Top 6 cybersecurity trends to watch for at Black Hat USA 2020

Experts weigh in to share their thoughts on the hottest topics to expect at this year's all-digital Black Hat conference.

Data Security

Image: Andriy Onufriyenko / Getty Images

At this year's Black Hat USA 2020 computer security conference, some of the top trends expected to surface include ransomware, election security and how to protect a remote workforce.

This is the 23rd year for the conference, which will be entirely virtual for the first time and will take place from Aug. 1-6. According to the latest Gartner forecast, information security spending is expected to grow 2.4% to reach $123.8 billion in 2020.
 
TechRepublic talked to experts that will be attending Black Hat to find out what they think some of the biggest topics will be at the event.

Ransomware attacks are a continued threat

Trend Micro's vice president of cybersecurity, Greg Young, said, "Cybercrime increased rather than slowed down due to the pandemic, as we saw 1 billion more threats blocked in the first half of 2020 compared to 2019. Recent examples of major ransomware attacks, and high profile Twitter accounts being taken over remind everyone of how quickly an attack can cripple a business."

Young continued, "At Black Hat 2020 I expect we'll hear most about XDR (Extended Detection and Response) as threats have learned to not set off the known obvious alarms and blocking and are more stealthy as they move between traditional security silos. Related to that will be protecting a remote workforce, and the Mitre ATT&CK framework and more complex threat-hunting. Although the talks won't likely be labeled as such, cyber resilience will be a consistent thread reflecting the transformation that businesses and governments of all sizes had to undergo during the first half of this year."

Election security will be a huge discussion point

Kaspersky researcher Kurt Baumgartner said, "Election security is a very big topic, and there are several upcoming talks on it. However, it is uncertain that there will be any technical meat to them – they seem to be more policy and operation focused. It's also highly unlikely that speakers will produce any new information on election related incidents in 2016. For example, details on the 2016 incidents in Florida have not been forthcoming."

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

Erez Yalon, head of security research at Checkmarx, said, "With almost 100 talks scheduled, we can expect many topics to be covered, but I think we'll see bigger trends like election security and security concerns related to 4G/5G networks take center stage. Other current technology trends discussed will range from software composition security, AI, as well as everything in the vast field of Cloud-Native computing like containers, clouds, Everything-as-a-Service, and other infrastructure topics."

Marc Rogers, executive director of cybersecurity at Okta, expects to see several big trends at Black Hat this year. The first is election security. "I think the topic at the forefront will be securing the upcoming election in November. Work in the security community has been gathering steam ever since the 2016 election and this is now starting to bear fruit. We now have a lot of very high profile, respected members of the security and research community who are authorities on election security, and we are finally starting to wrap our arms around the problem. That said I think we have a very long way to go. I do not feel we are in a good place for this election and I am concerned many of the risks identified in 2016 have gotten worse not better. With the backdrop of the pandemic and societal issues we will have some challenging work ahead of us."

Tied into election security is disinformation and cognitive exploitation, he said. "While a lot of this goes hand in hand with election security, I think the human factor is going to be a big area of focus again. Humans are being attacked, whether it's through misinformation campaigns that astroturf protests or sow seeds of doubt amongst the electorate or more direct attacks like phishing and vishing attacks which attempt to trick users into compromising their own companies."

Samantha Humphries, security strategist, Exabeam, said, "We expect conversations at Black Hat to center around the ethics and regulation of contact tracing around the globe, and of course, election security -- particularly in light of President Trump's statements around mail-in ballot fraud concerns this week, the recent OmniBallot vulnerability discovery and last year's DEF CON research that showed virtually every type of voting machine can be compromised. 2020 marks the fourth year that DEF CON will host a dedicated Voting Machine Hacking Village, so there could be new discoveries ahead of this year's presidential election."

The virtual workforce is a target for cyber crime

Tom Kellermann, head of cybersecurity strategy atVMware Carbon Black, said, "Black Hat USA 2020 will highlight the dramatic surge and increased sophistication of cyberattacks amid COVID-19. A recent VMware Carbon Black report found that from the beginning of February to the end of April 2020, attacks targeting the financial sector have grown by 238%. Cybercriminals are also preying on the virtual workforce, the mass shift to remote work has sparked increasingly punitive attacks. Malicious actors have set their sights on commandeering digital transformation efforts to attack the customers of organization. These burglaries have escalated to a home invasion, with destructive attacks exploding to a 102% increase with the use of NOTPetya style ransomware and wipers. Spear phishing is no longer the primary attack vector, rather OS vulnerabilities, application exploitation, RDP open to the internet, and island hopping have risen to the top."

Code42 CISO and CIO Jadee Hanson, said, "Top of mind for me is how the mental and emotional wellbeing of our workforce during the pandemic is impacting people's work and behavior and, as a result, their risk profiles. Businesses need to have a strong pulse on how their employees are doing. At Black Hat, I expect there to be discussions about how employee risk profiles are changing and how security is responding to mitigate unnecessary exposure to their businesses."

Gerald Beuchelt, CISO at LogMeIn, said, "With Black Hat being a completely virtual conference this year, there is no doubt that the security implications of remote work will take center stage. Organizations continue to struggle with implementing identity management and authentication processes in this new highly dispersed work environment, and remote workers continue to introduce new insecure behaviors – from using personal devices for work, to reusing weak credentials for personal and work applications. A lot of the conversations coming out of Black Hat will likely touch on the accelerating speed and volume of attacks as well as the expanded threat surface organizations are facing in this new era of remote work, how they can best secure their workforce and keep the new corporate environment safe – whether teams work in office, at home or a mix of both."

Joe Partlow, CTO at ReliaQuest, said, "I expect the virtual stages and virtual halls of Black Hat to echo with a couple of big trends. Above all is the new normal of cybersecurity, post-pandemic. This is ultimately about rapidly evolving attack surfaces and how to maintain visibility across them as they become more complex. The overnight shift from office to work from home – and now, for many enterprises, to employee populations now mixed somewhere in between – has driven security teams to re-baseline everything from brute force logins to geographic anomalies while grappling with BYOD and a host of other network and endpoint issues."

Mobile and communications security is essential

Rogers said he also sees mobile and communications security as a big topic. "With everyone in the world working remotely the devices and systems we use to communicate are under more scrutiny than ever before by both good guys and bad guys. As a result, research into this area has really taken off. From deep dives into communications specification security such as 5G architecture and software down to the security of individual devices like mobile phones. Due to the spotlight shone by apps like covid tracing tools and suspected nation-state information gathering tools every aspect of the mobile device is now under the microscope. I expect to see a raft of hardware, and software vulnerabilities from privacy issues to full on trust integrity issues that can lead to total compromise."

Healthcare security is more important than ever

And finally, healthcare. Rogers said, "Healthcare is top of mind for all of us during the pandemic and it's the same for the research community. Many researchers are looking at medical devices and systems both to try and identify vulnerabilities so that they can protect patients in the time of COVID and also to try and move the medical community to being better at securing their products and systems by design. Historically due to budget constraints and the fact that medical devices and systems remain blackbox the medical industry has not been a great example of security. Now due to the concerns around the pandemic many are seeing a great opportunity to research and influence in a positive way."

Jonathan Langer, CEO and co-founder of Medigate, also rang in on the importance of healthcare. He said "As the sessions at Black Hat 2020 indicate, healthcare cybersecurity is a major topic on the industry's mind right now. It's no secret why – the last few years have seen a marked increase in threats against hospitals and health centers as attackers look to access critical information which they can use for monetary gain. However, what's more apparent from the agenda is a shift in how cybersecurity experts are designing their solutions to fit healthcare's unique IT security needs.

Langer said, "No longer are we seeing a one-size-fits-all approach offered by the majority of vendors, instead there is a renewed focus on understanding how to best protect individual organizations, and also collaborating with industry peers to facilitate this security. The recent COVID-19 pandemic highlights the need to quickly and efficiently secure all medical and IoT devices on a network to ensure patient safety."

The overall security culture and threats

Jaime Blasco, head of Alien Labs at AT&T Cybersecurity, said, "COVID-19 changed the security threats organizations needed to defend against, as we observed. The conversation at Black Hat USA should focus on these changes, and the impact they will have on security culture, remote work, the power of automation, and the industry's response to continued cyber attacks, including threat sharing and community collaboration. This year's virtual event features sessions that will center upon this theme, and highlight the power of timely threat intelligence in helping organizations to detect and respond to evolving threats."

Joe Payne, president and CEO at Code42, said, "I think the biggest question that needs to be asked at this year's Black Hat is how we, as a security community, are addressing the issue of insider threat. Last year, two-thirds of all breaches were caused by insiders, yet 90% of security budget dollars are focused on hackers, phishing, nation states and external forces. We need to address the elephant in the room: insiders may be our biggest risk."

Brandon Edwards, chief scientist and co-founder at Capsule8, said he thinks key focus areas will include, "Side-channel attacks and defenses, and detection. Microarchitectural attacks are still a hot topic, which has also generally made people pay more attention to the importance of side-channel attacks. We see both offense and defense talks on it this year." 

Om Moolchandani, co-founder and CTO at Accurics, said, "Container security is expected to be a big trend at Black Hat, and rightfully so—organizations are rapidly embracing cloud native infrastructure including containers, serverless and servicemesh to build their applications. Securing these technologies is critical since so much computing is now in the cloud, given new realities."

Humphries said, "we'll see industrial control system (ICS) risk discussions, as well as a completely new take on IoT security risks, at DEF CON's HacktheSea village and hackasat Space Security Challenge 2020, focused on infiltrating satellites -- showing anything can be breached from the sea to the stars."

black-hat-logo.jpg

Image: Black Hat

Kevin Livelli, director of threat intelligence at BlackBerry, said, "The Black Hat Review Board lead for the Malware Track this year, Matt Suiche, made a point of selecting research that sheds new light on Linux malware, which often gets overlooked at big security conferences. Several of the talks, therefore, carry that theme. Mine is among the Black Hat 'recommended briefings.' The talk explores the theme of long-term IP theft, which is timely, given the renewed attention it has received from the FBI, Department of Justice, and DHS. I also reveal who is responsible for the largest known Linux DDoS botnet, raise questions about one of the most popular, commercially available RATs available on the market, and discuss a worsening trend in attacker abuse of legitimate cloud infrastructure."
 
Steve Ragan, security researcher at Akamai, said, "Given the breakdown of the talks happening at Black Hat, the majority of overlapping themes will center on hardware and embedded systems, cloud and platform security, network security, and exploit development. Defense is always a big topic of conversation, so expect to hear all about the latest blinking boxes that will protect you from the next big threat. This year, not surprisingly there are a lot of election disruption/election security talks happening, so that is clearly a big theme too."

Ragan said, "Yet, the smart money will center on conversations related to supply chain defense and remote access. The world has changed. Not only are we all working from home for the most part, but even our industry events are virtualized. Defending assets onsite and offsite are critical elements to an organization's security program. This area obviously covers products and services, but also policy and risk models. Business leaders need answers and solutions, so I expect to see several side discussions happening online addressing these needs."

Trevor Pott, product marketing director at Juniper Networks, said he believes that at Black Hat, secure SD-WAN will be front and center. "2020's rapid shift to distributed work has placed significant emphasis on the need to have organizational resources available safely and securely anywhere in the world. This has always been something of a consideration – branch offices existed before even computers – but both the increased global distribution of workloads and the renewed interest in distributed working have made it a priority for organizations of all sizes.
With SASE, Gartner recognizes the importance of the evolution of the WAN from traditional SD-WAN toward an even more adaptable WAN fabric, but with an emphasis on the critical role information security must play in this space.

Nico Waisman, head of the GitHub security lab, said security at scale is a trend he expects to see at Black Hat. "Each year, Black Hat introduces state of the art vulnerability research from hackers and security teams around the world. But security research should not be like a game of Whack-a-mole; the community needs a new approach to turn that research into actionable information they can apply to day-to-day decisions. We are going to see a new wave of security at scale — more automation and tooling that serves as a force multiplier to the amazing work that researchers are doing. This can ultimately help to sweep full vulnerability classes out of existence." 

Also see