Next week at SHARE – San Jose, I’m giving a talk on ransomware on z/OS. I’ve been asked multiple times if I thought ransomware could happen on Z, is it possible: Unequivocally yes. Come see this talk and watch a live demonstration of how this might work. If you are responsible for mainframe security, work for a company with a mainframe, or just want to better understand the landscape of this particularly insidious threat, don’t miss this talk.
Ransomware is a combination of 3 basic moving parts:
- A delivery mechanism (Phishing email, infected web page, malicious program).
- This infects the user’s machine – allowing for sniffing of credentials and network traffic. It can then upload a payload to the host system.
- File cataloging and encrypting.
- Just what it sounds like – find files of interest, encrypt them in place, destroy the local copy of the key.
- Some type of Command & Control (or at least reporting) – centralized server.
- Some means of transferring the keys out to the bad guys. Also, a way for the affected users to connect and pay ransom. (This is not strictly required, but does have precedent. Steps #1 & #2 can happen regardless of the system’s ability to ‘phone home’ ).
We will also look at how to attempt to mitigate this catastrophic event, as well as ideas about how to recover from it. Items such as two-factor authentication, proper ICSF / RACF security controls, egress filtering and intrusion detection.
I’m talking about encryption on Thursday, March 3 at SHARE in San Antonio. Here’s a preview:
Enterprise security has always been concerned with password protection and storage encryption. These two areas make up a large portion of the IT risk portfolio. In this talk the speaker will discuss both of these areas of interest as they apply to z/OS and the mainframe:
- We will review the recent updates to the RACF password hashing algorithm; comparing and contrasting between the legacy (DES) and current (KDFAES – Key Derivation Function with AES256) algorithms by looking at practical application of open source password cracking tools against RACF.
- We will provide an in depth review of self-encrypting drive technologies as potential risk mitigation mechanisms, discussing the benefits of of using this technology as well as providing other mitigation techniques which better secure your data from prying eyes.
Attendees will come away with a richer understanding of the RACF hashing algorithms and better understand the risk and rewards of full disk encryption.