DEFCON cybersecurity highlights
To keep business executives on top of cybersecurity news in a way that benefits operations and cyber readiness, we’re sharing some highlights from the DEF CON 29, aka DEFCON, conference with pointers that get you to take action or think about what’s next for your cybersecurity posture. Also, as cybersecurity professionals engage more and more with cybersecurity issues that affect business, the annual DEFCON conference has become an important event for cybersecurity education.
Some of this year’s DEFCON topic lineups were on exploiting vulnerabilities in Windows and macOS/iOS; DNS issues; cryptography weaknesses and the compromising of security tools.
The talk by two cybersecurity experts on the theme “Reverse-Engineering Windows 10 Lockdown: No Escape (Or Was There?)”, introduced to cybersecurity professionals how Microsoft works most effectively when it comes to security systems in its latest flagship operating system – Windows 10. This also included discussing some weaknesses of these systems.
What you want to keep in mind with cybersecurity for all the applications you use to conduct business is that vulnerabilities are always potentially present and setting up the security setting of your applications and software programs, such as Windows and macOS/iOS is important.
If you have a cybersecurity executive on your team, ensure they check the settings for in-office and remote worker applications and software always. Also, ensure patching takes place regularly.
When it comes to DNS issues, one of the cybersecurity experts that spoke about it at the conference highlighted how it is getting worse over time and went as far as saying that this cybersecurity issue will eventually cause havoc for businesses in a number of sectors.
Here are some of the DNS threats you want to watch out for and steps you can take to protect your business from them.
The first on the list is typosquatting, which is the practice of registering domain names that are confusingly similar to existing popular brands. It is typically a problem for trademark attorneys, but in recent years it has been found to also present a risk to the confidentiality of corporate secrets. The way you want to protect from this type of DNS threat is by monitoring newly registered domain names to see if there are any similar to yours. You can do this for free through registries or by looking into companies that offer digital brand management services.
Another DNS threat are DDoS attacks. Even though it’s not an actual DNS threat, the DNS is vulnerable to these types of attacks because it represents a logical choke point on the network that is overlooked by organizations and it doesn’t matter how overprovisioned a website is, if the DNS infrastructure can’t handle the incoming requests it receives (which are a lot with DDoS attacks), the performance will be disabled or degraded. To reduce this type of risk, you want to engage in a managed DNS provider or build your own managed DNS service.
Also keep in mind registrar hijacking and cache poising. For registrar hijacking you want to choose a registrar that provides you with additional security precautions such as multi-factor authentication (MFA) or account managers and for cache poisoning remember that poor configuration choices in DNS servers are what allow for cyber criminals to inject fraudulent addressing information into caches.
When it comes to cybersecurity weaknesses in cryptographic systems discussed at DEFCON, what was highlighted in the cybersecurity assessment of the body of evidence during the process of the talk were: weak nonces, padding oracle attacks, misuse of AES modes, and NIST 800-53 control configurations. What will help you to defend from cryptographic cybersecurity weaknesses include patching, updating, monitoring, and being aware of cybersecurity issues.
In regard to the compromising of security tools, cybersecurity experts at DEFCON talked about this issue as a current cybersecurity challenge, which needs more awareness. At the moment, cybersecurity experts have no way to actually protect cybersecurity tools from being hacked and compromised. However, as mentioned by one of the experts at the conference, some cybersecurity tools are more secure than others.
Studies have found that attackers who might want to attack encryption and exploit it can do so by exploiting insecure implementations in software or hardware. However, there isn’t a lot of research on weaknesses and vulnerabilities in cybersecurity tools as how they’re used is considered proprietary information.
Additionally, the security of end-user devices and how it is affected by cybersecurity loopholes is important, as well as passwords since they are a major way in which data is either leaked or stolen by cybercriminals. Password vulnerabilities can be prevented with two-factor authentication. Also, staying alert to the dangers of connected devices is something you want to keep in the forefront.
With the proper steps every business can protect from these cybersecurity risks and more.
A holistic cybersecurity posture always sets you up to protect from ongoing threats and new cyber risks. In addition, you also get your business to meet compliance requirements for business growth such as CMMC or NIST 800-171.
Reach out if you need support with cyber resiliency.
Photo courtesy of Ollyy