Major Themes in This Year’s Black Hat & DEF CON Conferences

Each year certain trends dominate the security shows. This year wasn’t any different and here are the larger themes I have picked up at Black Hat 2018 and DEF CON 26:

1. Hacking Critical Infrastructure (ICS): Presenters covered a wide range of topics related to cyber attacks wreaking havoc on smart cities, airports, industrial control systems and even satellite communications. Of course there were also plenty of IoT sessions, including hacking self-driving cars, voting machines, smart speakers and much more. Here are just a few ICS presentations worth highlighting:
   • Outsmarting the Smart City
   • Hacking PLCs and Causing Havoc on Critical Infrastructures
   • Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems
   • Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more
   • Last Call for SATCOM Security
2. CPU Attacks: Following this year’s revelations about CPU vulnerabilities cristined Spectre and Meltdown, numerous kernel, side-channel and related attacks aiming at the very core of modern laptops, desktops and servers were presented. Non-exhaustive list includes:
   • GOD MODE UNLOCKED – Hardware Backdoors in x86 CPUs
   • Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre
   • Kernel Mode Threats and Practical Defenses
3. Adversarial AI: Artificial Intelligence and its subcategories – Machine Learning and Deep Learning – have been the dejour “silver bullets” of the security industry for the past few years. Malicious actors are taking note and the following sessions touches on adversarial inputs and even demonstrated a proof-of-concept of a highly targeted and evasive attack tool powered by AI:
   • AI & ML in Cyber Security – Why Algorithms are Dangerous
   • Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks
   • DeepLocker – Concealing Targeted Attacks with AI Locksmithing

Bonus trend – Healthcare Vulnerabilities: Perhaps the most alarming collection of presentations focused on healthcare industry and addressed everything from hacking implanted medical devices to falsifying a patient’s vital signs in under 5 seconds:

• Understanding and Exploiting Implanted Medical Devices
• 80 to 0 in under 5 seconds: Falsifying a medical patient’s vitals
• Multiple Skytalks @ DEF CON

What trends did you notice this year? What were your favorite presentations last week? Leave a comment on our Twitter or LinkedIn.

The post Major Themes in This Year’s Black Hat & DEF CON Conferences appeared first on Cybersecurity Insiders.

August 21, 2018 at 01:28AM

Posted in: Cyber Security, Cybersecurity Insiders, Hacking, Hacking Articles, Hacking News, Security