It's springtime in San Francisco: cue the annual RSA Conference at the Moscone Center.
See Also: 2016 State of Threat Intelligence Study
This year is notable on multiple fronts: It's the conference's 25th anniversary, parts of the Moscone Center are being demolished and rebuilt - thus displacing some of the conference - while attendance is on track to reach peak levels. Indeed, the organizers predict that they will see more than 40,000 attendees this year.
"Do we let one company - no matter how great the company, no matter how beautiful its devices - decide this issue for all of us?"
Here are just some of the highlights and notable trends from the conference, thus far.
1. NSA Director Doesn't Say 'Snowden'
On March 1, Adm. Michael Rogers, the director of the National Security Agency and U.S. Cyber Command, addressed the RSA conference. By doing so, he followed in the footsteps of former NSA Director Keith Alexander, who delivered a keynote speech at Black Hat USA in July 2013, following the Edward Snowden revelations.
Rogers outlined not just the future of his agency, but also the challenges he faces in trying to hire enough new personnel with cybersecurity skills. And while Rogers talked about other challenges his agency faces, not least in preventing insider attacks, he avoided mentioning former contractor Snowden by name.
2. Attorney General Talks Apple
The case of the FBI versus Apple involves the bureau attempting to compel the technology provider into unlocking an iPhone 5C used by one of the now-dead shooters behind the San Bernardino attacks that left 14 people dead last year. Apple, however, has dug in its heels, with CEO Tim Cook saying it will fight the court order, which it sees as being tantamount to requiring Apple to build a backdoor for iPhones.
But Loretta E. Lynch, Attorney General of the United States, told a conference hall filled close to overflowing that she sees a middle ground in the case of the Department of Justice versus Apple (see Apple Wins Legal Round Over Unlocking a 2nd iPhone ).
"For me, the middle ground is to devolve to what the law requires," Lynch said during a heavily scripted "sit-down chat" with a reporter. Lynch also attempted to paint Apple as an ill-mannered upstart, suggesting that the company should do what it's told, unless Congress tells it otherwise. "Do we let one company - no matter how great the company, no matter how beautiful its devices - decide this issue for all of us?" she asked.
3. Ransomware Ascendant
Multiple researchers at RSA have continued to highlight how ransomware attacks are becoming more complex. Researchers from Intel Security, for example, have just discovered a new type of targeted ransomware that encrypts every file on a computer using a different key, thus complicating remediation efforts.
There are also now more ransomware variants at large today than ever before. Some types get spread via increasingly convincing phishing campaigns, which are designed to fool users and bypass spam filters, says Pierluigi Stella, chief technology officer of Network Box. Today's ransomware phishing campaigns are redirecting unsuspecting users to malicious sites owned by the criminals with URLs that vary with every campaign, he says. "It's never the same URL, so there are no rules, no antivirus that is going to pick these emails up and block them."
4. Facebook Faces Fakery
Watch what you "like" - about 10 percent of current Facebook profiles are fake. So says financial fraud expert Avivah Litan of Gartner Research, who notes that cybercriminals are increasingly tapping Facebook and other social media sites to lure unsuspecting victims into their scams. Sometimes, this involves tricking people into parting with their Facebook credentials or personal information, especially relating to family and friends. Other times, scammers are simply marketing their goods and services.
Look for more on this topic in an upcoming video interview with Litan, conducted by my colleague Tracy Kitten.
5. Hackers Crave Publicity
Another interesting trend, highlighted by both Litan and RSA threat researcher Daniel Cohen, is that many cybercriminals want to cultivate a public profile. That's so their talents, supplies and services can be easily found - via Web searches and social media - by prospective customers. Even underground forums are becoming more open, Litan says. Meanwhile, Rick Holland, vice president of strategy for threat intelligence firm Digital Shadows, notes that many online attack groups now openly advertise for new employees on both public and darknet sites.
Even hackers, it seems, face a cybersecurity skills shortage.
Executive Editor Tracy Kitten also contributed to this story.