RT-3019 The Power of Wedging

Presented at Texas Cyber Summit 2019, Oct. 11, 2019, 3:30 p.m. (60 minutes)

This talk presents "wedging" as the strategic insertion of one's presence either along or at the end of a workflow. The purpose being to passively receive data or enable quiet enumeration of systems and operations. Two examples: 1. In research at UpGuard, it has been noted that many large enterprises with unique cloud storage bucket names will juggle those names. Meaning they will register and deregister bucket names with the cloud operator fairly often, which is assumed to be necessary due to caps on the number of bucket names per account. This introduces risk if a malicious actor is monitoring the buckets and realizes the pattern of on/off name toggling. A malicious actor could register a bucket with one of the unique names as soon as it is dropped, but before it is re-registered and then enable universal read/write access. This could then cause the enterprise to assume they had internally registered the bucket yet again and lead to data being written to the bucket by them (which, of course the malicious third party could then access). Versioning controlled by the third party prevents deletion/overwrite attempts even if noticed. 2. Shady political organizations have a tendency to quickly deregister domain ownership when one of their sites is caught up in a scandal. By registering the domain (after the previous owners attempt to wash their hands of it quickly), a third party can set up a catch-all email address at that domain. Any mails directed to that domain, from previous political conspirators will land in the new domain owner's catch-all inbox. This also enables the ability to receive password-reset emails for any accounts which utilized the domain as an email address when registering. Aspects covered will be the concept itself, how malicious actors can exploit it, how defenders can prevent it, as well as options in responding to incidents of wedging being utilized against your organization.

Presenters:

• Chris Vickery - UpGuard
  Chris is UpGuard's Director of Risk Research. He is cited as a cyber security expert by The New York Times, Forbes, Reuters, BBC, LA Times, Washington Post, and many other publications. In the course of his work Chris has assisted the MPAA, Thomson Reuters, Microsoft, Citrix, AARP, Verizon and hundreds of other entities in plugging serious data breaches affecting billions of individuals. His work has assisted investigations conducted by entities such as the FTC, FBI, Texas Attorney General’s Office, Secret Service, HHS, and the State of Kansas.

Links:

• https://texascybersummitii2019.sched.com/event/W6OO/rt-3019-the-power-of-wedging

Similar Presentations:

• VB2015 / Inside recent FQDN (Fully Qualified Domain Name) surges on the Internet
• VB2018 / The modality of mortality in domain names
• Texas Cyber Summit 2019 / BT-1050 Shining a Light on Shadow IT in the Cloud