Feature Story

Black Hat 2020 tackles big topics in security

Journalist Sean Kerner discusses DNS, security in a post-pandemic world, and even a passwordless future.
Aug 06, 2020

This is a post by Sean Michael Kerner

On the annual cybersecurity calendar, few if any events hold the mystique and allure of the Black Hat USA event, which has long been the place where new exploits and research are revealed.

The 2020 event was unlike any other Black Hat event, going entirely virtual, but that didn't stop the flow of content spanning nearly every facet of IT security including cloud, wireless, desktop and Artificial Intelligence (AI) among other categories. With November coming soon, the 2020 U.S election was a key topic of conversation as well across multiple sessions.

"I don't think Ive ever encountered a problem that is harder than the security and integrity of civil elections," Matt Blaze, McDevitt chair in computer science and law at Georgetown University in Washington DC, said during the opening keynote for Black Hat. "Its fundamentally orders of magnitude more difficult and more complex than almost anything else you can imagine."

Matt Olney, Director of Talos Threat Intelligence at Cisco was also among the speakers that looked at the issue of election security. While there is still much room for improvement, Olney emphasized that things have changed over the last four years and the environment that adversaries will face in 2020 is different than what they would have seen in 2016.  Olney noted that attackers aren't really looking to change votes, rather they have a somewhat more insidious goal.

"What they really want to do is destroy public confidence in the institutions that administer these elections," Oleny said. "And by doing so, destroy the public confidence in their leaders and destroy the world's confidence in western democracy."

DNS security

DNS Security has been a topic that has been discussed at Black Hat for well over a decade in different iterations.

DNS is fundamental to the operation of the internet, connecting domain names to IP addresses in a consistent and resilient delivery system. Over the past year, there has been an increasing move to encrypt DNS, with an approach known as DNS over HTTPS (DoH), which was discussed in a session led by Eldridge Alexander, manager of Cisco’s Duo Labs, Security Research and Development.

"DNS was created in 1983. Now 37 years later, why is DNS encryption a relevant topic?" Alexander stated during his session. "Why is it taking us 37 years to go from an unencrypted to an encrypted protocol if it's something that we need to do?"

Alexander explained that in 2020 adoption of encrypted DNS has finally accelerated as multiple vendors have embraced the DOH approach as a way that can effectively be managed to mitigate some security risks.

Security and the COVID-19 pandemic

The COVID-19 pandemic has impacted the lives of billions of people around the world and has had a large impact on multiple facets of cybersecurity.

Shyam Sundar Ramaswami, Umbrella Security Researcher at Cisco, detailed in a Black Hat session how attackers are taking advantage of the pandemic to deploy new forms of trojan malware. Ramaswami noted that there has been a rise in malspam, that is spam email with embedded malware, that has content targeted at the pandemic. For example, telling users what to do about COVID-19 or how to get test results.

See also: Your data has a life of its own

"Threat actors are using this pandemic condition and the situation to create a lot of fear," Ramaswami said.

Using a variety of analysis techniques include an approach known as Rapid Static Analysis, Ramaswami explained in specific technical detail how the pandemic malspam can be rapidly identified.

Cybersecurity in the post pandemic world

While dealing with the current risks from pandemic associated threats is one issue, many are also concerned about the post pandemic world. In a panel event, Wendy Nather, Head of Advisory CISOs for Duo Security at Cisco provided her insights into where cybersecurity is headed.

A key theme that has emerged in the pandemic era is the rise of remote work. Nather noted that remote access is nothing new. That said, she emphasized what is new is that it now has to scale to the entire enterprise.

See also: SASE explained

While remote work isn't new, she commented that the concern is for those organizations who threw something in quickly security-wise, but weren't thinking about the long term.  For those organizations she said that the question is, how do we build something that is more resilient?

That's where Zero Trust models come into play, according to Nather. Zero Trust offers the opportunity to secure endpoints beyond just an enteprise's data center and it's an approach that is really needed now.

The passwordless future

A core part of the Zero Trust model is taking a passwordless approach, which was a session topic tackled by Cisco Duo Advisory CISO Wolfgang Goerlich and Product Manager Chris Demundo.

Goerlich noted that a typical person in the workforce has 191 passwords, which is obviously a somewhat unwieldy thing to manage. The promise of passwordless is the ability to integrate with different types of authentication systems, both old and new, to enable secured user access.

"Passwordless is about simplifying user-experience," Goerlich said.

Goerlich added that there's definitely the underlying assumption that reducing or removing the use of passwords in an organization also comes with implicit security properties and advantages. He noted that according to the recent Verizon Data Breach Investigations Report (DBIR), over 81% of breaches involves stolen or weak credentials. As such, the number of attacks an organization faced can potentially be reduced as the reliance on passwords is minimized.

"I really want to take a step back and recognize that passwordless is such a rare opportunity, and I say this because it's both more secure and meaningfully easier for the consumer," Goerlich said.


We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.