AI and Cybersecurity Take Center Stage at Largest-Ever Black Hat USA
New research at Black Hat is focused on ransomware gangs, and ChatGPT and generative AI apps.
![Black Hat USA logo 2023 Black Hat USA logo 2023](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltb8ffcb75c24bf24c/6523eb6311c6ceea26f47075/Black-Hat-Feature-Image-2023.jpg?width=700&auto=webp&quality=80&disable=upscale)
This week’s Black Hat USA is going to include several new features for attendees, said Informa Tech/Black Hat’s Steve Wylie.
“We do have a new Black Hat-certified pen tester certification that we rolled out earlier this year, so that’s something we’ll be offering at the event and events moving forward,” he said. “We also have a new conference summit on entrepreneurship. And the focus on that is there’s inevitably people that are thinking up those next new ideas and are going to be creating businesses around those. So we wanted to more formally address that this year with an entrepreneurship summit program. It’s very much focused on how someone with a budding business idea around cybersecurity might leverage Black Hat and the wealth of knowledge of people that come to that event to help them in that pursuit.”
There’s also a new summit program focused on diversity within the cybersecurity community, Wylie said.
“Within our position in the cybersecurity community as the most important conference of the year, we feel like there’s a responsibility that comes with that,” he said. “We’ve always had a lot of focus on important social issues impacting the cybersecurity community. So this year is no different. We’re going to be talking about everything from inclusion in cyber, breaking barriers within cyber for people trying to advance in their career, things like microaggressions and burnout in cyber. All of those sorts of things will be will be addressed.”
Black Hat USA is very representative of a global audience, Wylie said.
“It’s the biggest event of the year or the most important event of the year for anyone in cyber,” he said. “So we do tend to draw from all over the world. The cybersecurity community is very global and Black Hat as a reflection of that tends to be as well. So we’re expecting good representation from around the globe. A lot of the research comes from researchers around the globe as well. So the talks that we have at Black Hat, known as the Black Hat briefings, that all comes from researchers, from anywhere, and they’re just trying to get onto the Black Hat stage, which is really the world stage for cybersecurity researchers to be able to present their their research.”
Compared to RSAC, what makes Black Hat special is that it reflects the community, Wylie said.
“It’s a conference-led event,” he said. “The focus is on the Black Hat briefings and we’ll have nearly 100 briefings this year, so conference sessions on a lot of that original research. We have the Black Hat training, so we’ll have 90-plus courses that are running, two-day and four-day courses in advance of the event.
We also have the Black Hat Arsenal program. That’s our open source tools part of the event and that’s 90 tools strong this year. So I think what makes Black Hat unique is that it’s got that connection to the community and to the content coming out of the community, the original and important research that is so important for anyone to do their jobs in cybersecurity. They have to stay abreast of the current threat landscape and there’s no better place in the world to do that than at Black Hat.”
Black Hat has always had a strong startup program within the Business Hall, Wylie said.
“What we launched last year and we’re building on is something we’re calling the Black Hat spotlight competition, where we have put out to the community a call for submissions for startups who are looking for that attention and validation from the wider community on what they’re doing,” he said. “So we’ve held the spotlight competition and the top four companies that have made it through a couple of rounds of voting are going to be there at Black Hat presenting their business idea on the stage. These four winners were also given some space at the event to help them along, to talk to the community about what they’re doing. And we’ll name the winner of that at the event.”
This competition and the entrepreneurship summit should help those startup companies get some attention with what they’re doing, Wylie said.
Wylie said there are two things he hopes attendees can take with them from Black Hat.
“First and foremost, it’s connections,” he said. “We hear all the time that one of the most important things that attendees get out of going to a conference like Black Hat is the connections they make, being able to connect with peers and share best practices, that sort of thing. I believe, for a really good conference that serves its community, it has to have that very strong networking and ability to connect with others. And Black Hat is second to none in that regard.”
Second, attendees can take with them a massive amount of content, Wylie said.
“Black Hat is known for content, content, content,” he said. “I hope their minds are blown and they come away with a lot of good, actionable information, which is going to help them in their jobs, because the threat landscape is only getting more difficult for cybersecurity professionals, and coming to a conference like Black Hat to really stay ahead of that is just so critical to the work that they’re doing.”
At Black Hat, Sophos released new findings highlighting the connections between the most prominent ransomware groups this past year, including Royal.
Over the course of the first three months of 2023, Sophos X-Ops investigated four different ransomware attacks, one involving Hive, two by Royal and one by Black Basta, and noticed distinct similarities between the attacks. Despite Royal being a notoriously closed off group that doesn’t openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities. Sophos is tracking and monitoring the attacks as a “cluster of threat activity” that defenders can use to speed up detection and response times.
The unique similarities include using the same specific usernames and passwords when the attackers took over systems on the targets, delivering the final payload in a file named after the victim organization, and executing commands on the infected systems with the same batch scripts and files.
Sophos X-Ops succeeded in uncovering these connections following a three-month long investigation into four ransomware attacks. The first attack involved Hive ransomware in January. This was followed by Royals’ attacks in February and March, and Black Basta’s attack in March. Near the end of January, a large portion of Hive’s operation was disbanded following a sting operation by the FBI. This operation could have led Hive affiliates to seek new employment, perhaps with Royal and Black Basta, which would explain the similarities in the ensuing ransomware attacks. Because of the similarities between these attacks, Sophos X-Ops began tracking all four ransomware incidents as a cluster of threat activity.
Andrew Brandt, Sophos‘ principal researcher, said these findings point to a greater probability that the Royal ransomware group is using an affiliate model for how it does its business.
“Royal had not been observed soliciting affiliate business on criminal forums previously, to my knowledge, and this clearly points to a playbook or habit, probably executed by a specific threat actor or group, who has worked with Royal, as well as with Black Basta and Hive,” he said. “While these details do not provide any particular help preventing ransomware attacks, uncovering the details from playbooks like these can help investigators and authorities identify specific individuals or groups as they move from ransomware to ransomware, with a goal of eventual prosecution.”
Organizations that have not locked down “absolutely everything they can” with multifactor authentication (MFA) should be doing that, Brandt said.
“Organizations that have not blocked access to Windows Remote Desktop (RDP) connections from the outside world on their internet-facing servers and workstations need to do that right away,” he said. “It also behooves organizations of any size who use commercial remote-access tools for IT management to lock down with MFA the accounts they use on the services they use. But they also need to be monitoring for the sudden and unexpected appearance of commercial remote-access tools that they explicitly do not use, and isolate any computer where an unexpected remote-access tool is discovered. None of these are new suggestions, and yet we still routinely discover that organizations of all sizes can miss these important steps and leave themselves vulnerable.”
Also at Black Hat, BlackBerry released new research showing 75% of organizations worldwide are currently implementing or considering bans on ChatGPT and other generative AI applications within the workplace.
Sixty-one percent of those deploying or considering bans said the measures are intended as long term or permanent. Risks to data security, privacy and corporate reputation are driving organizations to take action. In addition, 83% voiced concerns that unsecured apps pose a cybersecurity threat to their corporate IT environment.
Despite their inclination towards outright bans, the majority also recognize the opportunity for generative AI applications in the workplace to increase efficiency (55%) and innovation (52%), and enhance creativity (51%). When it comes to using generative AI tools for cybersecurity defense, 81% remained in favor, suggesting that IT decision makers don’t want to be caught flat-footed and give cybercriminals the upper hand.
Shishir Singh, BlackBerry‘s cybersecurity CTO, said organizations should take a “cautious yet dynamic” approach to generative AI applications.
“Banning generative AI applications in the workplace can mean a wealth of potential business benefits are quashed,” he said. “At BlackBerry, the pioneer of AI cybersecurity, we are innovating with enterprise-grade generative AI, keeping a steady focus on value over hype, and are exercising caution with unsecured consumer generative AI tools. As platforms mature and regulations take effect, flexibility could be introduced into organizational policies. The key will be in having the right tools in place for visibility, monitoring and management of applications used in the workplace.”
The research also revealed although 80% of IT decision makers agree organizations are within their rights to control the applications that employees use for business purposes, 74% think that such bans signal “excessive control” over corporate and BYOD.
For CIOs and CISOs, unified endpoint management (UEM) provides the required controls over which applications can connect to the corporate environment, ensuring enterprise security together with user privacy by containerizing corporate data, according to BlackBerry.
Cloud security giant Barracuda Networks on Tuesday unveiled a new partnership with Cork, the cyber monitoring and warranty company for MSPs’ SMB customers.
The relationship culminates in a brand-new Barracuda Cyber Warranty, a financial protection product that Barracuda is embedding in its full-stack managed services offering. This gives MSPs a complete cybersecurity-as-a-service offering and increases the value they can offer customers by protecting them from the financial impact of cyberattacks. Specifically, customers get costs covered related to data recovery, business interruption and incident response in the event of a ransomware attack or business email compromise.
They also get faster payouts than with traditional cyber insurance, the companies said.
“It falls into what we do in a monthly model. It’s literally a monthly subscription,” Neal Bradbury, SVP, MSP business at Barracuda, told Channel Futures at last week’s CompTIA ChannelCon in Las Vegas. “The MSP gets it from us monthly, they add it as part of their MSP service offering, or if they choose to bundle it per user, per device, whatever they do on their MSP contract, they can bundle this in and charge for it monthly. So it fits incredibly well with the way we sell to MSPs and the way MSPs sell to their end users.”
In that same sit-down interview, Carlson Choi, CEO of Cork, described how this cyber warranty partnership is different from others available in the market.
“We’ve moved to a more modern way of continuous monitoring and are using that to assess risk and prevent [attacks] from happening. Even when there is a claim, it’s not a process that [takes months]; it’s days, because our goal is really helping the MSP to get their SMB client back up and running without business interruption,” said Choi.
At Black Hat, Synopsys announced two new collaboration agreements with NowSecure and Secure Code Warrior to expand its software integrity group’s portfolio of application security testing (AST) solutions.
Synopsys is introducing two new application security solutions leveraging these strategic partners. The new solutions are Synopsys Mobile Application Security Testing powered by NowSecure and Synopsys Developer Security Training powered by Secure Code Warrior. Both are available globally.
Synopsys Mobile Application Security Testing is an automated continuous mobile application security testing (MAST) solution built for securing the complex infrastructure of the mobile software development life cycle (SDLC).
Synopsys Developer Security Training is an enterprise-grade learning platform designed to help developers become security-capable, while also giving security leaders a streamlined method for standardizing security practices across the organization.
“Partnering with two of the most prominent leaders in their respective areas of cybersecurity allows Synopsys’ global roster of customers to stay ahead of the continually evolving threat landscape,” said Jason Schmitt, general manager of the Synopsys software integrity group. “The NowSecure automated mobile capabilities seamlessly complement Synopsys’ industry-leading managed services in mobile application security testing to provide an unparalleled level of coverage and scalability. Additionally, reducing software risk must begin at the developer desktop, and Secure Code Warrior’s developer-centric approach to security training has proven to be effective in embedding secure coding principles into an organization’s development culture.”
Also at Black Hat, NetSPI debuted its machine learning/artificial intelligence (ML/AI) penetration testing solution aimed at bringing a more holistic and proactive approach to safeguarding ML model implementations.
The solution focuses on two core components. Those are identifying, analyzing and remediating vulnerabilities on ML systems such as large language models (LLMs), and providing grounded advice and real-world guidance to ensure security is considered from inception to implementation.
As adoption of ML and AI accelerates, organizations must understand the unique threats that accompany this technology to better identify areas of weakness and build more secure models, according to NetSPI.
Lauren Gimmillaro, NetSPI’s vice president of business development and strategic alliances, said NetSPI’s partners can help their customers navigate their ML/AI security challenges with confidence, backed by NetSPI’s expertise in ML and data science to help them secure their innovation.
“This new testing capability will open opportunities across their customers’ tech stack, including cloud, web and applications as our reports and recommendations for remediation are brought to them in real time,” she said. “Some specific examples of new opportunities include data set security, adversarial testing and API security.”
AI innovation and the fast adoption of ML systems into production is happening whether companies are ready or not, Gimmillaro said.
“It’s critical that we help our partners cater to a diverse range of industries and deployments in this space, from chatbots to data analytics, to text generation and everything in between,” she said. “Our testing methodology is rooted in adversarial ML and backed by a team of over 200 pen-testing experts that are equipped to test against real adversarial attack techniques. This is the advantage we help our partners deliver to their customers.”
Also at Black Hat, NetSPI debuted its machine learning/artificial intelligence (ML/AI) penetration testing solution aimed at bringing a more holistic and proactive approach to safeguarding ML model implementations.
The solution focuses on two core components. Those are identifying, analyzing and remediating vulnerabilities on ML systems such as large language models (LLMs), and providing grounded advice and real-world guidance to ensure security is considered from inception to implementation.
As adoption of ML and AI accelerates, organizations must understand the unique threats that accompany this technology to better identify areas of weakness and build more secure models, according to NetSPI.
Lauren Gimmillaro, NetSPI’s vice president of business development and strategic alliances, said NetSPI’s partners can help their customers navigate their ML/AI security challenges with confidence, backed by NetSPI’s expertise in ML and data science to help them secure their innovation.
“This new testing capability will open opportunities across their customers’ tech stack, including cloud, web and applications as our reports and recommendations for remediation are brought to them in real time,” she said. “Some specific examples of new opportunities include data set security, adversarial testing and API security.”
AI innovation and the fast adoption of ML systems into production is happening whether companies are ready or not, Gimmillaro said.
“It’s critical that we help our partners cater to a diverse range of industries and deployments in this space, from chatbots to data analytics, to text generation and everything in between,” she said. “Our testing methodology is rooted in adversarial ML and backed by a team of over 200 pen-testing experts that are equipped to test against real adversarial attack techniques. This is the advantage we help our partners deliver to their customers.”
BLACK HAT USA — Las Vegas is global cybersecurity central this week with the biggest-ever Black Hat USA conference.
Last year’s Black Hat USA drew about 21,000 attendees and 450 exhibitors, and this week’s conference is expected to surpass those numbers. And more than 110 countries are represented at the event.
Steve Wylie, vice president of the cybersecurity market group at Informa Tech and Black Hat general manager, said Black Hat was fully back from the pandemic last year “and this year we’ve just built on that.” (Informa Tech is Channel Futures’ parent company.)
Black Hat’s Steve Wylie
“It’s going to be the biggest Black Hat event on record for sure,” he said.
AI Biggest Tech Topic This Year at Black Hat USA
The combination of artificial intelligence (AI) and cybersecurity was a hot topic at RSAC, and it’s going to be equally prominent at Black Hat, Wylie said.
“AI is arguably the biggest topic in tech this year,” he said. “With that, there are big question marks around security and privacy, and different implications, different things to consider there. And I think within cyber, it’s kind of a two-pronged consideration where on the one hand, you’ve got the cyber vendors that are very much employing AI as part in their tool sets to deliver better tools to customers, but then you have the other side of AI, which is how are we, the cybersecurity community, going to respond and manage this new world that is very AI centric. So I think that’s certainly a big topic.”
The opening keynote by Maria Markstedter, founder of Azeria Labs, will address AI and cybersecurity, and tacking some of those big questions, Wylie said.
“AI can be a very effective way for the vendors to enhance their products, to make them more effective in the fight against cyber threats,” he said. “But there’s also the other side of that coin of how AI is going to be leveraged by the bad guys and how we’re going to defend against that.”
Scroll through our slideshow above for more from Wylie and news from this week’s Black Hat USA.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like