Key topics analysts anticipate for these security conferences include supply chain attacks, Microsoft Exchange vulnerabilities and the iPhone/Pegasus spyware incident.
Following a string of major cyberattacks and proposed initiatives by the U.S. government to better thwart them, cybersecurity has never been so uppermost on the minds of organizations and individuals around the world. That’s why this week’s Black Hat and DEF CON conferences promise to run hot and heavy with a host of topics in the world of security. But what discussions should we expect at this year’s events? Here are some thoughts from a variety of analysts.
First, how might Black Hat USA 2021 (held July 31 – Aug. 5) and DEF CON 29 (held Aug. 5 – 8) differ in their topics and slants? Both are joined at the hip because of their back-to-back schedules and slight distinctions, but there are some nuanced differences between the security conferences, according to 451 Research senior research analyst Daniel Kennedy. The events focus on information security, but Black Hat tends to adopt a more corporate slant.
SEE: Security incident response policy (TechRepublic Premium)
Looking at the lineup at DEF CON, Kennedy points to an expected slate of talks, such as ones on exploiting vulnerabilities in Windows and macOS/iOS, DNS issues, cryptography weaknesses and the compromising of security tools.
“But even a conference that focuses on the practical implementation of security compromises is not immune from macro issues discussed in information security,” Kennedy said. “And so not surprisingly there are topics on the evolution of ransomware to the scale of threat it has posed in the last twenty four months, concerns around security in healthcare specifically, and the role and scope of critical infrastructure protection and nation-state or equivalent capable threats.”
The government’s renewed attention on cybersecurity also seems reflected in the conference topics, Kennedy noted. The announcement of Secretary of Homeland Security Alejandro Mayorkas as a keynote speaker generated some controversy, though he had attended in 2015.
Supply chain attacks are likely to be a key topic on the agenda, according to senior security researcher Boris Larin. These types of attacks don’t just target one specific party; rather, they try to target an entire string of dependent companies. Recent supply chain attacks such as the SolarWinds breach, the Microsoft Exchange hack and the Kaseya ransomware incident show how a single security vulnerability can be exploited to affect multiple organizations and users.
Supply chain attacks are hard to detect and may infect hundreds, thousands or even millions of computers, Larin said. As such, these types of attacks are effective for cybercriminals who aim at a single supplier but gain access to the networks of all the customers and vendors who use its products.
“Suppliers might also be weaker from a security point of view; it is just simpler to infect a supplier than the end target,” Larin added. “The result of such attacks could be very devastating if instead of performing espionage operations, attackers would launch a wiper or ransomware. The effectiveness and impact of supply chain attacks leads us to expect that more APT groups and cybercriminals will try to perform such attacks in the future.”
The conferences are likely to pay attention to Exchange vulnerabilities, nation-state attacks, critical infrastructure and IoT and even jailbreaks of IOS 14, according to security researcher Victor Chebyshev.
With nation-state attackers perhaps the most important theme, Chebyshev said he believes there will be a lot of discussion about Pegasus and the NSO Group. But the starting point for this topic will be such Black Hat presentations as “The Kitten that Charmed Me: The 9 Lives of a Nation State Attacker about ITG18” by IBM X-Force about the infamous Charming Kitten threat group.
SEE: Checklist: Securing digital information (TechRepublic Premium)
Another topic expected by Chebyshev will focus on ways that attackers may bypass certain security tools. Specifically, Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) are two promising security methods designed to find and deal with cyberthreats. The Black Hat presentation “Rope: Bypassing Behavioral Detection of Malware with Distributed ROP-Driven Execution” will cover the topic of bypassing these detection mechanisms based on behavior.
Further, Chebyshev advises Black Hat attendees to check out “20+ Ways to Bypass Your macOS Privacy Mechanisms” and “Come to the Dark Side, We Have Apples: Turning macOS Management Evil” for details about attacks that target Macs.
“What I see lacking is the reports on attacks on Apple’s macOS ecosystem,” Chebyshev said. “Yes, there are a few reports on the topic, but not that many, especially given the relevance of the platform.”
Chris Steffen, research director at Enterprise Management Associates, expects a range of topics at Black Hat. 2020 was supposed to be the year people started to focus on IoT security, but the pandemic changed that; however, IoT security still needs to be a priority, and organizations want IoT security vendors to provide direction in this area.
IT management tools is another topic that should garner attention.
“With the recent ransomware attacks, there is a need to understand how these tools are being secured, evaluated, and reevaluated,” Steffen said. “It is something that the security industry has known for years, but it has taken high visibility attacks to finally get people (vendors, users, regulators) to pay attention to it.”
Chris Clements, vice president of solutions architecture for Cerberus Sentinel, sees three topics that promise to pop up at the conferences: 1) The continuing ubiquity of ransomware; 2) Potential targets and defenses for supply chain attacks; and 3) Microsoft’s recent security struggles.
For ransomware, Clements said he believes there will be a focus on new attack techniques as well as prevention and detection methods. In the realm of supply chain attacks, SolarWinds and Kaseya have shown us how many vendors have deep access into different networks. And as for Microsoft: “The recent ugly vulnerabilities in legacy Windows components like the print spooler have exposed that while the upcoming Windows 11 release may look slick and modern, Windows is a gigantic amalgamation of components with some code that’s old enough to drink in the US,” Clements said.