Network security monitoring: 3 sessions to attend at DEF CON® 29
Minim is heading to DEF CON® 29 to gather the latest cybersecurity insights from the world’s largest computer security conference. With the global cost of cybercrime forecasted to reach $10.5 trillion USD by the end of 2025, we're keeping an eye out for actionable, immediate ways that users and businesses can patch vulnerabilities and protect sensitive data. There are three security sessions that we are especially excited to attend.
What is DEF CON® 29?
When: August 5, 2021—August 8, 2021
Where: This is a hybrid event. There will be an in-person experience at the Paris and Bally’s Hotel and Casinos in Las Vegas, Nevada, as well as a virtual conference on DEF CON®’s official Discord. It is free to attend virtually.
About: Since its founding in 1993, DEF CON® has grown to become a globally-recognized conference where security-enthusiasts can exchange knowledge on improving the state of physical and digital defenses. This year’s theme is “Can’t Stop the Signal.”
As stated by DEF CON® 29, “We gather ourselves together, we work on each other’s projects and we keep an eye out for the others tuned to the same frequency.” The 2021 conference is set to host around 115 speakers with various presentation topics, including major current cybersecurity issues like phishing and data stacks.
Where to find the latest on network security monitoring and proactive network protection
While attendees can learn from many events and panels at DEF CON® 29, these three security sessions caught our eye:
“A Look Inside Security at the New York Times, Or A Media Security Primer for Hackers.”
Attacks against media companies have continued to rise as hackers strive to gain leverage through public exposure. Just last December, Funke Media Group, Germany’s third-largest magazine and newspaper publisher, was held hostage by a ransomware attack that infected over 6,000 of the enterprise’s computers. In the US, accessing copyrighted and protected data for blackmail purposes via ransomware is now considered a national security threat, especially following the Colonial Pipeline hack in April.
Jesse “Agent X” Krembs, a regular of the DEF CON® scene and a current staff security analyst at The New York Times, will host an in-person panel at DEF CON® 29 on dealing with technical problems that can impact media security. His discussion will also cover how hackers can become involved at a company and what behaviors best suit a journalist.
“New Phishing Attacks Exploiting OAuth Authentication Flows.”
Another cybersecurity panelist and member of the Netskope Threat Research team, Jenko Hwong, plans to demo new phishing attacks while presenting tools to reduce their success. With improved login technologies such as OAuth 2.0, logging into streaming platforms or TV accounts via phone or computer authentication is easier and more popular than ever.
However, easing a user’s access also opens the door for more sophisticated cyberattacks. The hack of the OAuth tokens allows attackers to bypass re-authentication for account access, abusing the use of the login token.
In June of 2021, cybercriminals were able to utilize an exploit vector in Google Docs to prompt victims to download a document. If downloaded, the “document” took the user to a mock Google Account login site where their personal could be input and stolen. According to the FBI, phishing attacks like this accounted for close to $54 million in losses in 2020.
Hwong’s in-person panel will give viewers defensive measures to help their companies deal with detection, mitigation, and prevention issues.
“The Unbelievable Insecurity of the Big Data Stack: An Offensive Approach to Analyzing Huge and Complex Big Data Infrastructures.”
Upgrades and new systems can create a sharp learning curve for companies looking to modernize their data stacks, but the benefits are evident. Narrative Science recently made the switch to cloud storage and saw an increase in ROI on existing data investments, which in turn, increased their value and speeds. Shifting data storage also allows for shorter provisioning cycles and rapid capacity alterations, says EnterpriseDB CTO Marc Linster.
But the advantages do not come without risk. Set to be hosted by Sheila A. Berta, the Head of Research at Dreamlab Technologies, this DEFCON session will bring into question the safety of storing, transporting, and processing records that make up Big Data infrastructures. The issue with the movement of data, according to Berta, is that the processes are too complex. There is no set approach or protocol for filling out security assessments or identifying a security problem.
In this virtual-only presentation, Berta will demonstrate a methodology that will address layers within the Big Data Stack, including Data Ingestion, Data Storage, Data Processing, and Data Access.
Let's chat about DEF CON® 29!
Though we just brushed on only three of the panels offered at DEF CON® 29, there are plenty more for attendees to explore while at the conference. If you would like to speak to a Minim team member at the conference or virtually, email firstname.lastname@example.org or get in touch with us below!
For the full DEF CON® 29 schedule and speaker list, check out their website.