Black Hat 2024, one of the biggest information security events of the summer, concluded on August 8. AI is having an impact on everything from business and end users to sports and politics at this moment in time. It also occurs at a time when the environment of cyber threats is constantly changing. View the main conclusions from the event as determined by Spiceworks News & Insights.
- Black Hat USA 2024, one of the biggest cybersecurity events of the year, took place from August 3–8, 2024, at the Mandalay Bay Convention Center in Las Vegas. AI and its role in security were the subject of several talks and vendor exhibits at the conference.
- Microsoft patches and updates were a major topic of conversation, among other things.
- As customary, some vendors introduced new goods and improvements to their current offerings at the event.
Black Hat 2024, one of the biggest information security events of the summer, came to an end on August 8. The conference is being held at a time when many democracies are about to have elections and are at risk from increased geopolitical unrest and cyberattacks. It also occurs at a time when the landscape of security threats is constantly changing and artificial intelligence (AI), particularly generative AI (GenAI), is having an impact on every aspect of life, including politics, sports, and business.
As a result, there were numerous product and solution providers at the conference, and there were also talks on artificial intelligence and the steps that companies and governments are taking to strengthen their security. Furthermore, how can the recent Microsoft/CrowdStrike outage be ignored in terms of its security implications? We overheard multiple discussions regarding Microsoft patches and upgrades during the conference.
The first four days of the infosec conference featured training seminars on a variety of topics, including ransomware response, space system security, identifying flaws and behavioral threats, Active Directory security, cloud incident response, and much more. These presentations were similar to those held last year. These training programs drew in thousands of infosec and cybersecurity experts, ranging in experience from novice to expert. Several security specialists and two keynote speakers have occupied the main stage over the past two days.
Having said that, Spiceworks News & Insights has recognized the following important lessons.
Key Takeaways From Black Hat 2024
1. Keynotes and main stage
Signal’s founder Moxie Marlinspike and Black Hat founder Jeff Moss discussed important issues influencing privacy in the future.
Moss and Marlinspike had a fireside conversation and discussed the important issues influencing privacy going forward. They explored the difficult trade-offs between privacy and security and talked about examples of negotiating these trade-offs using their real-world experiences.
Moss and Marlinspike went on to explain why protecting personal data ought to be a primary concern for companies, as well as the duties of developers and cyber leaders in this endeavor. Their discussion also covered the vital role that privacy plays in facilitating societal transformation.
ThreatLocker’s co-founder and CEO, Danny Jenkins, gave a speech on identifying and mitigating software vulnerability and supply chain risks.
With the advancement of technology and the introduction of new tools, solutions, and technologies, the software ecosystem has grown increasingly complex. Risks associated with individual applications are multiplied in an ecosystem this complex. Finding inadvertent weaknesses or backdoors that can be abused in an organization’s environment is just as important for lowering supply chain risks as keeping up with the most recent hacker intelligence.
Jenkins went into great length on how businesses may recognize and lower the risk to their software infrastructure to avoid disruptions to their operations.
See more: Experts and OpenAI Warn Users Against Developing Emotional Attachment With GPT-4o Voice Mode
2. AI takes center stage
It should come as no surprise that AI dominated the conference, given that the industry’s worth is expected to increase by over 13 times in the next six years and that hundreds of new AI-powered products and solutions are released on a biweekly basis. Phrases like LLM, AI, and GenAI were prominently displayed at a lot of vendor exhibits. A lot of talks also covered the role—and associated risks and rewards—of artificial intelligence in security.
NVIDIA, for instance, discussed the main risks to large language models (LLMs). The NVIDIA AI Red Team discovered that one of the trickiest types of attacks is indirect prompt injections, where an LLM interprets and executes a command from an external source. Plugins are the second main source of suffering, as they might not be constructed securely. They may be used by attackers to gain access to the model itself downstream.
Richard Harang, lead AI and ML security architect at NVIDIA, suggested using traditional application security techniques to address and strengthen these issues. Limiting user access permissions is part of this. Organizations should harden plugins to the point where they feel secure enough to leave them online.
Although GenAI and LLMs have generated controversy, experts think the technology has useful applications in security, like evaluating vast amounts of threat intelligence and improving the readability of technical data for humans. Nevertheless, Chuck Herrin, field CTO of f5’s API security, told TechTarget that going forward, it will be more crucial to distinguish between useful use cases and gimmicky ones. Furthermore, according to David Kennedy, the CEO and creator of TrustedSec, artificial intelligence hasn’t brought much innovation to the security sector, even though many businesses claim to use it. Additionally, he stated that a lot of businesses include technology without taking into account the true functions of their AI products.
Researchers in security have also cautioned that AI attacks are becoming more frequent and could someday be fatal. For instance, the AI Threat Landscape study was just released by the cybersecurity startup HiddenLayer. The report claims that malicious actors are attempting to take advantage of the fact that companies are depending more and more on artificial intelligence. According to HiddenLayer’s head of threat intelligence, Chloé Messdaghi, hackers have already developed several techniques for using AI for evil. Data poisoning, model theft, and model evasion are a few techniques. Code injection, prompt injection, and supply chain attacks are further techniques that certain threat actors might employ.
Messdaghi believes that as more companies use AI models, there will be a dramatic rise in hostile attacks against AI. If companies need to protect end users and customers in the interim, they should adapt to the shifting threat landscape.
3. Microsoft outages and patches have become a major discussion point
Experts can’t stop talking about the security ramifications since the Microsoft/CrowdStrike global outage and Microsoft’s Azure outage within a few days made headlines. Microsoft’s patches and updates, along with outages, naturally became hot subjects of conversation during the infosec conference.
Threat actors could use zero-day vulnerabilities in downgrade attacks, as demonstrated by security researcher Alon Leviev of SafeBreach, to reintroduce previous vulnerabilities and unpatched fully updated Windows, 10, 11, and Server systems. He found that it is possible to hack the Windows update process to degrade important operating system components, such as the NT Kernel and DLLs. Windows Update would claim to have updated the system completely even while some components were out of date. Tools for scanning and recovery would not be able to identify the problems. EDR (endpoint detection and response) systems would likewise be unable to stop the downgrade assault.
Leviev could also downgrade the Secure Kernel and Isolated User Mode Process of Credential Guard as well as the hypervisor of Hyper-V by making use of the zero-day vulnerabilities. Using this, he may make hundreds of previously patched vulnerabilities available again.
In tandem with the Black Hat discussion, Microsoft also announced warnings on two unpatched zero-days, CVE-2024-38202 and CVE-2024-21302, offering mitigating guidance until a remedy was made available.
The business only fixes vulnerabilities that friendly researchers point up, rather than revamping programs to eliminate entire classes of assaults, as several former employees and outside researchers have complained about. The business is now facing criticism for additional security lapses that let spies access high-ranking US official email accounts. Microsoft has therefore promised to include security performance in compensation appraisals this year.
4. Product and feature announcements
Here are a couple that are noteworthy among the many product and feature releases that took place during the conference.
- Bugcrowd is a crowdsourced security platform that recently added Continuous Attack Surface Penetration Testing (CASPT) to its offerings. The solution is intended for clients with dynamic attack surfaces who perform penetration testing just once or twice a year, putting assets at risk of exposure to new threats while they are unable to take prompt action to mitigate them. When modifications are discovered, CASPT is supposed to assist users in doing a baseline test and communicating incremental changes concerning updated and new risks or assets with a curated testing team.
- The managed cybersecurity platform Huntress has introduced its new managed security information and event management (SIEM) solution. With a focus on the particular requirements of MSPs and their SMB clients, this service seeks to be a more cost-effective and straightforward alternative.
Availability of Harmony DLP: Data loss prevention company Check Point announced early access to its new Harmony DLP (data loss prevention) service. The service expands the DLP capabilities of the business to endpoints. Additionally, the business unveiled enhanced features for its Infinity ThreatCloud AI technology. It also revealed new features for identifying and evaluating the applications of GenAI that are being used within an enterprise. - AppOmni ITDR enhancements: To improve identification and threat detection capabilities in enterprise SaaS systems, AppOmni, a provider of SaaS security solutions, unveiled several technological advancements. These comprise the open-source SaaS Security Health Dashboard, the improved open-source SaaS Event Maturity Matrix, and identity-centric analysis.
- Features new to Endor Labs: Two new offerings from software supply chain security solutions company Endor Labs are Endor Magic Patches and Upgrade Impact Analysis. Customers should be able to identify any unexpected implications of a software upgrade with the first. It is anticipated that the second feature will make vulnerability reduction easier by enabling security patches instead of requiring the installation of cumbersome, full upgrades.
- Offerings and upgrades related to Singularity: SentinelOne announced several product changes, including the general release of Singularity MDR (managed detection and response) and Singularity MDR plus DFIR. The business also revealed improvements to its Singularity platform, such as the introduction of new alert summaries driven by artificial intelligence and increased support for alert queries.
5. Other key highlights
- The platform for security awareness and compliance training, KnowBe4, announced the creation of National Social Engineering Day, which is celebrated on August 6 of each year.
- The NCC Group described the flaws in a variety of Sonos smart speakers as well as the results of its most recent investigation into the security and safety of consumer connectable items. The investigation claims that Sonos’s vulnerability patches revealed flaws in important device components. These flaws could be used by threat actors to get beyond security measures and secretly capture all audio. Additionally, the business released a whitepaper outlining how vulnerabilities impact various device components and emphasizing the need for better security methods and policies.