SaltDNA attended this year’s virtual Black Hat USA 2020 where information security professionals across the globe shared their views on this year’s cybersecurity trends including ransomware, election security and how to protect a remote workforce. It is the conference’s 23rd year running and for the first time it was a fully interactive experience having taken place from 1-6 August 2020.
USA Election Security has been a massive discussion point
The topic of the upcoming election security was at the forefront of importance at this event from day one. At BlackHat USA there were many discussions involving high profile, respected members of the security and research community on the topic surrounding election security. Whilst there is a lot of disinformation around the election, the human factor has certainly come into play and is an area of focus again. People are being targeted, whether it be by propaganda schemes like astroturfing demonstrations or sowing seeds of scepticism within the population. Participants had also seen an increase in phishing and vishing attacks that seek to trap users into undermining their own companies.
There have also been many discussions around the topic of the ethics and regulation of contact tracing with respect to election security. In particular, in reference to the comments made by President Trump on mail-in ballot fraud this week, the latest revelation of OmniBallot vulnerabilities and last year’s DEFCON work demonstrating nearly any form of voting machine may be hacked. 2020 is the fourth year that DEFCON will feature a dedicated Voting Machine Hacking Village and fresh findings may be produced ahead of the general election next year.
A target for cybercrime is the virtual workforce
BlackHat USA 2020 has highlighted the dramatic surge and increased sophistication of the cyber attacks around the world as a result of COVID-19. Also with the conference being completely virtual this year, the security implications of remote working has taken center stage.
A recent report by VMware Carbon Black showed that attacks against the financial sector rose by 238% from the beginning of February to the end of April 2020. Malicious actors have concentrated on directing technology transformation efforts to target organisation’s customers. Through the usage of NOTPetya type malware and wipers, such burglaries progressed to a home invasion, through disruptive assaults escalating in a 102% rise.
Overall, it is clear that the overnight shift from office to working from home, for many enterprises has driven security teams to re-baseline everything from brute force login credentials to geographical anomalies, when dealing with BYOD and a variety of other network and endpoint problems.
Ransomware yet again continues to be a threat
As a result of the pandemic, the burden of cybersecurity for businesses and consumers has intensified. In the first half of 2020 we witnessed 1 billion more attacks than in the entirety of 2019. Recent examples of ransomware attacks such as the hack on high profile Twitter accounts, shows how quickly this type of attack can cripple a business.
At BlackHat 2020 we have heard about XDR (Extended detection response) since threats have learned not to set off established visible alarms and blockades and become stealthier when they pass through conventional protection silos. It has been positive to see the openness of these talks around the reflection of the transformation that both Governments and organisations have had to undergo during the first half of 2020.
Secure mobile communications is crucial
Mobile communications has been another big topic at BlackHat this year. For everybody in the world operating remotely both good guys and bad guys come under greater pressure than ever with the tools and networks we use to connect. Work in this field has, however, really taken off. From deep insights into protection of networking standards such as 5G infrastructure and applications, to the protection of actual devices such as mobile phones. Since apps like COVID-19 tracking software and alleged nation-state information collection software shone under the spotlight, every part of the mobile device is now under the microscope.
The conversation at BlackHat USA focused on the security threats organisations need to defend against due to COVID-19. No matter what size the company is, the employees face added strain to tackle the COVID-19 challenges. At the same time, some things stay unchanged: security is at the top of the priority list and phishing remains one of the most efficient strategies used by attackers to compromise accounts and gain access to data and resources from organisations. Organisations should focus on the changes and the impact this will have on cybersecurity culture, the power of automation and remote work. This year’s conference featured sessions that centered around this topic and highlighted the power of timely threat intelligence to help organisations detect and respond to the evolving threats.
The biggest question asked this year was how we as a cybersecurity community, are addressing the issue around insider threats. Two-thirds of all attacks were triggered by insiders last year, but 90% of defence budget remains centered on ransomware, phishing, nation states and foreign governments. There was lots of discussion around how we can combat this to lessen the threats.
Every year Black Hat launches state-of-the-art work into security from hackers and defence departments around the globe. The technology community must come together to share actionable knowledge that can be applied to daily decisions. We’re going to see a modern era in technology on a scale – further software and machine tools that act as a power multiplier to the impressive work being performed by researchers.
For more information on this article, or to talk to a member of the SaltDNA team, please contact us on firstname.lastname@example.org.
About Salt Communications
Salt Communications is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. Salt Communications is headquartered in Belfast, N. Ireland, for more information visit saltcommunications.com.