Search
Featured Image: Happenings from Black Hat 2024

Happenings from Black Hat 2024

Published by on

The annual Black Hat USA conference in Las Vegas once again lived up to my expectations as one of the premier events in cybersecurity. The conference attracts just the right mix of operators and vendors, practitioners and managers, geniuses, novices, reformed hackers, innovators, and government types. Blackhat is a great chance for strategists to get tactical, and for practitioners to share their efforts, discoveries, and insights with a wider audience. And it’s the place to huddle with your peeps in a corner as much as cross streams with others in the industry that many of us would not normally have the chance to run across in our day-to-day jobs. Here are some observations from this year’s conference.

Vulnerabilities, New Techniques, and Hacks

The bread and butter of Black Hat sessions are the fundamental defense, analysis, and mitigation work that leads to a lot of innovation in cybersecurity. This year was no different. My circle of friends and colleagues talked about the discovery of novel attack patterns, techniques for privilege escalation, and RCE vulnerabilities gleaned from some of the talks. There were very timely sessions on hacking EV chargers and of course lots on AI, ML, and data science. The AI stuff was wide-ranging, covering topics like the security of LLM-based AI, the role of AI in threat hunting, and how to employ LLMs in offensive security. There was a cool session on devops and CI/CD where CD did not represent “continuous development” like you’d think but instead, and very humorously, “continuous destruction” due to the risk of misconfig and subsequent exploitation of devops pipelines. This was one of many messages buzzing around the conference about supply chain cybersecurity.

VIBEINT

A new term also entered my world: VIBEINT. Unlike OSINT (Open Source Intelligence) or SIGINT (Signals Intelligence) and the many other “INTs” in use today, VIBEINT represents that sixth sense that threat hunters and analysts have about the direction in which to pursue incomplete intelligence. It’s the ability to go on gut instinct - the vibe - and go in a direction that helps you piece together an understanding of a threat. This term resonates with me because every user of our HYAS Insight threat intelligence solution at some stage gets VIBEINT from the product. Sometimes it provides clear and actionable intelligence you need to mitigate a threat or understand an adversary. But at others, it provides VIBEINT to give you enough to go on so that you can pivot, explore, and get to a similar place, but just with a little more effort. VIBEINT … it’s a thing.

Artificial Intelligence Has Landed

Artificial Intelligence (AI) has been a hot topic at Black Hat for several years, but the conversation in 2024 reflected a shift from what seemed much more hypothetical in 2023 (despite its ubiquity at last year’s conference) to something essential going forward. While opinions vary, most people seem to think AI is no longer merely a futuristic concept; it seems well on its way to becoming a vital part of cybersecurity. Regardless of how effective AI is now for particular use cases, three main buckets of AI in cybersecurity are clear:

1. Using AI in cybersecurity products.
2. Securing AI-driven applications and models that enterprises increasingly rely upon.
3. The use of AI in cyberattacks.

This year’s conference featured a dedicated AI summit, where experts delved into how AI can be used to enhance threat detection, automate responses, and improve overall security posture. One particularly interesting topic was the use of generative AI and large language models (LLMs) in security operations. The sessions explored both the opportunities and risks associated with these technologies, highlighting the need for careful implementation to avoid unintended consequences, such as overreliance on AI for critical decision making.

The key question around AI though is: how much is hype, and how much can it really impact security operations today? In my social circle, there seems to be a strong divide between the vendors who see the “art of the possible” and the practitioners who exhibit some degree of skepticism.  Where the skeptics do see more utility is in helping them find what they’re looking for, whether it’s the output of sophisticated data clustering or in querying a dataset with questions like “tell me which files or emails contain account credentials.”  In the former case, AI will cover much more ground than a human could; in the latter, the operator is getting a helping hand which is so desperately needed in most cyber roles. In neither case is AI relied upon to be the final word or to make crucial decisions. Instead, AI facilitates. So in my discussions, few practitioners seem ready to release the Kraken and let AI run amok, but they want to believe. It’s not unlike the early days of SOAR (may that product category rest in peace) where playbooks were never quite fully relied upon because while automation was needed to scale, the necessary resources, effort, testing, and trust were never quite enough to realize SOAR’s true potential.

Cloudsec, Of Course!

It’s no surprise that as more organizations continue their migration to the cloud, the security of cloud environments remains a critical concern. Black Hat 2024 saw extensive discussions on emerging threats and best practices for securing cloud infrastructure.  A number of different discussions on the show floor, in restaurants, along the halls of Mandalay Bay kept leading back to zero-trust architectures (ZTA) and least privilege access models.  ZTA makes sense given the distributed nature of cloud systems, where traditional perimeter defenses are less effective.  Factor in the myriad challenges around cloud security automation, compliance and regulation, and supply chain risks, and you can see why this is a major part of the conversation.

The conference also featured several sessions on the challenges of securing multi-cloud environments, where organizations use services from different cloud providers simultaneously. These sessions emphasized the need for unified security policies and the importance of visibility across all cloud platforms to identify vulnerabilities and threats, prioritize response, and prevent data breaches and other security incidents.  And there were some interesting vendor demos showing the expansion of threat intelligence to better represent threats across this part of the attack surface.

Election Security

In a year marked by crucial elections across the globe, the topic of election security naturally received some big stage time at Black Hat USA 2024. The conference kicked off with a keynote panel featuring prominent figures such as Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, and Hans de Vries, COO of the European Union Agency for Cybersecurity. The discussion centered on the measures in place to protect election infrastructure from cyber threats, particularly in light of the increasing attempts to disrupt democratic processes. 

The panelists emphasized that while direct manipulation of election results through cyberattacks is unlikely, the real threat lies in the spread of misinformation designed to undermine public trust in the electoral process. This insight reflects a broader concern in the cybersecurity community about the psychological and social aspects of cyber warfare, where the objective is often to create chaos and doubt rather than to cause direct harm.

HYAS and Adversary Infrastructure

HYAS gets tremendous value from participating in Black Hat, not only by staying in touch with the beating heart of the industry but also by connecting with clients and partners, both new and old.  This year we had some incredible sessions with folks in both private and public sectors, where we heard about fantastic wins that validate how HYAS is contributing to the greater good. It’s also been important to hear about the fails (though no “epic” ones if you’ve been following DEFCON’s award to CrowdStrike) because it’s where we fall short that we can seize the opportunity to drive new innovation though our protective DNS and intelligence and threat hunting solutions.

The HYAS team rubbed elbows with the community and established some real proof points around how our expertise in adversary infrastructure is making a unique contribution to the industry.  This year at Black Hat, our client meetings, sponsored lunches, and other events have led to new ways for HYAS to make a difference for the good guys.  Cross-pollination of ideas at Black Hat is leading to the transformation of what was a good product roadmap and turning it into a great product plan.  

Our protective DNS solution, HYAS Protect, continues to impress with its track record of detecting and blocking threats, and is gaining momentum with our ability to integrate into environments where single-vendor bundling is just not working.  We continue to aggressively ramp-up passive DNS, WhoIs, malware, and other forms of data for HYAS Insight threat intelligence, which in turn drives more coverage and relevancy for clients who rely on HYAS for superior infrastructure intelligence. HYAS Insight continues to deliver an exceptional and intuitive user experience and has emerged as the elegant and preferred alternative to RiskIQ end-of-life

We have spent a great deal of time developing a new analytical framework and adversary infrastructure tracking model that we call VRA. We look for actionable verdicts (V) on IOCs, clear mapping of related (R) infrastructure, and as many details about the threat actor (A) as possible. VRA enables our clients to rapidly profile threats. 

Looking Forward

As Black Hat USA 2024 came to a close, it was clear that the cybersecurity landscape is more dynamic and challenging than ever. The themes and discussions at this year’s conference underscored the need for continuous innovation, collaboration, and vigilance in the face of evolving threats. HYAS is facing these challenges head-on and stands out from the dizzying array of 300+ vendors at Black Hat in driving innovative solutions based upon our expertise in adversary infrastructure.  We’ll see you again in Vegas next year!

Want to help fortify your organization with proactive  cyber defense solutions? Contact us today to find out what HYAS can do for your organization.