An Outline of the Threats Disclosed in Black Hat 2020

The Black Hat USA 2020 Conference went virtual for the first time this year. However, there was no lack of new security research and threat intel from high-profile speakers.

Key developments

Cybersecurity and elections

With the elections in sight, cybersecurity is a major concern. Experts talked about vulnerabilities concerning election security and ways to ensure the security of U.S. presidential elections.

Exploit development

Threats can be properly defended only if there is a broader picture available. In this regard, presenters uncovered key vulnerabilities, revealed the risks related to the ‘human factor’, and explained how they were exploited by threat actors. 

DNS security

Over the past year, DNS encryption has come under the limelight, with the growing adoption of an approach known as DNS-over-HTTPS (DOH). This was discussed by Eldridge Alexander, manager of Cisco’s Duo Labs, Security Research and Development. 

COVID-19 and security

Lives across the globe have been affected due to the COVID-19 pandemic which has, in turn, impacted various aspects of cybersecurity. Cybercriminals are using this situation to their advantage by creating fear. In a Black Hat session, Shyam Sundar Ramaswami detailed a plethora of techniques, including the Rapid Static Analysis approach, that can be used to detect the pandemic-themed malspam.  

A future without a password

Wolfgang Goerlich and Chris Demundo tackled the topic of the Zero Trust model that involves a passwordless approach, which promises to integrate with various types of authentication systems to enable secured access. 

Threats disclosed

  • Influence campaigns were found to be a prominent issue. Social media misinfomration campaigns distract, persuade, entrench, and divide communities, and hence, the infosec community needs to actively participate to stop such attacks.
  • As per James Pavur, satellite internet communications are pliant to signal interpretation and eavesdropping by attackers located in far-flung areas. All they need is off-the-shelf equipment, worth $300.   
  • Researchers have demonstrated how high-wattage connected devices can be turned into botnets and used to manipulate the energy market. 
  • FireEye researchers displayed how open-source tools can be used to create malicious synthetic media. Attackers can use generative text to counterfeit legitimate-appearing spear-phishing emails and can, also, sway public opinion. 

The bottom line

The bottom line is that pull back your hair and don’t relax. Cyberthreats are getting serious but so are security measures. However, to stay safe, individuals and organizations should follow and implement the state-of-the-art security measures in their daily lives. Even though the Black Hat event went virtual this year, content involving every aspect of IT security has overflown. All we need to do is to use all this knowledge for the greater good.