collaboration, supply chain attacks, ransomware, Azure cloud pentesting, and much more. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => greatest-moments-black-hat-2021-defcon-29 [to_ping] => [pinged] => [post_modified] => 2021-08-16 13:12:05 [post_modified_gmt] => 2021-08-16 18:12:05 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=26144 [menu_order] => 10 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [comment_count] => 0 [current_comment] => -1 [found_posts] => 3 [max_num_pages] => 0 [max_num_comment_pages] => 0 [is_single] => [is_preview] => [is_page] => [is_archive] => [is_date] => [is_year] => [is_month] => [is_day] => [is_time] => [is_author] => [is_category] => [is_tag] => [is_tax] => [is_search] => [is_feed] => [is_comment_feed] => [is_trackback] => [is_home] => 1 [is_privacy_policy] => [is_404] => [is_embed] => [is_paged] => [is_admin] => [is_attachment] => [is_singular] => [is_robots] => [is_favicon] => [is_posts_page] => [is_post_type_archive] => [query_vars_hash:WP_Query:private] => 755317badf9daffb5836be3b6b331d5b [query_vars_changed:WP_Query:private] => [thumbnails_cached] => [stopwords:WP_Query:private] => [compat_fields:WP_Query:private] => Array ( [0] => query_vars_hash [1] => query_vars_changed ) [compat_methods:WP_Query:private] => Array ( [0] => init_query_flags [1] => parse_tax_query ) )

Is your organization prepared for a ransomware attack? Explore our Ransomware Attack Simulation service.

X