For more than two decades, Black Hat USA is the world’s largest information security event. It is one of the best ways to get access to the latest security research, developments, and trends. Due to coronavirus, the event took place virtually.
Just like every year, many topics will come under discussion during the event as cybersecurity experts share their opinion about the future of information security. They will also highlight challenges and tell participants about how they can overcome these challenges.
In this article, we highlight key cybersecurity topics discussed during the Black Hat conference.
1. Remote Work
COVID-19 has forced businesses to close their doors and operate virtually. Due to this, most businesses asked their employees to work from their homes. Just like everything else, remote work has its advantages and disadvantages. Securing remote workers is still a big challenge as the IT department lacks visibility and employees use their own devices which are not protected by enterprise-grade security solutions.
Charl Van Der Walt and Wicus Ross, Orange cyber defence security researchers demonstrated how a secure virtual private network could also be at risk. In Another session, Robert Lipovsky and Stefan Svorenick from ESET explained the vulnerabilities in public wireless networks. Kr00k, a new vulnerability found in chips used by billions of Wi-Fi enabled devices to become the centre of attention during this session. Thankfully, they also shared a script to identify vulnerabilities in unpatched devices.
With the number of businesses embracing cloud technologies surpassing businesses who are still relying on the premises’ best-dedicated servers, cloud stole the limelight. Cloud experts shared cloud security best practices and shed light on cloud attacks that will increase in numbers and complexity. That is why you need cloud and DDoS protection. In addition to this, they also share free tools that can help you protect your cloud infrastructure. So, learn CCSP Training Course Online and secure your business data in cloud infrastructure.
Josh Madeley and Doug Bienstock from the Mandiant session were one of the biggest highlights of this year’s Black Hat event as they take an in-depth look at attacks stealing data from enterprise Office 365 deployments. A new tool called SmogCloud was also unveiled at Black Hat Arsenal to facilitate businesses who accidentally expose their sensitive data by uploading it to Amazon Web Services data stores, which are not only public but also insecure.
3.Internet of Things
Security and privacy have always been Achilles heels of the internet of things. With security researchers spending more time and energy in identifying vulnerabilities in critical infrastructure such as power plants, oil and gas facilities and factories, these vulnerabilities in critical structures powered by IoT devices were discussed extensively.
Marco Balduzzi, a senior research scientist at Trend Micro Systems give credit to external researcher Luca Bongiorni for finding vulnerabilities in industrial protocol gateways in industrial control systems. In addition to this, they also highlight zero-day vulnerabilities which put these industrial control systems at a higher risk of denial of service, translation errors and unauthorized configuration changes.
Programmable logic controllers, sensors, switches, and other devices which are an integral part of industrial control systems can start to malfunction due to translation errors as this could send wrong commands to those devices. Researchers at the Georgia Institute of Technology created a new model known as IoT Skimmer. This model can be used to manipulate the power market by using bots that use high power IoT devices to increase power demand in non-regulated markets.
4. Security Culture
Which is the biggest cybersecurity challenge? Some might say securing the systems others might argue creating a safe security architecture or create policies and controls. Sadly, none of them is true. It is the people who are responsible for securing the enterprise systems. Why did I say that? Let me explain. Employee burnout work-related stress, personality conflicts, lack of required skills and lack of communication hampers your cybersecurity team’s performance.
Talent shortfall in the cybersecurity industry exert more pressure on existing resources and forces them to wear multiple hats, which further complicates things. The best way to get over these issues is to create a security culture.
5. Enterprise Software Security
Loopholes in enterprise software have always been one of the topics Black Hat researchers love to discuss and this year was no different. Even though enterprise software security has improved dramatically in the last five years after researchers started highlighting these weaknesses in enterprise software, there is still a long way to go.
Pablo Artuso and Yvan Genuer, researchers from Onapsis highlighted the weaknesses in SAP solution manager, which is the core of every SAP deployment. In addition to this, they also demonstrated how cyber attackers can compromise the whole enterprise software by getting access to unauthenticated HTTP.
6. Technology Supply Chain Risks
As the technology and software supply chain risks grow so does the visibility into these risks. Shlomi Oberman, CEO of JSOF Limited along with security researchers Moshe Kol and Ariel Schön underlined zero-day vulnerabilities in low-level TCP/IP software libraries. These vulnerabilities could put millions of critical devices at a higher risk of remote code execution.
In fact, it could also have far fetched consequences for the technology supply chain. In short, this means that everything from electric grid equipment to infusion pumps might be at a risk. Shrinking product life cycle, tightening regulatory requirements, increasing security threats and relentless cost pressures are already proving a tough challenge to handle for technology supply chains.
7. Email Authentication
Most businesses still use email as a model for internal communication and cybercriminals know this. That is why they launch phishing attacks, email spoofing, and try to compromise business email. To counter that, many organizations have started using email authentication mechanisms such as SPF and DKIM.
Unfortunately, these email authentication mechanisms have their flaws and Vern Paxson, Jianjun Chen and Jian Jiang stressed upon that in their presentation. They also offered technical details about different attacks and even suggested a new testing tool for service providers which can enhance email authentication mechanisms.
Which cybersecurity topic are you interested in and why? Let us know in the comments section below. However for more cybersecurity related topics you can visit knowtechmag.