Black Hat 2021 – non‑virtual edition
How is Black Hat USA 2021 different from the past editions of the conference and what are the themes may steal the show this year?
Black Hat this year is, well, sparse. I get it…
With masks at every turn and some attending virtually, it’s hard to have a conference, especially with the uncertainty of planning one. But the stakes are higher than ever this year, with blistering ransomware-driven insurance premiums that match the Vegas heat, companies duck and cover to avoid outsized ransomware hauls. And with so many companies’ crown jewels in the cloud, breaches have more impact than ever, so understanding risk to infrastructure you don’t own or control means you get to sleep.
Except if you’re in Vegas this week.
If you believe the current US government’s latest drives, attacks should be a thing of the past any minute now. With larger and more serious crackdowns against badly-behaving state actors, all should be calm. But if I were to wager a bet, we’ll be at Black Hat again next year for more than just a victory lap celebrating the end of hacking.
I’ll go check on hotel prices now.
Meanwhile, I’m in a line to get a Black Hat badge, and it’s longer than I like, so there are definitely others willing to brave a trip to Vegas to study attackers, albeit in somewhat muffled voices – the masks you know. It does make the venue somewhat eerily quiet. Still…
Here are some things that seem sure shots for this week:
- The cloud isn’t entirely safe – Sure, it’s better than it used to be, but as long as there are more things of value placed there and few ways to opt out, attackers will be willing to spend more to get them.
- Critical infrastructure – Operators have been working to patch security holes for a while now, but these simple systems cobbled together decades ago mean upgrades move at the speed of the badge line here!
- Craftier attackers – Because more things of value go digital each year, even a seemingly tiny digital beachhead can have a significant payoff for the bad guys. This means UEFI attacks get more play, and so do tiny chinks in the mobile armor.
- Mobile shenanigans – Years ago, all you had to do was build a wall around Windows. Now the wall is everywhere. More specifically, everyone now owns 5 or 10 digital devices they interact with every day, so getting at your information can take many forms, most of them not sitting on your desk with a printer nearby.
- Remote (and hybrid) work – Will we ever come full circle back to the offices we had two years ago? No. But we’re not all sure what exactly we will come back to. I got three phishing SMS messages this morning, purporting to be from my bank, an unpaid invoice and someone trying to send me money, respectively. Although the inbox on my laptop isn’t lonely for spam, it’s no longer alone.
The line has now moved almost 10 feet, so I better get moving to grab my badge – all non-contact transactions this year, of course. But until bad actors stop attacking increasingly valuable targets stored in digital containers, I don’t think we’re going to be bored defending them anytime soon.
In the meantime, stay tuned for unique research that ESET malware researcher Zuzana Hromcova will present at the event and that WeLiveSecurity will publish this Friday and next week.