Black Hat USA 2021 and DEF CON 29: What to expect from the security events

3 years ago 460

Key topics analysts expect for these information conferences see proviso concatenation attacks, Microsoft Exchange vulnerabilities and the iPhone/Pegasus spyware incident.

Abstract Malware Ransomware microorganism  encrypted files with keypad connected  binary spot  reddish  background. Vector illustration cybercrime and cyber information    concept.

Image: iStockphoto/nicescene

Following a drawstring of large cyberattacks and projected initiatives by the U.S. authorities to amended thwart them, cybersecurity has ne'er been truthful uppermost connected the minds of organizations and individuals astir the world. That's wherefore this week's Black Hat and DEF CON conferences committedness to tally blistery and dense with a big of topics successful the satellite of security. But what discussions should we expect astatine this year's events? Here are immoderate thoughts from a assortment of analysts.

First, however mightiness Black Hat USA 2021 (held July 31 - Aug. 5) and DEF CON 29 (held Aug. 5 - 8) disagree successful their topics and slants? Both are joined astatine the hep due to the fact that of their back-to-back schedules and flimsy distinctions, but determination are immoderate nuanced differences betwixt the information conferences, according to 451 Research elder probe expert Daniel Kennedy. The events absorption connected accusation security, but Black Hat tends to follow a much firm slant.

SEE: Security incidental effect policy (TechRepublic Premium)

Looking astatine the lineup astatine DEF CON, Kennedy points to an expected slate of talks, specified arsenic ones connected exploiting vulnerabilities successful Windows and macOS/iOS, DNS issues, cryptography weaknesses and the compromising of information tools.

"But adjacent a league that focuses connected the applicable implementation of information compromises is not immune from macro issues discussed successful accusation security," Kennedy said. "And truthful not amazingly determination are topics connected the improvement of ransomware to the standard of menace it has posed successful the past 20 4 months, concerns astir information successful healthcare specifically, and the relation and scope of captious infrastructure extortion and nation-state oregon equivalent susceptible threats."

The government's renewed attraction connected cybersecurity besides seems reflected successful the league topics, Kennedy noted. The announcement of Secretary of Homeland Security Alejandro Mayorkas arsenic a keynote talker generated immoderate controversy, though helium had attended successful 2015.

Supply concatenation attacks are apt to beryllium a cardinal taxable connected the agenda, according to elder information researcher Boris Larin. These types of attacks don't conscionable people 1 circumstantial party; rather, they effort to people an full drawstring of babelike companies. Recent proviso concatenation attacks specified arsenic the SolarWinds breach, the Microsoft Exchange hack and the Kaseya ransomware incident amusement however a azygous information vulnerability tin beryllium exploited to impact aggregate organizations and users.

Supply concatenation attacks are hard to observe and whitethorn infect hundreds, thousands oregon adjacent millions of computers, Larin said. As such, these types of attacks are effectual for cybercriminals who purpose astatine a azygous supplier but summation entree to the networks of each the customers and vendors who usage its products.

"Suppliers mightiness besides beryllium weaker from a information constituent of view; it is conscionable simpler to infect a supplier than the extremity target," Larin added. "The effect of specified attacks could beryllium precise devastating if alternatively of performing espionage operations, attackers would motorboat a wiper oregon ransomware. The effectiveness and interaction of proviso concatenation attacks leads america to expect that much APT groups and cybercriminals volition effort to execute specified attacks successful the future."

The conferences are apt to wage attraction to Exchange vulnerabilities, nation-state attacks, captious infrastructure and IoT and adjacent jailbreaks of IOS 14, according to information researcher Victor Chebyshev.

With nation-state attackers possibly the astir important theme, Chebyshev said helium believes determination volition beryllium a batch of treatment astir Pegasus and the NSO Group. But the starting constituent for this taxable volition beryllium specified Black Hat presentations arsenic "The Kitten that Charmed Me: The 9 Lives of a Nation State Attacker astir ITG18" by IBM X-Force astir the infamous Charming Kitten menace group.

SEE: Checklist: Securing integer information (TechRepublic Premium)

Another taxable expected by Chebyshev volition absorption connected ways that attackers whitethorn bypass definite information tools. Specifically, Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) are 2 promising information methods designed to find and woody with cyberthreats. The Black Hat presumption "Rope: Bypassing Behavioral Detection of Malware with Distributed ROP-Driven Execution" volition screen the taxable of bypassing these detection mechanisms based connected behavior.

Further, Chebyshev advises Black Hat attendees to cheque retired "20+ Ways to Bypass Your macOS Privacy Mechanisms" and "Come to the Dark Side, We Have Apples: Turning macOS Management Evil" for details astir attacks that people Macs.

"What I spot lacking is the reports connected attacks connected Apple's macOS ecosystem," Chebyshev said. "Yes, determination are a fewer reports connected the topic, but not that many, particularly fixed the relevance of the platform."

Chris Steffen, probe manager astatine Enterprise Management Associates, expects a scope of topics astatine Black Hat. 2020 was expected to beryllium the twelvemonth radical started to absorption connected IoT security, but the pandemic changed that; however, IoT information inactive needs to beryllium a priority, and organizations privation IoT information vendors to supply absorption successful this area.

IT absorption tools is different taxable that should garner attention.

"With the caller ransomware attacks, determination is simply a request to recognize however these tools are being secured, evaluated, and reevaluated," Steffen said. "It is thing that the information manufacture has known for years, but it has taken precocious visibility attacks to yet get radical (vendors, users, regulators) to wage attraction to it."

Chris Clements, vice president of solutions architecture for Cerberus Sentinel, sees 3 topics that committedness to popular up astatine the conferences: 1) The continuing ubiquity of ransomware; 2) Potential targets and defenses for proviso concatenation attacks; and 3) Microsoft's caller information struggles.

For ransomware, Clements said helium believes determination volition beryllium a absorption connected caller onslaught techniques arsenic good arsenic prevention and detection methods. In the realm of proviso concatenation attacks, SolarWinds and Kaseya person shown america however galore vendors person heavy entree into antithetic networks. And arsenic for Microsoft: "The caller disfigured vulnerabilities successful bequest Windows components similar the people spooler person exposed that portion the upcoming Windows 11 merchandise whitethorn look slick and modern, Windows is simply a gigantic amalgamation of components with immoderate codification that's aged capable to portion successful the US," Clements said.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article