About
"Distrust and caution are the parents of security" - Benjamin Franklin
In a presentation on the second day, “Humans Are the Weakest Link,” Valery Boronin, Director DLP Research, R&D at Kaspersky Lab and Vera Trubacheva, a System Analyst at Kaspersky Lab, put DLP 1.0 (or at least a small stuffed animal) on trial, so to speak. Underscoring that when it comes down to it, end-users are responsible for security, the two discussed why human awareness is of the utmost importance when it comes to understanding potential security threats.
Investigators from Interpol, the Dutch High Tech Crime Unit (NHTCU), Germany’s Bundeskriminalamt (BKA), and the General Directorate for the Romanian Intelligence and Internal Protection (GDIIP) participated in a panel moderated by Threatpost editor Paul Roberts on the first day of the conference. The officials stressed that stagnant law, a lack of internal cooperation and advocates staunchly in favor of privacy frequently impede justice.
In a talk titled “To Boldly Go!” Peter Zinn, Senior Cybercrime Advisor for the Dutch National High Tech Crime Unit (NHTCU) spoke on his agency’s battles against online crime. Zinn detailed how the NHTCU was able to apprehend the operator of the Bredolab botnet after his girlfriend posted to her Facebook on his laptop and how social media tools like Google Maps and Flickr to hunt down cybercriminals responsible for child pornography and other “victimless” crimes. Looking to grow exponentially in the near future, Zinn claims the NHTCU will double in size this year – from 30 to 60 people.
At one point during his talk on the conference’s second day, Kaspersky Lab researcher Fabio Assolini shows video of criminals affixing card skimming devices in broad daylight, in the presence of other bank customers. Assolini’s talk was on this so-called “Chupacabra malware,” and how the skimmers can “suck” the credit card information of unsuspecting users in parts of Brazil.
Paul Judge, chief research officer at Barracuda Networks shared results from a five month study the company conducted in which they analyzed over 3,000 fake Facebook profiles.
Boldizar Bencsath discussed several recent targeted attacks, including Duqu, an attack he experienced firsthand. Bencsath led a small group of researchers in September 2011 in the Laboratory of Cryptography and System Security (CrSyS) of Budapest University of Technology and Economics, to identify the first strains of Duqu malware.
In a keynote on Thursday, Brad Arkin, Adobe’s Senior Director of Product Security and Privacy spoke on driving up the cost of exploits in products like Reader and Flash Player in an attempt to thwart would-be attackers. Fixing every security bug is often impossible, so instead of writing flawless code, Adobe and other vendors have begun actively seeking ways to make it hard on those trying to break their software.
At Kaspersky Lab’s Security Analyst Summit last week, over 100 researchers and law enforcement officials converged in Cancun, Mexico over the course of five days to network and discuss a veritable cornucopia of security topics. Topics such as privacy, SCADA and PLC security, tracking cybercriminals and the evolution of malware were discussed in depth. Flip through the following slides to see a collection of speaker highlights from SAS 2012.
Threatpost editor Paul Roberts talks with Adobe’s Senior Director of Product Security and Privacy, Brad Arkin on patch management, driving up the cost of exploits and the amount of manpower that goes into recovering from zero days.
Threatpost editor Dennis Fisher and Kaspersky Lab’s Costin Raiu discuss the timing of the Duqu attacks, how that may hint at the identities of its creator and what other mysteries about the worm remain.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
