The security world came together in Las Vegas this week for Black Hat USA 2024, offering presentations and product announcements that will give CISOs plenty to consider.
Here are the top takeaways CISOs should keep in mind as they adjust their cybersecurity strategies going forward.
[For more Black Hat USA coverage, see “Black Hat: Latest news and insights.”]
Cloud security is under consideration
Security researchers from Aqua Security used a presentation at Black Hat to reveal how they uncovered security flaws involving the automatic provisioning of AWS S3 storage buckets.
The attack vector – called Shadow Resource – created a potential path for AWS account takeover, data breach, or even remote code execution.
Predictive naming conventions for buckets created a potential way for attackers to wait for target users to enable vulnerable services, potentially causing sensitive files and settings to be collected in attacker-controlled buckets.
Six AWS cloud services were potentially vulnerable: CodeStar, CloudFormation, EMR, Glue, ServiceCatalog, and SageMaker.
The issues were disclosed by an Amazon Web Services commit prior to the launch of Aqua Security, allowing AWS to address the vulnerability, which it did.
CSO’s Lucian Constantin goes into the details of shadow bucket attacks and possible remedial measures here.
Separately, Symantec warned that a growing number of hacker groups are abusing cloud-based services from Microsoft and Google to gain command and control and exfiltrate data. Abusing widely used services such as Google Drive and Microsoft OneDrive gives attackers great leverage because it makes malicious communications difficult to detect.
This tactic is not new, but it is developing into a serious threat. And when viewed in conjunction with the vulnerability of AWS, and introductions to the cloud as the seat of first access and the opportunity for privilege escalation, it is clear that cloud security remains a primary concern for businesses today.
CrowdStrike meltdown underscores cyber resilience
The July CrowdStrike-Microsoft outbreak was fresh on the minds of Black Hat delegates this week.
During the opening keynote, Hans de Vries, COO of the European Union Agency for Cybersecurity, warned delegates that the industry needs to be prepared for supply chain attacks, such as the CrowdStrike authentication failure, which puts CISO’s resilience plans to the test.
Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, said the incident underscores the importance of security vendors developing a secure approach by design. Organizations need to strengthen their cyber resilience, Easterly said, according to Secure Computing, adding that hostile countries such as China or North Korea may exploit any weaknesses.
During the conference, CSO Online caught up with the opposition CrowdStrike team to talk about the latest tactics of North Korean state-sponsored hackers and others.
Bonding is not a panacea
The comforting notion that keeping systems patched and up-to-date was enough to protect security took a big step forward with the release of a presentation on SafeBreach at Black Hat.
SafeBreach security researcher Alon Leviev explained how it is possible to downgrade systems through Windows Update, exposing them to old vulnerabilities, by using a version attack.
The so-called Windows Downdate attack relies on hijacking the Windows Update process to perform custom downgrades of key OS components, privilege escalation, and bypass security features.
In a statement, Microsoft said it is not aware of any attempts to exploit this vulnerability. The software giant has published two advisories (including CVE-2024-21302) that provide recommended actions and fixes while working to deliver broader mitigations.
CSO’s Gyana Swain has more on Windows Downdate attacks here.
AI is a double-edged sword
AI, particularly generative AI and large-scale linguistic models (LLMs), has been a major focus of Black Hat.
Many sessions explore the risks and vulnerabilities associated with AI technology.
For example, security researchers from Wiz revealed their research on hacking AI infrastructure providers. The work revealed novel attack techniques to penetrate AI-as-a-service providers, including Hugging and Replicate faces.
“For each platform, we used malicious models to break security barriers and compromise the underlying infrastructure of the service,” according to the researchers. The research opened the door to access to confidential customer data, including confidential models, weights, datasets, and user information.
In another session, a security developer from chip giant Nvidia’s Red Team provided practical findings about LLM security, including offensive and defensive security techniques and methods.
Black Hat also provided a platform for cybersecurity vendors to launch new products and services. Many vendors have added AI-based capabilities to their technology, as explained in the CSO’s compilation of product releases.
CISOs face personal risk from managing a business breach
The session titled “Skirt the Tornado: Essential Strategies for CISOs to Sidestep Government Fallout in the Wake of Major Cyberattacks” highlighted strategies CISOs should use to stay on the right side of regulators in the event of a security breach.
Recent cases, such as that of SolarWinds’ Tim Brown, have highlighted how senior security personnel face regulatory and criminal charges for alleged corporate reporting failures.
The session covered practical strategies for minimizing damage, ensuring IT compliance, and maintaining stakeholder trust in an environment of increasing regulatory pressure.
[For more Black Hat USA coverage, see “Black Hat: Latest news and insights.”]
Source link