Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Black Hat

Black Hat 2019: Bounties, Breaches and Deepfakes, Oh My!

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world of cybersecurity. While we saw the expected releases of new threat research, vulnerabilities and breakdowns on nation-state level attacks, the reason I, and many others, attend this annual conference is to see what trends are emerging, and be surprised by the unexpected.

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world of cybersecurity. While we saw the expected releases of new threat research, vulnerabilities and breakdowns on nation-state level attacks, the reason I, and many others, attend this annual conference is to see what trends are emerging, and be surprised by the unexpected.

Exploring the show floor at Black Hat is fun. From the big and well-known, to tiny start-ups with great ideas, there are so many vendors and so much noise that it is obvious why this event works so well in the glitz of Sin City.

When Black Hat first began 22 years ago, it was intended to be a place where hackers and cybersecurity professionals alike could get together and share ideas or demonstrate vulnerabilities. Fast forward to 2019 and this has changed slightly, with big corporations stealing focus on the conference floor and the deeper (and more interesting) hacking being moved out to DEF CON. However, there are still some great research sessions at Black Hat that make it well-worth the attendance.

With all the spotlight on recent security breaches, and a rise in malware infections globally, it was good to see a renewed focus on bug-bounty programs from Microsoft and Apple, which created some media buzz at the show. Earlier in the year, we saw Tesla offering a Model 3 to any researcher who could hack the cars computer systems and Apple is now offering custom-made iPhones to researchers, as well as a scaled bounty program, for any discreetly shared vulnerabilities. Microsoft also announced enhancements to its program and disclosed that in the last twelve months alone, it has paid out $4.4 million in bounties – making this area of cybersecurity clearly lucrative for the white-hat specialists out there!

Several companies made product announcements, many of which focused on the need for security to move closer to the edge of the network and better utilize intelligence and cloud analytics. It is clear that the move to analytic and behavior-based models is becoming a reality – with so many organizations moving to multicloud, these new models will quickly become the way to stay ahead of emerging and evolving threats. Traditional security models give too much time for a threat to spread inside the network (or dwell-time), where security-based on analytics can spot anomalous behavior to help identify threats faster.

Although interesting and important, none of this struck the unexpected we all crave from Black Hat. Much of this information came from the presenting researchers at the conference, instead. One area that has definitely seen growth in the last year is around social engineering and social media manipulation. With people being so willing to auto-share content on the internet, it is becoming hard to spot the difference between real content and fakes, or know whether or not someone is a true media influencer.

A couple of good sessions at the event highlighted this in more detail:

• Deep fakes could become a real problem in the next year. The quality of some videos is now so good that it is likely just a matter of time before we see one being used in an attempt to sway public opinion. Zerofox researchers Matt Price and Mark Price have created a tool that looks at the mouths in potential deep fakes to try and detect more accurately whether a video is real or not. It is not at 100 percent accuracy yet, but is in very early stages and will clearly improve over time. This is undoubtedly an area to keep an eye on in 2020, with so many critical political situations occurring globally in the next year.

Advertisement. Scroll to continue reading.

• For those of us on social media platforms, including Instagram – ever wondered why some people have so many followers when they do not seem to have much to say that is interesting? Masarah Paquet-Clouston and Olivier Bilodeau from GoSecure presented research in their session with details of an enormous underground built specifically to sell and manage fake-users for social media. Masarah also demonstrated how easy it is to buy fake-users for Instagram with a bogus account that she had setup for this purpose. Instagram is improving its artificial intelligence to detect these fake accounts and is making a huge difference by deleting them, but this session showed just how easy it can be to get up and running again. 

Overall, this year’s Black Hat was a great event, with some very strong research presented in many of the sessions. If you are a cybersecurity professional, or someone who wants to get into the industry, I highly recommend that you mark your calendar to attend next summer

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Black Hat

Cris Thomas, also known as Space Rogue, was a founding member of the Lopht Heavy Industries hacker collective.

Black Hat

Hundreds of companies and organizations showcased their products and services this week at the 2023 edition of the Black Hat conference in Las Vegas.

Black Hat

LAS VEGAS – The security industry makes its annual pilgrimage to the hot Sonoran desert this week for skills training, hacking demos, research presentations...

Black Hat

Sin City, A.K.A Las Vegas, Nevada – is once again playing host this week to the Black Hat and DEFCON security conferences. With throngs...

Black Hat

Bypassing Air Gap Security: Malware Uses Radio Frequencies to Steal Data from Isolated Computers 

Black Hat

The cybersecurity industry heads to Las Vegas this week for Black Hat in a state of economic contraction, confusion and excitement. Can the promise...

Black Hat

The presentation "Jackpotting Automated Teller Machines" was originally on the schedule at Black Hat USA 2009 but the talk was pulled at the last...

Black Hat

The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results...