Another memorable installment of the Latin American Security Analysts Summit has come and gone! This time it was held in the exquisite city of Santiago de Chile, where journalists from all over the region were greeted by Kaspersky Lab’s research team for two full days of knowledge and a little bit of leisure. This fifth edition of the conference was undoubtedly special for everyone thanks to a keynote delivered by our own Eugene Kaspersky, presenting on not only the current global threat landscape but also what the future holds for us when it comes to cybersecurity. The ‘Internet of Threats’ instantly caught the attention of the crowd, revealing the flipside of the coin of technological innovation: more and more devices are connected, but are they secure? Do companies really have an incentive to spend their time and money on security features before competitors beat them to the marketplace?
Despite pisco sour-fueled reception the night before, everyone still managed to look alive the first day and the venue was ready to accommodate more than thirty representatives from all over the region. The fifth edition of our regional summit celebrated in Santiago de Chile joined 34 journalists from 11 countries which participated in the two-day long conference. More than 80 interviews took place. In addition to top tier IT, general interest and business media from key markets in the region, we had the participation of international news wires such as EFE and Reuters. Media from the following countries participated: Argentina, Brasil, Chile, Colombia, Costa Rica, Guatemala, México, Paraguay, Perú, USA, and Venezuela. Attendees were eager to get an overview of the current regional situation, an expectation clearly met by Dmitry Bestuzhev’s presentation on our regional threat landscape. An interesting distinction was made between malware targeting home users and malware targeting companies, showing that not all threats are conceived with the same target in mind. The increase in mobile malware and the high percentage of OSX malware detections raised eyebrows, reinforcing the perception that no one is inherently safe from malware. It’s a numbers game and cybercriminals will shift their focus in a heartbeat if they think they can monetize their creations more swiftly on another platform.
Carlos Alvarez, a special guest from the non-profit organization ICANN, shared with us the importance of the DNS protocol nowadays and more so when we are on the verge of adopting IPv6 at a global scale. Maintenance of the root DNS servers has the clear intent of ensuring the network’s stable and secure operations, all the while allowing us to type convenient and memorable domain addresses instead of a set of dot-separated numbers that mean little to most of us. With that idea still fresh in our minds, brazilian Senior Security Researcher Fabio Assolini shared his investigations regarding modern financial threats that employ DNS hijacking and poisoning attacks. Every device in our home is connected through a modem or router provided by our ISP but what happens when this device is vulnerable to DNS hijacking? Fabio showed how a cybercriminal could change the device’s DNS settings to redirect the traffic to DNS servers under his control. Compromising one simple internet routing device seemed enough to get control of every little IoT gadget connected through it. What then when this is done at ISP-level?
Eugene Kaspersky’s keynote showed the harsh reality of cybersecurity, one where a silver bullet is simply not feasible but gladly we’ve already seen the worst type of threats envisioned for years to come. Organized cybercrime is a reality and it’s why Kaspersky Lab’s collaboration with international law enforcement agencies such as Europol and Interpol is so important nowadays. Cybercrime doesn’t know about frontiers and if we want to keep the bad guys at bay the cyber police needs to work globally and in conjunction with private companies that have the knowledge and expertise to provide them with the necessary information to advance their investigations. It was a thought-provoking speech, that set the right mood in the audience for what was yet to come in this first day of talks.
My colleague and fellow researcher Juan Andrés Guerrero-Saade was warmly welcomed by a great number of journalists after he announced the topic for his presentation ‘Journalists: targets of cyberespionage’. Leaving the academic format at the door, this presentation enticed all attendees to realise why they might pose an interesting target for cyberspies and taught them how to protect themselves from these attacks in a workshop-style manner. Demonstrating a wide range of tools to protect communications and the endpoint, the right equilibrium between security and convenience was discussed at length with custom-tailored content aimed for our regional attendees. It is a new world, and journalists usually deal with critical information that can get them in trouble if they don’t apply adequate procedures in protecting their online activities.
Appealing to popular wisdom, Mexican Security Researcher Roberto Martinez appeared on scene with a live demo of the security risks involved in trusting all your security to this new wave of internet-connected devices. With a bluetooth lock, he showed how a simple phishing attack could literally open the door for you to meet cybercriminals in real life. In addition, a myriad of possibilities is opened when we analyze the protocols which are used in these devices and how our entire life is uploaded to the cloud. Do you share your comings and goings with everyone else? In the near future, you just might…
Finally it was my turn to present on the state of ransomware. I was met with surprised looks from the audience when I began with a ransomware sample from 1989. The problem itself is not new, but has instead been dormant for many years only to be awakened by the latest improvements in the areas of cryptocurrencies and anonymous networks. The rise in the number of detections in ransomware (65% from 2014 to Q1 2015) demonstrates that this malware family is here to stay and we have only seen the beginning. My predictions of more ransomware targeting mobile and IoT devices was met with sad faces as I mentioned that in the near future ransomware just might lock you out of your fridge (and your iced beverage of choice) or disappoint you as you’re about to leave for work in your latest connected smart car. Right now, the threat is extremely visible in desktop environments, as too many campaigns are wreaking havoc at this time. Once again, collaboration between private companies and law enforcement may be the only way to go. As in the case of CoinVault which showed that Kaspersky’s joint effort with NHCTU yielded positive results for thousands of users who were able to recover their files thanks to our freely available decryption tool, which employs the keys seized and provided by the police.
The closing presentation was given by Dmitry Bestuzhev, this time delving into the depths of mobile implants. These devious creations have evolved into true artifacts of cyberespionage, intercepting communications of all types and being used as tracking devices by malicious campaigns. With the ubiquity of mobile phones and our extensive dependency upon them, we could carry our own pocket-sized worst enemy, inadvertently bringing a recording device into the discussion of sensitive topics. Even though many such implants exist for the Android operating system, we were taken on a tour of other ecosystems thus revealing that if a target is worth the investment an implant will be made.
But of course, all work and no play makes Jack a dull boy, so that’s why a tour to the ‘Cerro San Cristobal’ and the long awaited visit to ‘Estancia El Cuadro’ presented a comfortable and laid-back environment to discuss cybersecurity topics while learning about Chilean culture and enjoying a nice rodeo show with the characteristic ‘huasos’ at centerstage. The summit is a truly unforgettable experience that only gets better each year, and as we look forward to the sixth edition of our regional conference, we can only say… gracias Chile and I hope you can join us next time!
Our Fifth Latin American Security Analysts Summit in Santiago de Chile