On the annual cybersecurity calendar, few if any events hold the mystique and allure of the Black Hat USA event, which has long been the place where new exploits and research are revealed.
The 2020 event was unlike any other Black Hat event, going entirely virtual, but that didn’t stop the flow of content spanning nearly every facet of IT security including cloud, wireless, desktop and Artificial Intelligence (AI) among other categories. With November coming soon, the 2020 U.S election was a key topic of conversation as well across multiple sessions.
“I don’t think I’ve ever encountered a problem that is harder than the security and integrity of civil elections,” Matt Blaze, McDevitt chair in computer science and law at Georgetown University in Washington DC, said during the opening keynote for Black Hat. “It’s fundamentally orders of magnitude more difficult and more complex than almost anything else you can imagine.”
Matt Olney, Director of Talos Threat Intelligence at Cisco was also among the speakers that looked at the issue of election security. While there is still much room for improvement, Olney emphasized that things have changed over the last four years and the environment that adversaries will face in 2020 is different than what they would have seen in 2016. Olney noted that attackers aren’t really looking to change votes, rather they have a somewhat more insidious goal.
“What they really want to do is destroy public confidence in the institutions that administer these elections,” Oleny said. “And by doing so, destroy the public confidence in their leaders and destroy the world’s confidence in western democracy.”
DNS security
DNS Security has been a topic that has been discussed at Black Hat for well over a decade in different iterations.
DNS is fundamental to the operation of the internet, connecting domain names to IP addresses in a consistent and resilient delivery system. Over the past year, there has been an increasing move to encrypt DNS, with an approach known as DNS over HTTPS (DoH), which was discussed in a session led by Eldridge Alexander, manager of Cisco’s Duo Labs, Security Research and Development.
“DNS was created in 1983. Now 37 years later, why is DNS encryption a relevant topic?” Alexander stated during his session. “Why is it taking us 37 years to go from an unencrypted to an encrypted protocol if it’s something that we need to do?”
Alexander explained that in 2020 adoption of encrypted DNS has finally accelerated as multiple vendors have embraced the DOH approach as a way that can effectively be managed to mitigate some security risks.
Security and the COVID-19 pandemic
The COVID-19 pandemic has impacted the lives of billions of people around the world and has had a large impact on multiple facets of cybersecurity.
Shyam Sundar Ramaswami, Umbrella Security Researcher at Cisco, detailed in a Black Hat session how attackers are taking advantage of the pandemic to deploy new forms of trojan malware. Ramaswami noted that there has been a rise in malspam, that is spam email with embedded malware, that has content targeted at the pandemic. For example, telling users what to do about COVID-19 or how to get test results.
See also: Your data has a life of its own
“Threat actors are using this pandemic condition and the situation to create a lot of fear,” Ramaswami said.
Using a variety of analysis techniques include an approach known as Rapid Static Analysis, Ramaswami explained in specific technical detail how the pandemic malspam can be rapidly identified.
Cybersecurity in the post pandemic world
While dealing with the current risks from pandemic associated threats is one issue, many are also concerned about the post pandemic world. In a panel event, Wendy Nather, Head of Advisory CISOs for Duo Security at Cisco provided her insights into where cybersecurity is headed.
A key theme that has emerged in the pandemic era is the rise of remote work. Nather noted that remote access is nothing new. That said, she emphasized what is new is that it now has to scale to the entire enterprise.
See also: SASE explained
While remote work isn’t new, she commented that the concern is for those organizations who threw something in quickly security-wise, but weren’t thinking about the long term. For those organizations she said that the question is, how do we build something that is more resilient?
That’s where Zero Trust models come into play, according to Nather. Zero Trust offers the opportunity to secure endpoints beyond just an enteprise’s data center and it’s an approach that is really needed now.
