Entrust at RSA: “Is It You, Or Is It the Malware?”
In case you missed it, Entrust’s Jason Soroko (@jasonsoroko), who’s head of malware research, is doing real-time, split-screen key-logging demos via Metasploit, an anti-forensic and evasion detection tool.
It’s live. It’s cool. And it’s going on each day at Entrust Booth 1139.
But, your biggest takeaway from his presentation? Single-factor authentication is absolutely unsecure, and username-and-password schemes should be not considered safe with advanced malware on the prowl.
Why? Online criminals simply don’t need to crack passwords anymore. Key-logging malware is well-crafted and does most of the heavy lifting for them. And because of the advancements in social engineering, it’s quite easy for malware to infiltrate the desktops of someone in just about any organization.
Soroko’s live demo is something you don’t want to miss. You’ll see first-hand how simple it is to intercept real credentials via applications easily available online.
His final sessions are Wednesday (today) at 4 p.m. PST and again Thursday (tomorrow) at 11:30 a.m. PST.
The worst part? By the time the malware is identified and removed — and that’s assuming that it’s actually ever found — the damage has been done and the identity has been hacked.
For example, as Jason shows, ZeuS easily penetrates your system, is skillful at remaining undetected, and is based on architecture that’s core to Microsoft Windows and, to do date, can’t be patched.
There is good news. Secure mobile devices — sorry, Jailbreakers, you don’t qualify —are not susceptible to any current malware that’s capable of executing attacks from application to application. ZeuS-in-the-mobile (ZITMO), for example, exploited SMS redirection within the Google Android OS — a vulnerability the industry has known for some time.
Other basic mobile malware only has gained access to contacts, calendars, photos, etc. The individual apps (e.g., banking, finance, enterprise) remain secure on non-jailbroken devices.
Even better, Entrust’s mobile security solutions perform routine jailbreak detection so organizations and enterprises know that staff aren’t jailbreaking their devices in bring-your-own-device (BYOD) environments. If they do jailbreak their device, any and all Entrust identity credentials are immediately wiped from the device.
Reading about the dangers of malware is interesting enough. But seeing the ease and simplicity of a real-time demo is truly eye-opening. Don’t miss Jason’s presentation this week at Entrust Booth 1139.
Entrust at RSA Conference 2013 | Moscone Center | Booth 1139
- Entrust at RSA: Welcome to San Francisco
- Entrust at RSA: The Week Ahead
- Entrust at RSA: Ready for Day 2
- Entrust at RSA: Secure Mobile, Leverage Mobile
- Entrust at RSA: Day 3 Is A Go
- Entrust at RSA: “Is It You, Or Is It the Malware?”
- Entrust at RSA: The Final Day
- Entrust at RSA: Advanced Authentication for CJIS Compliance
- Entrust at RSA: We’re Out