The Black Hat Europe 2023 conference, a gathering of cybersecurity professionals and experts, delved into the intricate world of cybersecurity, exploring emerging threats, innovative defense strategies, and the pressing need for collaboration between the private sector and government entities. Here's a breakdown of the key takeaways and highlights from a few of the conference sessions.
Day 1 Keynote: Industrialising Cyber Defence in an Asymmetric World
Ollie Whitehouse, the CTO of the UK National Cyber Security Centre, set the tone for the conference by addressing the asymmetric nature of cyber threats. Adversaries operate without constraints, launching brazen attacks and adapting swiftly to defensive measures. Whitehouse emphasized the importance of "true threat hunting" beyond traditional indicators of compromise (IOCs) and the need to address the asymmetry to defend systems effectively.
One takeaway was a call for increased access to cybersecurity data for scientific analysis. This access is essential for developing robust countermeasures against evolving threats. The challenges of securing legacy environments, ensuring complete visibility into data flows, and sustaining cybersecurity amidst rapid technological evolution were also highlighted.
Highlighted Presentation – Lies, Deception, and Manipulation: Let's Talk About Deepfakes
KnowBe4's presentation showcased the growing sophistication of digital image and video manipulation, particularly deepfakes. The discussion emphasized the potential for abuse in social engineering attacks, including email phishing and text message smishing. With deepfake technology becoming more realistic, there's a heightened risk of career damage, family disruption, and even the influence of elections through manipulated content.
This aligns with EMA’s upcoming AI-focused research, which will illustrate the rising challenge of deepfake vishing and highlight the need for robust defenses and training against these deceptive technologies.
Highlighted Presentation – Use AI for Good: A Defender's Playbook
A panel discussion featuring Rik Turner, Kelly Jackson Higgins, and Mick Leach explored the dual nature of AI in cybersecurity. While AI offers a force multiplier for defense, the rise of generative AI has also empowered threat actors. The panel stressed the importance of holding vendors accountable for transparent disclosure of AI usage and integrating AI into products seamlessly. Baseline environment monitoring and behavior analysis were identified as critical elements in AI-powered defenses.
Locknote Day 1: Unveiling Insights and Commitments for a Secure Future
The concluding panel of Black Hat Europe 2023's first day, featuring Daniel Cuthbert, Meadow Ellis, Saša Zdjelar, Jeff Moss, and Marina Krotofil, left attendees with thought-provoking insights and calls to action. The urgent need for heightened scrutiny on vendors, particularly regarding software as a service (SaaS) vulnerabilities and remediation, echoed throughout the discussion. Concerns were raised about the industry's focus, with a reminder that software security should not solely cater to the exciting realms of red teaming, but also address crucial defense strategies. The global perspective highlighted emerging cybersecurity innovations from regions like Brazil, Asia, and Eastern Europe. The emphasis on transparency, the evolving landscape of digital identity, and the promising intersection of software and hardware security marked a day of rich discussions and commitments toward building a more resilient and secure digital future. The conversation underscored the imperative for the industry to evolve in sync with the ever-changing threat landscape and to prioritize collaboration, transparency, and early alerting mechanisms.
Day 2 Keynote: My Lessons From the Uber Case
Joe Sullivan's keynote provided insights into the aftermath of a high-profile security incident at Uber. Convicted of two felonies related to the incident, Sullivan spoke candidly about the need for a better collaboration model between the private sector and government. He highlighted the personal and industry-wide repercussions of such convictions, emphasizing the importance of building trust with other departments and preparing teams for cybersecurity crises. Also of interest were his insights into the personal challenges that the Uber case created for cybersecurity leaders and their potential desire to exit the industry due to the risks of malicious prosecution by the federal government.
Highlighted Presentation – Managing Security Threats to Your Hybrid Active Directory
Quest's presentation focused on the critical role of Active Directory (AD) in cybersecurity. AD compromises were deemed catastrophic, with organizations often overlooking its significance. The session offered best practices for identity and AD resilience, addressing issues such as NTLM usage, group permissions, and the challenges hybrid environments pose.
Highlighted Presentation – The Purpose and Future of Endpoint Security: How Successful Malware is Created & How Zero Trust Protects
Danny Jenkins delved into the purpose of cybersecurity, emphasizing the intent and behavior differentiating malware from traditional software. The presentation underscored the challenges in detecting AI-generated malware and highlighted the effectiveness of a zero trust approach, including allowlisting/whitelisting and proactive detection and response.
Bluehound: A Powerful Addition to the Blue Team Arsenal
One of the Arsenal demonstrations that stood out was the demo of the open source tool Bluehound. Dekel Paz and Sagie Dulce, from Zero Networks, unveiled Bluehound during a fascinating demonstration at Black Hat Europe. Positioned as a tool for blue teams, Bluehound is designed to empower defenders by pinpointing security issues that truly matter within a network. By centralizing data on user permissions, network access, and unpatched vulnerabilities, Bluehound illuminates the potential paths attackers might exploit if inside the network. With a focus on defense research and a commitment to open source contributions, Bluehound is the latest addition to Zero Networks' toolbox. The tool allows for customizable output, including graphs, lists, and reports tailored for CISOs. Its capabilities extend to tracking improvements, sharing dashboards with the community, and providing a holistic view of vulnerabilities and attack paths. The vision for Bluehound involves continuous updates, integration with third-party tools, and fostering community collaboration through platforms like Slack, where enthusiasts and security professionals can contribute to the tool's development and share insights. Bluehound's evolution is documented on its GitHub repository, offering videos and information for those interested in utilizing this innovative contribution to the cybersecurity landscape.
Locknote: Conclusions and Key Takeaways From Day 2
The concluding panel of Black Hat Europe 2023's second day, featuring Vandana Verma, Ali Abbasi, Jiska Classen, Jeff Moss, and Kenneth White, provided a comprehensive reflection on the intricate challenges the cybersecurity landscape faces. The panel explored the necessity of holding vendors accountable and enhancing visibility into third-party risks, paralleling the discussions on a Software Bill of Materials (SBOM) and the need for a Network Bill of Materials (NBOMs). Conversations highlighted the increasing traction of passwordless/SSO/2FA, with a caveat regarding added complexity and fragility. The panelists also shared their thoughts on the urgency of the industry to shift its focus toward supply chain security and the establishment of whitelists for known trusted network connections. The discussions also unveiled exciting advancements at the intersection of software and hardware security, underlining the importance of transparency and the pressing need for better early alerting technology.
Black Hat Europe 2023 provided a comprehensive exploration of the ever-evolving cybersecurity landscape, offering valuable insights and actionable strategies to tackle emerging threats. The conference underscored the importance of collaboration, transparency, and continuous adaptation to stay ahead in the dynamic world of cybersecurity and this brave new AI-powered and integrated frontier.