Kaspersky Lab has contacted SC Media UK to provide a quick summary of the eight most interesting points to come out of its annual Kaspersky Next event in in Barcelona.
1. Stolen data has more than just one use for cyber-criminals, with very limited resale value. David Jacoby from Kaspersky Lab estimates you are only worth about US$50 on the black market, but trading in stolen accounts is an easy way for criminals to launder money.
2. Nation states are increasingly using publicly available tools for pen testing, network administration or just Windows Powershell, to avoid attribution. Christian Funk from Kaspersky Lab explains how during incident response and analysis, it becomes impossible for researchers to find the code similarities between distinct samples that would usually allow attack attribution.
3. By 2022, the skills gap between available cybersecurity professionals and unfilled positions will be 1.8 million
Jane Frankland, author of IN Security, explained how by developing a more diverse workforce and recruiting people with diverse skills in communication, creativity and management can challenge conventional thinking allowing anticipation of alternative viewpoints. Ilijana Vavan, Managing Director of Kaspersky Lab Europe explained Kaspersky’s CyberStarts initiative and the company’s commitment to diversifying talent.
4. Hacktivists have modified the chemical mix of a water company’s supply by accident. In her talk on the evolution of attacks on industrial control systems, Noushin Shabbab gave examples of when cyber-criminals have successfully carried out attacks on these systems. In 2016, a Swiss water company using a 1980s IBM server was hacked by a group who managed to modify the application settings affecting the chemical balance of the water with apparently very little knowledge of what they were actually doing.
5. Dmitry Galov, Kaspersky Lab; Denis Makrushin, independent researcher and Laurie Pycroft, Oxford University, told the audience about the conflict for medical implant developers as brain implants become more sophisticated and connected. These implants needs to be controlled by physicians remotely in emergency situations, so need to be fitted with some sort of software ‘backdoor’, opening the risk of being manipulated by threat actors.
6. Dmitry and Laurie predict that by the 2020s, it will be possible to electronically record the brain signals that build memories, then enhance or rewrite and reinstall them in the brain. By the 2030s, the first commercial memory boosting technology will be available and, by the 2040s, this technology will be able to give extensive control over our own, or others’, memories.
7. Nicola Whiting, talking on AI, explained that the European Parliament has called for an international ban on lethal autonomous weapons systems (LAWS) on the grounds of their "potential to fundamentally change warfare by prompting an unprecedented and uncontrolled arms race," as well as "fundamental ethical and legal questions of human control." 3,000 AI and robotics researchers, warned about lethal autonomous weapon systems, and pledged "never to develop, produce or use lethal autonomous weapon systems."
8. Privacy is not dead
Marco Preuss from Kaspersky Lab, Eva Galperin from the Electronic Frontier Foundation and Nevena Ruzic from the Serbian Information Comissioner’s Office discussed the realities of protecting privacy in today’s age of data promiscuity. They agreed that with the GDPR, tools like the new Privacy Audit and sites like haveibeenpwned.com, it’s possible to get a control of where your data is to start regaining control of it.