Dan Demeter
Security Researcher Kaspersky Lab Romania
BIOGRAPHY
Dan graduated from Imperial College London and holds a Master of Engineering in Software Engineering. He joined Kaspersky Lab in 2014 and currently holds the position of Security Researcher. His work focuses on developing threat intelligence systems, processing big data and creating new technologies to fight advanced persistent threats. When not meddling around with network cables or bricking routers he can be found playing board games and snowboarding the slopes across the world.
Back to the IoT Future: Where Marty controls all your routers
The talk is focused on the latest trends and attacks made against devices connected on networks serviced by large Romanian ISPs so the research might be relevant to some of the people in the audience.
“Those that fail to learn from history, are doomed to repeat it.” — Winston Churchill
By 2020, Gartner expects the number of IoT devices to explode to almost 21 billion connected devices. By it is not the future we should be looking for when trying to predict the (in)security of some of these devices. Lessons learned from the past show us that internet worms will most likely attempt to infect unprotected or poorly managed devices. Examples are plenty: from the famous Morris worm (1988) to the nowadays widespread Mirai backdoor (2016).
History repeats itself: all these IoT devices have in common insecure default configurations and/or running software with bugs. Instead of trying to infect users’ machines with malware, cybercriminals realized that sometimes it is easier to just hijack connections to high traffic websites such as Facebook for instance. This is done by changing the device’s DNS settings to point to a rogue server. Intercepting these high traffic websites, the rogue DNS servers will silently redirect the websites to attacker-controlled web servers. From there, the possibilities are endless.
This attack method is generally undetected by the average user, thus allowing the attackers to keep their campaigns under the radar for a longer time. During the last 2 years we have monitored the DNS hijacking attacks against IoT devices and researched how these devices remain in compromised state for long periods of time. The second part of our research was identifying the websites that were hijacked by the rogue DNS servers. By following the attacker’s footsteps we dive into the world of DNS hijacking, exposing the aftermath of Operation Ghost Click. Sadly, their attack vector increases daily, as more and more insecure IoT devices are being connected to the grid.
This presentation will cover:
* Building and running an IoT honeypot for researching attacks
* Collecting DNS changing attacks
* Analysing rogue DNS servers
* How criminals make money
* Connections with clickjacking attacks
* Increasing the security of future IoT devices
Are you the next cyber security superstar?
If you are passionate about an information security topic or you have strong technical skills developing researches on your own, you should definitely Apply at Call for Papers. By submitting you will have the chance to showcase your work to +2000 attendees.
Other speakers joining this year
Yehia Mamdouh
Penetration Tester Specialist and Security Researcher DTS-Solution
SPEAKER INTERVIEW AVAILABLEReady for this year's presentations?
By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.
COMPETITIONS
Sponsors & Partners
They help us make this conference possible.
POWERED BY
Orange Romania is part of the Orange Group, one of the largest global telecommunications operators that connects hundreds of millions of customers worldwide. With over 11 million local customers and an annual turnover exceeding 1.5 billion euros, Orange Romania connects 1 in 2 Romanians and offers an extensive range of communication solutions for both individual and corporate customers, from basic connectivity services to complete mobile, fixed internet, TV packages, and complex IT&C solutions through Orange Business.
Orange Romania is the number 1 operator in terms of network performance, and also holds nine consecutive Top Employer certifications, which confirm that Orange Romania, in addition to the remarkable products and services it offers, pays special attention to its employees and working environment. In the past 3 years Orange has launched two 5G Labs in Bucharest and Iasi, that aim to support researchers, startups and companies to test their 5G solutions in advance.
In addition, Orange is a long-term supporter of the startup ecosystem through the Orange Fab accelerator program designed to support entrepreneurs in the development of innovative products and their distribution locally and internationally.