![DR Technology Logo DR Technology Logo](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt4c091cd3ac9935ea/653a71456ad0f6040a6f71bd/Dark_Reading_Logo_Technology_0.png?width=700&auto=webp&quality=80&disable=upscale)
News, news analysis, and commentary on the latest trends in cybersecurity technology.
7 Sizzling Sessions to Check Out at RSA Conference 2023
Here are some of the most interesting, can't-miss sessions at the upcoming show in San Francisco.
![jumping fire flames against a black background jumping fire flames against a black background](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blted1ab6fbbb1ccfdf/64f173c33bf710d0c45dff3c/fire-Ivan-Kmit-Alamy.png?width=700&auto=webp&quality=80&disable=upscale)
Source: Ivan Kmit via Alamy Stock Photo
The RSA Conference (RSAC) is back again next week at the Moscone Center in San Francisco for its 2023 iteration, and, as usual, the event promises plenty of networking, over-the-top Expo Hall booths, and, crucially, education. But where to spend one's time (in between the sourdough sandwiches and nibbles of Ghirardelli, of course) is the real question.
The education agenda this year is a bit dizzying, offering 500-plus sessions, keynotes, and seminars, covering everything from hardware hacking and supply chain security, to advanced persistent threat (APT) research and malware analysis. Dark Reading editors have been talking to speakers and panelists for weeks, targeting some of the hotter topic areas, and identifying the latest trends.
Read on for a look at just some of our pregame coverage, including previews of interesting sessions on the dangers lurking in decommissioned network routers (hint: they're pretty scary), questioning how to evaluate the safety of artificial intelligence (AI) in the ChatGPT era (could any topic be hotter right now?), MITRE's rolling out of a framework for supply chain security, the Innovation Sandbox Awards, why criminals love extended Internet of Things (xIoT) devices so very, very much, and more.
MITRE plans to officially announce a prototype for its System of Trust (SoT) framework for evaluating supply chain risk at the RSA Conference (RSAC) 2023 in San Francisco next week.
Software supply chain risk and security received a loud wake-up call after high-profile attacks like SolarWinds and Log4j showcased the dangers of threat actors compromising vendors' software. Yet so far there hasn't been a common, agreed-upon way to define or measure risks coming from suppliers, service providers, vendors, and products and services.
MITRE's SoT aims to change all of that with its forthcoming announcement at RSAC 2023 of a prototype for its System of Trust (SoT) framework for evaluating supply chain risk at
"The System of Trust is very appealing because it gives a structure that's more comprehensive, well laid-out, and explains what kinds of risks" you have in your supply chain, in detail, explains Robert Martin, senior software and supply chain assurance principal engineer at MITRE Labs. That goes beyond traditional risk measurement and assessment tools, he notes.
SoT, part of MITRE's Risk Model Manager (RMM) platform, is now available for organizations to assess supply chain risk and security, as well as to view, edit, and customize the SoT framework content or export it for use as a subset framework. MITRE first debuted the SoT framework concept at RSAC 2022.
Read the full coverage: MITRE Rolls Out Supply Chain Security Prototype
Designing blue teaming exercises isn't easy, but one ransomware and cyber-extortion simulation scheduled for RSAC 2023 will demonstrate best practices.
"Boom! Your organization is hit with a ransomware attack," says Sherri Davidoff, CEO of LMG Security, in a first-look for Dark Reading of the planned tabletop exercise. "All systems are down. What do you do?"
To help teams know what to do, it's important to create a real-world scenario that will help identify gaps in incident response. But simulating realism requires a good deal of showmanship: storytelling, audio, and visual materials, and a certain creativity to generate the chaos and unpredictability you'd find in a cyberattack in real life.
"We try to leverage the experience that we've gained over the years of actually dealing with these attacks in the wild," notes Matt Durrin, director of training and research for LMG Security, "so we have elements that are in line with what a modern ransomware attack would look like."
For RSAC 2023, the simulation will be modeled after a classic LockBit attack, with some curveballs thrown in. The scenario to kick it off: All local data is encrypted and internal systems unrecoverable. The price to recover is $2.5 million, which will double after 48 hours.
Read the full coverage: Designing Tabletop Exercises That Actually Thwart Attacks
The need for complying with government rules, securing post-pandemic distributed workforces, and improving AI capabilities is driving the cybersecurity startup scene this year, as demonstrated by the 10 finalists from the RSA Conference 2023 Innovation Sandbox competition.
However, the overarching theme across the nominations seems to be application security (AppSec). Omdia senior principal analyst Rik Turner attributes the continued rise in AppSec interest to the growth of remote access fueled by the COVID-19 pandemic that closed offices and schools worldwide; that has meant a reliance on software-as-a-service apps and mobile solutions, which are created out of hundreds of components and API connections, many of them third party.
"With modern app architecture increasingly componentized and ever more willing to reach out to third-party apps for services such as payments and maps, threat actors can now compromise one website to gain access to the apps on many others," Turner said.
At the live event on Monday, April 24, judges will hear presentations from these 10 finalists, listed in alphabetical order: AnChain.AI, Astrix Security, Dazz, Endor Labs, HiddenLayer, Pangea, Relyance AI, SafeBase, Valence Security, and Zama.
Read the full coverage: AppSec Looms Large for RSAC 2023 Innovation Sandbox Finalists
When ransomware strikes, how much should you gamble on your resources and opponents' intentions? How can you deal yourself a rational, informed hand when weighing your options after an attack?
In a session next week at RSAC, Brandon Clark, CEO and founder of cybersecurity consulting firm Triton Tech Consulting, plans to lay out a rational strategy for navigating ransomware response, including how to determine whether a company should pay up.
To start with, organizations need to know what's at stake — such as knowing what system resiliencies there are, what it's going to cost if something is not available — as well as what resources they have available to recover systems on their own, such as if they have good backups and segmentation tools, he says. Other factors to weigh include the risk that the attackers won't actually unlock the systems if paid or the likelihood of them striking a second time.
In some cases, there's a moral aspect to the decision. When ransomware actors target hospitals with potentially life-threatening attacks, for example, "What's the moral obligation we have to our customers to get our customers back up and running?" Clark asks. "If systems are down with ransomware and a patient dies, should they have paid the ransom just to have their systems back?"
Check out the full coverage: High-Stakes Ransomware Response: Know What Cards You Hold
Extended IoT devices (xIoT), present in large numbers in enterprise networks, often undersecured, and typically not well monitored, represent a top opportunity for cybercriminals looking to gain a foothold within organizations.
In an upcoming session at RSAC 2023, security researcher and strategist Brian Contos will offer a range of hacking demonstrations of these devices. He will also discuss how they can be used as a pivot point to attack on-premises devices and in-cloud devices, to steal sensitive data, maintain persistence, and evade detection.
As Contos explains, there are three buckets of xIoT for security teams to consider: enterprise IoT devices, like cameras, printers, IP phones, and door locks; operational technology (OT) devices, like industrial robots, valve controllers, and other digital equipment that control physics in industrial settings; and general network devices, like switches, network attached storage, and gateway routers.
"They're network connected, and you can't install any additional 'stuff' on them," he explains. "So you can't put a firewall, or an IPS, or antimalware on them. So all of the traditional IT controls don't necessarily fit well in this world of xIoT."
Contos' hacking demonstrations will demonstrate everything from turning off power to destroying an asset, and from exfiltrating sensitive data to moving laterally. He will also share information on xIoT hacking tools that nation-state actors have built and explain how the threat actors are putting serious money into investing in these kinds of attacks.
Check out the full coverage: Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement
Learning how to break the latest AI models is important to identify security weaknesses, but security researchers should also question whether there are enough guardrails to prevent the technology's misuse.
That's the word from Davi Ottenheimer, vice president of trust and digital ethics at Inrupt, a startup creating digital identity and security solutions. Ottenheimer will take the stage at RSAC 2023 to discuss the need to develop better approaches to testing, not just of the security, but the safety of the use cases for machine-learning and AI models. These include ChatGPT, self-driving vehicles, and autonomous drones.
A steady stream of security researchers and technologists have already found ways to circumvent protections placed on AI systems, and society needs to have broader discussions about how to test and improve safety, says Ottenheimer. That's because if AI models are quickly adopted without adequate study, they may make their way into critical applications, where they could be attacked or fail spectacularly, he says.
"It's actually super easy to make them fail," Ottenheimer says. "Most people are looking at it as, 'Can I fool it in this one area?' but that's not the discussion you should be having, because … you're using this technology in a totally inappropriate way."
Check out the full coverage: Pentesters Need to Hack AI, but Also Question Its Existence
Researchers are warning about a dangerous wave of unwiped, secondhand core routers found containing corporate network configurations, credentials, and application and customer data.
After purchasing several decommissioned core routers — Cisco Systems ASA 5500, Fortinet FortiGate, and Juniper Networks SRX Series Services Gateway routers — Eset researchers found that nine of out of 16 still held sensitive core networking configuration information, corporate credentials, and data on corporate applications, customers, vendors, and partners.
In fact, the researchers "found complete layouts of various organizations' inner workings" that, in the hands of threat actors, would provide a network topology map for attack, according to the Eset researchers' white paper on the router research, released April 18.
Nearly 90% included router-to-router authentication keys and details on applications connected to the networks, some 44% had network credentials to other networks (such as a supplier or partner), 33% included third-party connections to the network, and 22% harbored customer information.
"I have the entire network topology of their core infrastructure, both internal and external, like cloud assets," Eset researcher Cameron Camp tells Dark Reading.
Recycled and repurposed computing equipment traditionally has been a fraught area. Over the years hard drives, mobile devices, and printers have been found improperly cleansed of sensitive data. In 2019, a study conducted by Rapid7 found just two out of 85 devices had been properly wiped before they were handed off to secondhand sellers or recycling services.
Camp will present the findings in full at RSAC 2023 next week, along with Eset security evangelist Tony Abscombe.
Read the full coverage: Recycled Core Routers Expose Sensitive Corporate Network Info
Researchers are warning about a dangerous wave of unwiped, secondhand core routers found containing corporate network configurations, credentials, and application and customer data.
After purchasing several decommissioned core routers — Cisco Systems ASA 5500, Fortinet FortiGate, and Juniper Networks SRX Series Services Gateway routers — Eset researchers found that nine of out of 16 still held sensitive core networking configuration information, corporate credentials, and data on corporate applications, customers, vendors, and partners.
In fact, the researchers "found complete layouts of various organizations' inner workings" that, in the hands of threat actors, would provide a network topology map for attack, according to the Eset researchers' white paper on the router research, released April 18.
Nearly 90% included router-to-router authentication keys and details on applications connected to the networks, some 44% had network credentials to other networks (such as a supplier or partner), 33% included third-party connections to the network, and 22% harbored customer information.
"I have the entire network topology of their core infrastructure, both internal and external, like cloud assets," Eset researcher Cameron Camp tells Dark Reading.
Recycled and repurposed computing equipment traditionally has been a fraught area. Over the years hard drives, mobile devices, and printers have been found improperly cleansed of sensitive data. In 2019, a study conducted by Rapid7 found just two out of 85 devices had been properly wiped before they were handed off to secondhand sellers or recycling services.
Camp will present the findings in full at RSAC 2023 next week, along with Eset security evangelist Tony Abscombe.
Read the full coverage: Recycled Core Routers Expose Sensitive Corporate Network Info
The RSA Conference (RSAC) is back again next week at the Moscone Center in San Francisco for its 2023 iteration, and, as usual, the event promises plenty of networking, over-the-top Expo Hall booths, and, crucially, education. But where to spend one's time (in between the sourdough sandwiches and nibbles of Ghirardelli, of course) is the real question.
The education agenda this year is a bit dizzying, offering 500-plus sessions, keynotes, and seminars, covering everything from hardware hacking and supply chain security, to advanced persistent threat (APT) research and malware analysis. Dark Reading editors have been talking to speakers and panelists for weeks, targeting some of the hotter topic areas, and identifying the latest trends.
Read on for a look at just some of our pregame coverage, including previews of interesting sessions on the dangers lurking in decommissioned network routers (hint: they're pretty scary), questioning how to evaluate the safety of artificial intelligence (AI) in the ChatGPT era (could any topic be hotter right now?), MITRE's rolling out of a framework for supply chain security, the Innovation Sandbox Awards, why criminals love extended Internet of Things (xIoT) devices so very, very much, and more.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024