7 Hot Cyber Threat Trends to Expect at Black Hat
A sneak peek of some of the main themes at Black Hat USA next month.
July 21, 2021
![man wearing and tipping a black hat, depicting a hacker man wearing and tipping a black hat, depicting a hacker](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltfc0561b93af3d9cc/64f1509862a009912fc01b25/01-blackhatroundup.jpeg?width=700&auto=webp&quality=80&disable=upscale)
Adobe Stock
After a year of virtual-only conference attendance, at least part of the security community is ready to reconvene at security summer camp. This year’s Black Hat USA is bringing a hybrid format forward to offer something for everyone—in-person presentations and trainings (and parties!) as well as a healthy slate of virtual offerings for those who aren’t quite ready to add travel to their repertoire. The content will be robust as ever, with a lot of new vulnerabilities, security tools, and attack techniques expected to be unveiled by the show’s stable of security researchers. The following are some of the threat and vulnerability trends that attendees or viewers at home should expect to see during the conference.
With the Kaseya ransomware breach punctuating the lessons of SolarWinds just weeks before Black Hat, supply chain security concerns are bound to dominate discussions at the podium and around the conference floor this year. Among the highlights will be a keynote by security researcher and former GCHQ intelligence man Matt Tait, who will discuss all elements of supply chain integrity, including the increasing allure of software delivery mechanisms as targets for attackers seeking to find a super-effective way to widely broadcast their malicious code.
One particular talk by Shir Tamari and Ami Luttwak of Wiz.io is a two-fer when it comes to cyber trends, straddling ground between supply chain threats and DNS threats. They discovered a new class of DNS vulnerabilities in the logic of how DNS-as-a-service providers build out their services. These cloud-based providers use an iteration of old-school DNS technology revamped for cloud-based enterprise infrastructure. This is a dangerous combination in many instances because traditional DNS software is built for trusted internal enterprise domains in a world before different customers share cloud-based name servers. It’s a recipe for information leaks across shared domain servers used by many different customers. They’ll demonstrate how a simple change in a domain registration system for a bogus account gave them access to query traffic for 15,000 AWS customers over a million endpoints.
As the backbone for computing confidentiality and privacy, cryptography and encryption protocols are perennial favorite targets for Black Hat researchers, and this year’s no different. There is a decent slate of talks that will cover various new vulnerability and attack mechanisms. One of the most widely anticipated will be a presentation by Haya Shulman, director of the Cybersecurity Analytics and Defences department at Fraunhaofer Institute for Secure Information Technology, on the certificate authority (CA) Let’s Encrypt - an increasingly used CA popular for its free and open service. Shulman will present findings from work picking apart Let’sEncrypt’s distributed domain validation service that promises to "remove" any security benefits that Let’sEncrypt has over other CAs.
The cat’s already out of the bag for PrintNightmare, a critical remote execution flaw in Windows Print Spooler that impacts any system running that server. Following on the heels of Microsoft releasing a patch for a different Print Spooler RCE in early June, three researchers with Sangfor Technologies in China mistakenly released a proof-of-concept (PoC) for PrintNightmare in anticipation of their rundown of the flaw at BlackHat. It was quickly discovered that their exploit—which can completely own an Active Directory domain using the flaw—still worked even on patched systems, and that the patch was unrelated.
They pulled the PoC off of GitHub, but not before it was cloned and had made it to in-the-wild exploits. That forced an out-of-band update from Microsoft a week later. The trio--Zhiniang Peng, XueFeng Li, and Lewis Lee—have remained largely mum on the issue but will give full technical details and their story on the PoC at their session at the show.
Speaking of owning Active Directory, Black Hat attendees should expect to pick up on discussions about flaws and attack techniques against this identity service. As the dominant means for identity and access management within both on-premises and cloud systems, Active Directory has become one of the most important battlefields for cyber defense in the enterprise today.
Two big highlights on this front will get play both in-person and on the virtual platform. One of them is the update of the PurpleSharp open-source adversary simulation tool for Windows that will be demonstrated at Arsenal. Mauricio Velazco of Splunk will unveil PurpleSharp 2.0, which extends simulation playbooks against Active Directory environments. The other highlight is a rundown by SpecterOps' Will Schroeder and Lee Christensen, who will explore eight different ways to abuse functionality and misconfigurations on Active Directory Certificate Services in order to escalate privileges on AD's public cryptography infrastructure - and by extension any service that leverages it.
With Mac usage consistently on the rise among business—yes, even enterprise—users, attackers are increasingly turning their sights to these systems. Of particular concern is how they’ll go after the next generation of Mac platforms, built on the new M1 silicon.
Utilizing an ARM 64-based microprocessor that comes with a lot of new baked-in security features, M1 nevertheless presents some new security problems. Among them, says researcher Patrick Wardle of Objective-See, is that many endpoint malware detection mechanisms aren’t yet tuned to specifically detect malware natively developed for M1 systems. In his talk at Black Hat, he’ll show how there’s a noticeable drop-off in detection, and explain how the industry can beef up their analysis and detection techniques to handle ARM-based threats for this next generation of Macs.
He’s not the only one at the show concerned over this matter, either. Stan Skowrenek of Corellium also has a talk scheduled that will focus on reverse engineering the M1 to gain insight into how these systems tick.
The more artificial intelligence (AI) and machine learning (ML) functions become a core staple of critical business software—for business intelligence, understanding customers better, automating processes, and more—the more attractive AI becomes for attackers to subvert.
Enterprises are increasingly going to have to avail themselves to emerging AI threats like adversarial AI (breaking the model), data poisoning, and model theft. Fortunately, security researchers are already jumping on this field, as evidenced by several presentations expected at Black Hat. For example, Killian Levacher, Ambrish Rawat, and Mathieu Sinn of IBM Research Europe will be on hand to discuss adversarial AI attacks against deep generative models, and how the industry can start becoming more effective in detecting those attacks. Another talk of interest will be from Ram Shankar Siva Kumar of Microsoft, and Kendra Albert from Harvard Law, Jonathon Penney from Osgoode Hall Law School at York University, and the estimable Bruce Schneier, who will delve into the legal side of exploring weaknesses in AI and ML systems. They’ll tackle how adversarial AI researchers can dig into these flaws without getting sued into oblivion or facing legal charges.
The more artificial intelligence (AI) and machine learning (ML) functions become a core staple of critical business software—for business intelligence, understanding customers better, automating processes, and more—the more attractive AI becomes for attackers to subvert.
Enterprises are increasingly going to have to avail themselves to emerging AI threats like adversarial AI (breaking the model), data poisoning, and model theft. Fortunately, security researchers are already jumping on this field, as evidenced by several presentations expected at Black Hat. For example, Killian Levacher, Ambrish Rawat, and Mathieu Sinn of IBM Research Europe will be on hand to discuss adversarial AI attacks against deep generative models, and how the industry can start becoming more effective in detecting those attacks. Another talk of interest will be from Ram Shankar Siva Kumar of Microsoft, and Kendra Albert from Harvard Law, Jonathon Penney from Osgoode Hall Law School at York University, and the estimable Bruce Schneier, who will delve into the legal side of exploring weaknesses in AI and ML systems. They’ll tackle how adversarial AI researchers can dig into these flaws without getting sued into oblivion or facing legal charges.
After a year of virtual-only conference attendance, at least part of the security community is ready to reconvene at security summer camp. This year’s Black Hat USA is bringing a hybrid format forward to offer something for everyone—in-person presentations and trainings (and parties!) as well as a healthy slate of virtual offerings for those who aren’t quite ready to add travel to their repertoire. The content will be robust as ever, with a lot of new vulnerabilities, security tools, and attack techniques expected to be unveiled by the show’s stable of security researchers. The following are some of the threat and vulnerability trends that attendees or viewers at home should expect to see during the conference.
Read more about:
Black Hat NewsAbout the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024