Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/20/2014
03:10 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Website Attack Attempts Via Vegas Rose During Black Hat, DEF CON

Data snapshot from Imperva shows major jump in malicious activity during security and hacker conferences in Sin City.

On a "normal" day, an average of 20 malicious web traffic events originating in Las Vegas hit Imperva's security customers. During Black Hat USA and DEF CON earlier this month, that number jumped more than 100 times the volume, according to a snapshot of data the firm compiled.

Barry Shteiman, director of security strategy at Imperva, was curious about just how much more malicious activity really does occur during big hacker-heavy conferences like Black Hat and DEF CON, so he measured the malicious traffic coming from Las Vegas the week of the two major shows and found the number reached a high of 2,612 web attacks aimed at its customers.

"I decided to test for attack traffic originating in Las Vegas during BlackHat and Defcon, and a month prior to that in order to correlate to baseline. In order to do that, we collected all of the security events during that time period from our Community Defense system, mapped Geo IPs for Nevada state, and Las Vegas specifically, then we queried the Community Defense data set for all source IPs that were in the US," Shteiman wrote in a blog post today. "Finally, we summarized by date and where the city itself is Las Vegas."

He says there also was a spike in attack volume during the NAACP's conference in Vegas in July. That means that "either that a large crowd in a conference scale event may cause a growth in attack volume due to malware on computers, or attackers are attending the conference and performing their attacks from there," he says.

With Black Hat and DEF CON, an increase in attack traffic wouldn't be too surprising in general. But the jump he spotted was intriguing: "They have some of the brightest security/hacking minds in the world attending. Those guys who read every link before they click, run custom operating systems in cases and are generally very aware to security and thereforeare less likely to be drive-by victims of hacking -- for that reason, seeing numbers that high is more substantial at a hacker conference than in other conferences," he says.

The attack volume rose at the start of Black Hat, dropped toward the end, and then began to increase at the start of DEF CON, he says. "A day after everything ends, the numbers are back to norm," he says.

Shteiman warns that the data is more of an "interesting snapshot" than a true trend, but it makes you think. His full post with data and graphics is here.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/24/2014 | 6:10:57 PM
Re: Odd
It is an interesting stat, but I read it as the transition from one show to the other. 
DFER1
50%
50%
DFER1,
User Rank: Apprentice
8/22/2014 | 6:23:02 PM
Odd
One part of the article doesn't make any sense: "The attack volume rose at the start of Black Hat, dropped toward the end, and then began to increase at the start of DEF CON".

Black Hat and DEF CON overlap!  Thursday is the last day of BH and the first day of DEF CON.  That little fact makes me doubt the whole article, not to mention the source of the data is a security vendor.
bshteiman
50%
50%
bshteiman,
User Rank: Apprentice
8/21/2014 | 2:59:23 PM
Re: Correlations
I believe that there is always a certain climb of traffic/attack traffic when a big conference is in town, since many people come with their internet-needy computers, and those may be infected by malware etc...

In a hacker conference, its different. since A. the users are more security savvy and security-space-educated and are less likely to produce hijacked traffic. therefor it is more likely that attack traffic is generated from that unique crowd.

Barry Shteiman.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
8/21/2014 | 8:51:52 AM
Correlations
For BlackHat and DefCon this makes sense. An area is most vulnerable when there are less people patrolling it. This principle is followed here. But for what reason might there be a spike in volume for the NAACP conference?
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4815
PUBLISHED: 2021-01-27
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.
CVE-2020-4816
PUBLISHED: 2021-01-27
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-For...
CVE-2020-4820
PUBLISHED: 2021-01-27
IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2020-4967
PUBLISHED: 2021-01-27
IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.
CVE-2020-36012
PUBLISHED: 2021-01-27
Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.