Three security trends to watch for at Black Hat USA 2018

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

Thus far in 2018, organizations and individuals worldwide have experienced a large number of high profile cyber attacks, with criminals stealing billions of dollars as well as personal information from hundreds of millions of people.

Black Hat USA, an annual cybersecurity conference taking place in August, is a great opportunity for practitioners to get a glimpse into both emerging attack vectors and the latest technologies designed to protect against these attacks.

As a cybersecurity investor who closely follows the latest trends in cybersecurity, I believe there are three areas that are particularly interesting and warrant a closer investigation at this year’s conference:

Cryptocurrencies

Over the past year, the market cap of cryptocurrencies increased from $100B to $300B, peaking at $700B. Amidst this meteoric rise in market value, cyber criminals managed to loot an astonishing $1B worth of cryptocurrencies. The cryptocurrency market appeals to hackers for several reasons:

  • Cryptocurrencies are difficult to trace, making it hard to catch hackers.
  • Because the technology behind these cryptocurrencies is relatively nascent, best practices for writing secure code haven’t yet been established. Newly launched cryptocurrencies tend to have many security vulnerabilities.
  • Financial institutions that hold large amounts of cryptocurrencies lack dedicated security products. These organizations use in-house security platforms and consumer-grade solutions that do not provide adequate security features. The recent Coincheck hack, in which more than $500M was stolen, is a great example of this reality.

The Black Hat Briefings will focus mostly on research around blockchain infrastructure and cryptocurrency wallets. These areas should be kept top of mind, in part due to incidents like the Parity hack, which exploited a vulnerability in the multi-signature parity wallet, resulting in $30M of stolen Ether, and the DAO hack, which had a flaw in the DAO smart contract, enabling hackers to steal $50M worth of Ether.

Relevant briefings that I’ll be paying attention to during the conference include:

1. Blockchain Autopsies – Analyzing Ethereum Smart Contract Deaths.
2. Software Attacks on Hardware Wallets.
3. A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme.
4. Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure.

Medical devices

IoT has been around for many years, but as the use of connected devices has proliferated, hackers have shifted their attention more and more to this space. According to Gartner, by 2020 there will be 20 billion IoT devices worldwide, and 20% of organizations will experience at least one IoT-based attack.

Looking back at previous Black Hat conferences, general sessions have focused mainly on generic IoT, connected vehicles and industrial IoT. This year, however, I’m particularly interested in sessions that specifically address medical devices, which cybercriminals are targeting for several reasons:

  • Medical data is worth up to 100x more than credit card information on the black market
  • These devices were not built with security in mind – both in terms of their underlying software and their communication protocols
  • Medical devices usually run on unpatched, legacy operating systems that are governed by strict FDA regulations, making them difficult to update and secure.

Attacks in this space pose a critical threat to human life. For example, the WannaCry ransomware was responsible for locking medical devices, effectively halting hospital operations in multiple cases. We’ve also seen recent examples of white-hat hackers identifying life-threatening vulnerabilities in infusion pumps, pacemakers, and patient monitoring devices.

Relevant briefings to check out include:

1. Understanding and Exploiting Implanted Medical Devices.
2. Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives.

Should you be attending DEF CON, here are a few other lectures to consider attending:

1. D0 N0 H4RM: A Healthcare Security Conversation.
2. 80 to 0 in under 5 seconds: Falsifying a medical patient’s vitals.

Machine learning

While almost every security company is applying machine learning (ML) in some way to seek an edge in detection or prevention of security incidents, hackers are also using ML to launch more complex attacks. Potential threats include:

  • Evasive malware – researchers from Cornell University have created an algorithm that creates malware samples undetectable by ML-based security solutions. Meanwhile, other research has used ML to disguise known malware in order to evade AVs.
  • Corrupting ML processes – while it is well known that humans are susceptible to social engineering, machines are also susceptible to tampering. Hackers can poison training data for ML models, leading to unwanted and/or dangerous outcomes.

Relevant briefings in the ML space to consider checking out, include:

1. Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks.
2. DeepLocker – Concealing Targeted Attacks with AI Locksmithing.
3. Lowering the Bar: Deep Learning for Side Channel Analysis.

While many interesting topics will be discussed in depth at Black Hat (container security and browser exploitations around web assembly come to mind), the aforementioned areas are of particular interest to us as investors. While the areas identified d above are relatively nascent, they are already lucrative targets for hackers, representing short and long-term opportunities both for cyber criminals and for practitioners who wish to protect against current and future security threats.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.