Published on August 11th, 2016 | by Mike Myers
ICYM Black Hat 2016, Here Are Some Key Takeaways
Black Hat 2016 wrapped up last week, and the conference has come a long way since its inception 19 years ago. It’s grown from just one conference a year to a full-blown international tour. Today you can attend a Black Hat event in the United States, Europe and Asia, which should also show you how far the field of cybersecurity has come as well.
As my colleague Akshay Nayak noted, even this year’s Black Hat showed a good amount of growth from the previous year: last year the business hall featured 218 companies, while this year the number increased by more than 15% to 256 companies – a true 8-bit conference experience!
If you didn’t get a chance to attend this year’s Las Vegas show, here are some main takeaways we’d like to share with you:
Dan Kaminsky set the tone for this year’s Black Hat by underscoring the impact that security risks are having on the Internet and its users. Half of Americans are backing away from conducting sensitive transactions on the Internet due to threats. Emerging technologies such as the IoT are assumed to be insecure out of the gate. The tech industry has little time to act as innovation gets smothered by security concerns. In the same way that NIH supports scientific studies that turn discovery into health, a national research center for cybersecurity is required to address the growing threats to the Internet and its users.
Everybody Loves Machine Learning
Machine learning is a hot topic in threat research today – and for good reason. Threat detection by way of signatures is being replaced by behavioral methods and machine learning is a key part of the transition. In one demonstration Cylance’s Matt Wolff, Brian Wallace and Xuan Zhao applied unsupervised ML techniques to NMAP data and showed how the right selection of features and clustering techniques revealed patterns in the data.
Cyberspace must be more defensible
Today, asymmetry of offense gives the attacker the upper hand. If we are going to make cyberspace more secure we need to focus on the things that make the biggest difference. One talk described past interventions that have done just that, such as releasing automated updates, securing communications with encryption, supporting multi-factor authentication, protecting home networks with built-in NAT and DDoS protection. The presenter, Jason Healey also described how interventions become game changers by taking away entire attack classes and taking the user out of the solution.
Even low-priority adware can have crippling results
Any incident that security analysts deem as adware—and thus low priority—might not be what it looks like on the surface. As Cybereason’s CISO Israel Barak demonstrated, it could be malware on the compromised host just “playing nice” to appear benign and avoid detection. But, once a machine becomes compromised even by something seemingly low priority, it can then be sold on the black market, with its cost varying depending on factors such as whether it’s a workstation or server, the presence of a Remote Admin Tool, the nature of data stored (i.e. financial, healthcare), and others.
Mobile security is especially challenging
The technology stack is deep and software exists at every level written by a variety of manufacturers, OEMs, carriers and third parties. OS fragmentation further complicates matters in Android as many users run outdated versions. Presenters Josh Thomas and Shawn Moyer showed us how mobile security starts at the SoC and described secure mobile processing environments.
DDoS is still one of the biggest threats to the Internet today
Entire businesses have been built around providing booter services and as one would expect, the quality of service provided by these nefarious operations varies wildly. In one talk presenters Elliott Peterson and Andre Correa explored useful tools for researching DDoS and described the protocols most commonly used for DDoS along with their associated amplification factors.
From all of our learnings at Black Hat, it’s clear that total visibility into the network is still the best way to find breaches faster.
Mike Myers is a principal cyber security engineer for SS8 focused on threat research and driving the algorithm development of BreachDetect’s Security Analytics. He is the inventor of a patent-pending cryptocurrency/Bitcoin technology, and he enjoys 90’s hip-hop.