Major Themes in This Year’s Black Hat & DEF CON Conferences

350

Each year certain trends dominate the security shows. This year wasn’t any different and here are the larger themes I have picked up at Black Hat 2018 and DEF CON 26:

  1. Hacking Critical Infrastructure (ICS): Presenters covered a wide range of topics related to cyber attacks wreaking havoc on smart cities, airports, industrial control systems and even satellite communications. Of course there were also plenty of IoT sessions, including hacking self-driving cars, voting machines, smart speakers and much more. Here are just a few ICS presentations worth highlighting:
    • Outsmarting the Smart City
    • Hacking PLCs and Causing Havoc on Critical Infrastructures
    • Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems
    • Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more
    • Last Call for SATCOM Security
  2. CPU Attacks: Following this year’s revelations about CPU vulnerabilities cristined Spectre and Meltdown, numerous kernel, side-channel and related attacks aiming at the very core of modern laptops, desktops and servers were presented. Non-exhaustive list includes:
    • GOD MODE UNLOCKED – Hardware Backdoors in x86 CPUs
    • Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre
    • Kernel Mode Threats and Practical Defenses
  3. Adversarial AI: Artificial Intelligence and its subcategories – Machine Learning and Deep Learning – have been the dejour “silver bullets” of the security industry for the past few years. Malicious actors are taking note and the following sessions touches on adversarial inputs and even demonstrated a proof-of-concept of a highly targeted and evasive attack tool powered by AI:
    • AI & ML in Cyber Security – Why Algorithms are Dangerous
    • Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks
    • DeepLocker – Concealing Targeted Attacks with AI Locksmithing

Bonus trend – Healthcare Vulnerabilities: Perhaps the most alarming collection of presentations focused on healthcare industry and addressed everything from hacking implanted medical devices to falsifying a patient’s vital signs in under 5 seconds:


  • Understanding and Exploiting Implanted Medical Devices
  • 80 to 0 in under 5 seconds: Falsifying a medical patient’s vitals
  • Multiple Skytalks @ DEF CON

What trends did you notice this year? What were your favorite presentations last week? Leave a comment on our Twitter or LinkedIn.

Rene Kolga is Senior Director of Product and Marketing at Nyotron, the developer of PARANOID, the industry’s first OS-Centric Positive Security solution to strengthen your AV or NGAV protection. By mapping legitimate operating system behavior, PARANOID understands all the normative ways that may lead to damage and is completely agnostic to threats and attack vectors. When an attack attempts to delete, exfiltrate or encrypt files (among other things), PARANOID blocks them in real-time.