Speakers

Man and Machine

IoT, Machine Learning, Artificial Intelligence, Critical Infrastructure

Jon
Oliver


The role of Machine Learning in Cyber Security

Data Scientist

Dr Jon Oliver is a data scientist with over 25 years of industry experience. Jon has been at TrendMicro for 13 years, and worked on a range of machine learning (ML) and threat based projects. The ML projects include ML for antispam, WRS categories, TrendX (files) and building TLSH. The threat based analysis was looking at commodity threats such as BalckHole exploit kit spam runs, and ransomware (TorrentLocker and CryptoWall) spam runs and malware, so that we could block the threat short term and then building ML or data analytic solutions.

Jon has a PhD from Monash University and is an inventor on over 100 software patents.

The role of Machine Learning in Cyber Security

There has been an ongoing evolution of the malware and Abstract: security landscapes.
In the last few years, we have seen the wide spread adoption of machine learning (ML) into cyber security solutions.
In response to this, we have seen changes in the methods adopted by malware authors to evade security solutions.
It is a game of cat and mouse between the attackers and defenders, and unfortunately there are real world consequences when cyber criminals succeed.
In this talk, I look at this ongoing evolution of security and malware.
Understanding the interaction between malware and security solutions can help maximise the benefits of Machine Learning based security.

Stephen
Hilt


Digital Home Invasion: Exploiting Home Automation with Logic Manipulation Smart Attacks

FTR
Trend Micro

Stephen Hilt is a Sr. Threat Researcher at Trend Micro. Stephen focuses on Bio: General Security Research, Threat Actors, Malware behind attacks, and Industrial Control System Security. Stephen enjoys breaking things and putting them back together with a few extra parts to spare. Stephen is a world-renowned researcher, having spoken at Blackhat US, and RSA, HITB and many more. His research has gained him Dark Reading top hacks of the year twice. Working at Digital Bond Stephen became a Nmap Contributor where he wrote some Nmap scripts for ICS and other mainstream protocols. This work took him into becoming an expert on ICS protocols and co-authored the book Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions.

Digital Home Invasion: Exploiting Home Automation with Logic Title: Manipulation Smart Attacks

Home automation provides convenience and efficiency to our Abstract: hectic lives, but it also introduces new entry points for cyber-physical attacks. Nowadays it seems anything and everything around the home is Internet connected, or at least capable of being connected. Home automation is the connective tissue that enables disparate devices to inter-work with each other creating what we call Complex IoT Environments (CIE). Automation platforms allow users to create and execute complex behavioral rules to manage their connected devices. The challenges with automation are: as more devices are added to an action, rules become complex and prone to logic bugs. As the number of rules increases it becomes difficult to manage, track, and debug actions, especially if there are functional overlaps between rules. Finally, the large variety of devices in the CIE exponentially increases potential attack surfaces.

This is a talk from the trenches; to investigate vulnerabilities we attacked two different complete home automation setups that we built using everyday connected devices. In the first home we setup 70+ devices controlled by the FHEM automation suite. The second home had 50+ devices and was controlled using the Home Assistant suite. Automation platforms allow users to create rules by selecting preconfigured device interactions, or for more complex rules using supported programming languages e.g. Perl, Yaml, etc. In this talk we introduce CIE programming, and the concept of smart applications and smart attacks. We programmatically demonstrate how to functionally chain disparate IoT devices to create smart applications, and then exploit those applications with logic manipulation smart attacks. E. g. we inserted code into an active automation rule manipulating it to unlock the backyard door’s smart lock if motion is detected on the backyard camera. In a nutshell, we show how we manipulated home automation rules and common IoT devices to successfully attack smart homes.

Home automation provides convenience and efficiency to our hectic lives, but it also introduces new entry points for cyber-physical attacks. Nowadays it seems anything and everything around the home is Internet connected, or at least capable of being connected. Home automation is the connective tissue that enables disparate devices to inter-work with each other creating what we call Complex IoT Environments (CIE). Automation platforms allow users to create and execute complex behavioral rules to manage their connected devices. The challenges with automation are: as more devices are added to an action, rules become complex and prone to logic bugs. As the number of rules increases it becomes difficult to manage, track, and debug actions, especially if there are functional overlaps between rules. Finally, the large variety of devices in the CIE exponentially increases potential attack surfaces.

This is a talk from the trenches; to investigate vulnerabilities we attacked two different complete home automation setups that we built using everyday connected devices. In the first home we setup 70+ devices controlled by the FHEM automation suite. The second home had 50+ devices and was controlled using the Home Assistant suite. Automation platforms allow users to create rules by selecting preconfigured device interactions, or for more complex rules using supported programming languages e.g. Perl, Yaml, etc. In this talk we introduce CIE programming, and the concept of smart applications and smart attacks. We programmatically demonstrate how to functionally chain disparate IoT devices to create smart applications, and then exploit those applications with logic manipulation smart attacks. E. g. we inserted code into an active automation rule manipulating it to unlock the backyard door’s smart lock if motion is detected on the backyard camera. In a nutshell, we show how we manipulated home automation rules and common IoT devices to successfully attack smart homes

Philippe Z
Lin


SDR for Fun: Make Your Own TV Show

FTR

Philippe Lin is a senior threat researcher in Trend Micro. He works in data analysis, software defined radio and embedded system. He was a BIOS engineer in Open Computing Project and is still active in open source communities. He is a hobbyist of Raspberry Pi / Arduino projects. See https://github.com/miaoski

SDR for Fun: Make Your Own TV Show

Remember Philippe’s talk in the last DECODE? We talked about Abstract: walkie-talkie, MagSpoof, and the radio clock. This year, we want to follow the storyline of SDR for Fun and tell you how to broadcast your own TV show at home. Watch out! It can be illegal to broadcast in licensed bands. Therefore, we are also going to tell you how to build a home-made Faraday cage.

Joy
Avelino


Phisherman's Bait: One Step Ahead In Catching More Phish

TTR

Joy Avelino is a Threat Research Engineer at TrendMicro. Her work mainly focuses on practical applications of data science and machine learning for malware and threat security research. In the recent years, she has regularly presented use cases of machine learning in the threat security industry based from actual results of machine learning POC projects, one of which is machine learning clustering of inthe-wild network traffic aiming to augment threat intelligence for threat family correlation and analysis. Currently, she is part of Machine Learning operations in Core Technology to aid in analysis and present a better insight of the threat landscape.

Phisherman's Bait: One Step Ahead In Catching More Phish

In the first half of 2019, the number of credential phishing doubled from the second half of 2019. These phishing attacks use many of the same methods but they are delivered through the new breed of collaboration apps especially in communication apps like Facebook Messenger which have become popular vectors for phishing wherein users are more likely to click on a link or file in a chat. Another example is phishing attack targeting your SaaS credentials wherein instead of impersonating banks, however, they impersonate SaaS services like Dropbox, Slack or Office 365. A single compromised Office 365 account, for example, can grant access to the files of an entire organization and a wealth of email. With cybercriminals crafting intuitive ways in evading web threat detection, this study is presented to gain insights on what characteristics in the URL domain and content can aid in the Machine Learning solution of Web Reputation and also how machine learning can predict the next phishing attack.