Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Black Hat

Virtual Black Hat 2020 – The Latest in Security, From the Comfort of Your Armchair

We know that the 2020 conference experience has been different. Event after event has been postponed or cancelled. The last opportunity for IT professionals to meet up was at RSA 2020 in San Francisco, which quickly soured with the revelation of two attendees tested positive for COVID a week later. 

We know that the 2020 conference experience has been different. Event after event has been postponed or cancelled. The last opportunity for IT professionals to meet up was at RSA 2020 in San Francisco, which quickly soured with the revelation of two attendees tested positive for COVID a week later. 

It came as no surprise when Black Hat announced the move to an online platform a few months later. We usually would have flocked into Las Vegas at the start of August, attended the event for a few days and then extended to DEF CON to complete the week. This year, we flocked no further than our home offices (or other suitable remote working environments).

Despite the lack of travel and in-person networking opportunities, these virtual events have proven valuable in learning about the industry’s top trends and engaging in important discussions with our peers. Black Hat was no exception. 

Election Security was Top of Mind

With the 2020 election looming, security is a hot topic. In the past, we’ve been made aware of the risks posed by voting booth hacking, but the opening keynote by Professor Matt Blaze took a different approach. In his session, Matt centered the solution on people, highlighting that technology changes have addressed many of the weaknesses with ballot machines. However, recognizing that differences in how we prefer to vote introduces additional risk, his suggestion is not that we increase technology, but add people. 

Social distancing means that queuing and indoor groups will be riskier, so many people will opt to take a postal vote. This increases the workload of an already underinvested postal service, which raises the risk of missed or damaged ballot papers. There are technologies that could help with this but implementing and gaining trust with those in the next three months is unrealistic. So, his suggestion – and request – was for volunteers to step up and help. While quite the departure from typical Black Hat proposals, the extra hands would certainly be useful in ensuring a fair vote come November.

Deep Fakes and Tom Hanks

Election news brings us to one of my hot topics and an area that was discussed in detail at Black Hat: Deepfakes. Research by FireEye focused on an image of Tom Hanks, but not a movie or press image; instead, one created entirely using machine learning and software. In the presentation, Data Scientist Philip Tully showed us how easy it is, with only around $100 of investment, to create images that are real at first glance. This technology has been around for some time and is most used for entertainment purposes. That said, the demonstration from FireEye put into perspective just how inexpensive and accessible the tech is to anyone with a home computer.

We have a nation frustrated by pandemic limitations, along with a highly politically-charged upcoming U.S. election. The combination of these makes the dissemination of Deepfake by the ‘click and forget’ generation a simple task. If you can create a passable fake Tom Hanks for $100 and fool a room, imagine what would be possible for an artistic team of well-backed hackers, targeted on political confusion and disruption and funded with an investment of $1M or more?

Stay Home, Stay Safe

COVID-19 was, unsurprisingly, a common theme across Black Hat, with many sessions highlighting the security challenges caused by employees not only working from home, but often using their own devices. Threats that would previously have been visible to the SOC on a corporate network have become invisible on an employee’s home network. In the business hall, we saw vendors with new offerings to extend the corporate network and security into a user’s home. This extension enables a more effective threat response but should not be the only solution, as it can increase the security team’s workload.

Increased user awareness of the risks from home or remote working is essential. We’re too accustomed to the automatic levels of protection afforded by our office networks. We often don’t realize the level of potential threats that are typically blocked even before they reach our computer. At home, it’s different, as not only are we using our network, but also more distracted by pets, children, package deliveries, etc. 

Not every session at Black Hat was technical and this is something I like about the event. There are opportunities for presenters to propose left-field ideas. The core sessions are not under corporate sponsorship and it  makes for some fresh and interesting content. This year, a session that caught my attention was from Matt Wixey of PwC UK, who started by asking everyone to work on a security crossword with a prize for (near) completion. He then discussed the importance of puzzle-solving skills in research and security. 

This is a topic that I have personally presented on in the past, posing that gamers could be future security researchers, due to their skill solving complex and fast-moving challenges. What I enjoyed about this session is that the puzzles Matt has designed seem complicated at first blush but can be solved with research and access to online resources. For a researcher, these resources and the ability to think around corners in using them is essential to success in thwarting cyber-attacks.

If you have a minute, look at the cyber-cryptic-crossword he offered. Unfortunately, the prize deadline has passed – but it is fun for a few minutes (hours, days, etc.).

At the start of this article, I said that Black Hat was different and that I am looking forward to – hopefully – a return to normal in 2021. However, change is not a bad thing. There was a lot of excellent content and I recommend anyone with time to take a more in-depth look over the coming months. There is much we can all learn, especially in these tumultuous times.

Related: Black Hat Wrap-Up –  IoT and Hardware Vulnerabilities Take the Spotlight

Related: Register for SecurityWeek’s Security Summit Virtual Event Series

Written By

Click to comment

Expert Insights

Related Content

Black Hat

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world...

Black Hat

LAS VEGAS – The security industry makes its annual pilgrimage to the hot Sonoran desert this week for skills training, hacking demos, research presentations...

Black Hat

The presentation "Jackpotting Automated Teller Machines" was originally on the schedule at Black Hat USA 2009 but the talk was pulled at the last...

Black Hat

Bypassing Air Gap Security: Malware Uses Radio Frequencies to Steal Data from Isolated Computers 

Application Security

As the year comes to a close, we thought it would be appropriate to highlight some of the best stories and columns for 2010....

Black Hat

HONG KONG - (AFP) - Chinese communications giant Huawei Technologies on Wednesday responded to US hackers' claims that its routers were easily cracked, saying...