Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/20/2014
03:10 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Website Attack Attempts Via Vegas Rose During Black Hat, DEF CON

Data snapshot from Imperva shows major jump in malicious activity during security and hacker conferences in Sin City.

On a "normal" day, an average of 20 malicious web traffic events originating in Las Vegas hit Imperva's security customers. During Black Hat USA and DEF CON earlier this month, that number jumped more than 100 times the volume, according to a snapshot of data the firm compiled.

Barry Shteiman, director of security strategy at Imperva, was curious about just how much more malicious activity really does occur during big hacker-heavy conferences like Black Hat and DEF CON, so he measured the malicious traffic coming from Las Vegas the week of the two major shows and found the number reached a high of 2,612 web attacks aimed at its customers.

"I decided to test for attack traffic originating in Las Vegas during BlackHat and Defcon, and a month prior to that in order to correlate to baseline. In order to do that, we collected all of the security events during that time period from our Community Defense system, mapped Geo IPs for Nevada state, and Las Vegas specifically, then we queried the Community Defense data set for all source IPs that were in the US," Shteiman wrote in a blog post today. "Finally, we summarized by date and where the city itself is Las Vegas."

He says there also was a spike in attack volume during the NAACP's conference in Vegas in July. That means that "either that a large crowd in a conference scale event may cause a growth in attack volume due to malware on computers, or attackers are attending the conference and performing their attacks from there," he says.

With Black Hat and DEF CON, an increase in attack traffic wouldn't be too surprising in general. But the jump he spotted was intriguing: "They have some of the brightest security/hacking minds in the world attending. Those guys who read every link before they click, run custom operating systems in cases and are generally very aware to security and thereforeare less likely to be drive-by victims of hacking -- for that reason, seeing numbers that high is more substantial at a hacker conference than in other conferences," he says.

The attack volume rose at the start of Black Hat, dropped toward the end, and then began to increase at the start of DEF CON, he says. "A day after everything ends, the numbers are back to norm," he says.

Shteiman warns that the data is more of an "interesting snapshot" than a true trend, but it makes you think. His full post with data and graphics is here.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/24/2014 | 6:10:57 PM
Re: Odd
It is an interesting stat, but I read it as the transition from one show to the other. 
DFER1
50%
50%
DFER1,
User Rank: Apprentice
8/22/2014 | 6:23:02 PM
Odd
One part of the article doesn't make any sense: "The attack volume rose at the start of Black Hat, dropped toward the end, and then began to increase at the start of DEF CON".

Black Hat and DEF CON overlap!  Thursday is the last day of BH and the first day of DEF CON.  That little fact makes me doubt the whole article, not to mention the source of the data is a security vendor.
bshteiman
50%
50%
bshteiman,
User Rank: Apprentice
8/21/2014 | 2:59:23 PM
Re: Correlations
I believe that there is always a certain climb of traffic/attack traffic when a big conference is in town, since many people come with their internet-needy computers, and those may be infected by malware etc...

In a hacker conference, its different. since A. the users are more security savvy and security-space-educated and are less likely to produce hijacked traffic. therefor it is more likely that attack traffic is generated from that unique crowd.

Barry Shteiman.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
8/21/2014 | 8:51:52 AM
Correlations
For BlackHat and DefCon this makes sense. An area is most vulnerable when there are less people patrolling it. This principle is followed here. But for what reason might there be a spike in volume for the NAACP conference?
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21196
PUBLISHED: 2021-04-09
Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21197
PUBLISHED: 2021-04-09
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.