Black Hat 2020: Cybersecurity

trends, tools, and threats

COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.

 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

Black Hat 2020: Cybersecurity trends, tools, and threats

INTRODUCTION
This year’s Black Hat USA 2020 computer security conference was entirely virtual for the first time and took place
from August 1-6. This is the 23rd year for the conference, which traditionally takes a close look at some of the
top cybersecurity trends. Learn more about this year’s conference including information about new cybersecurity
trends, free tools to fight cybersecurity attacks, and more in this TechRepublic’s ebook.

2
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

TOP 6 CYBERSECURITY TRENDS TO WATCH FOR

AT BLACK HAT USA 2020
Experts weigh in to share their thoughts on the hottest topics to expect at this year’s
all-digital Black Hat conference.

BY TEENA MADDOX

At this year’s Black Hat USA 2020 computer security conference, some of the top trends expected to surface
include ransomware, election security and how to protect a remote workforce.

This is the 23rd year for the conference, which will be entirely virtual for the first time and will take place from
Aug. 1-6. According to the latest Gartner forecast, information security spending is expected to grow 2.4% to reach
$123.8 billion in 2020.

TechRepublic talked to experts that will be attending Black Hat to find out what they think some of the biggest
topics will be at the event.

RANSOMWARE ATTACKS ARE A CONTINUED THREAT

Trend Micro’s vice president of cybersecurity, Greg Young, said, “Cybercrime increased rather than slowed
down due to the pandemic, as we saw 1
billion more threats blocked in the first
half of 2020 compared to 2019. Recent
examples of major ransomware attacks,
and high profile Twitter accounts being
taken over remind everyone of how
quickly an attack can cripple a business.”

Young continued, “At Black Hat 2020

I expect we’ll hear most about XDR
(Extended Detection and Response) as
threats have learned to not set off the
IMAGE: GETTY IMAGES/ISTOCKPHOTO/SOMP ONG LEKHAWATTANA
known obvious alarms and blocking and
are more stealthy as they move between traditional security silos. Related to that will be protecting a remote
workforce, and the Mitre ATT&CK framework and more complex threat-hunting. Although the talks
won’t likely be labeled as such, cyber resilience will be a consistent thread reflecting the transformation that
businesses and governments of all sizes had to undergo during the first half of this year.”

3
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

ELECTION SECURITY WILL BE A HUGE DISCUSSION POINT

Kaspersky researcher Kurt Baumgartner said, “Election security is a very big topic, and there are several upcoming
talks on it. However, it is uncertain that there will be any technical meat to them – they seem to be more policy
and operation focused. It’s also highly unlikely that speakers will produce any new information on election related
incidents in 2016. For example, details on the 2016 incidents in Florida have not been forthcoming.”

Erez Yalon, head of security research at Checkmarx, said, “With almost 100 talks scheduled, we can expect many
topics to be covered, but I think we’ll see bigger trends like election security and security concerns related to
4G/5G networks take center stage. Other current technology trends discussed will range from software compo-
sition security, AI, as well as everything in the vast field of Cloud-Native computing like containers, clouds,
Everything-as-a-Service, and other infrastructure topics.”

Marc Rogers, executive director of cybersecurity at Okta, expects to see several big trends at Black Hat this year.
The first is election security. “I think the topic at the forefront will be securing the upcoming election in November.
Work in the security community has been gathering steam ever since the 2016 election and this is now starting to
bear fruit. We now have a lot of very high profile, respected members of the security and research community who
are authorities on election security, and we are finally starting to wrap our arms around the problem. That said I
think we have a very long way to go. I do not feel we are in a good place for this election and I am concerned many
of the risks identified in 2016 have gotten worse not better. With the backdrop of the pandemic and societal issues
we will have some challenging work ahead of us.”

Tied into election security is disinformation and cognitive exploitation, he said. “While a lot of this goes hand in
hand with election security, I think the human factor is going to be a big area of focus again. Humans are being
attacked, whether it’s through misinformation campaigns that astroturf protests or sow seeds of doubt amongst the
electorate or more direct attacks like phishing and vishing attacks which attempt to trick users into compromising
their own companies.”

Samantha Humphries, security strategist, Exabeam, said, “We expect conversations at Black Hat to center around
the ethics and regulation of contact tracing around the globe, and of course, election security -- particularly in light
of President Trump’s statements around mail-in ballot fraud concerns this week, the recent OmniBallot vulner-
ability discovery and last year’s DEF CON research that showed virtually every type of voting machine can be
compromised. 2020 marks the fourth year that DEF CON will host a dedicated Voting Machine Hacking Village,
so there could be new discoveries ahead of this year’s presidential election.”

THE VIRTUAL WORKFORCE IS A TARGET FOR CYBER CRIME

Tom Kellermann, head of cybersecurity strategy at VMware Carbon Black, said, “Black Hat USA 2020 will

4
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

highlight the dramatic surge and increased sophistication of cyberattacks amid COVID-19. A recent VMware
Carbon Black report found that from the beginning of February to the end of April 2020, attacks targeting the
financial sector have grown by 238%. Cybercriminals are also preying on the virtual workforce, the mass shift to
remote work has sparked increasingly punitive attacks. Malicious actors have set their sights on commandeering
digital transformation efforts to attack the customers of organization. These burglaries have escalated to a home
invasion, with destructive attacks exploding to a 102% increase with the use of NOTPetya style ransomware and
wipers. Spear phishing is no longer the primary attack vector, rather OS vulnerabilities, application exploitation,
RDP open to the internet, and island hopping have risen to the top.”

Code42 CISO and CIO Jadee Hanson, said, “Top of mind for me is how the mental and emotional wellbeing of
our workforce during the pandemic is impacting people’s work and behavior and, as a result, their risk profiles.
Businesses need to have a strong pulse on how their employees are doing. At Black Hat, I expect there to be
discussions about how employee risk profiles are changing and how security is responding to mitigate unnecessary
exposure to their businesses.”

Gerald Beuchelt, CISO at LogMeIn, said,

“With Black Hat being a completely virtual
conference this year, there is no doubt that the
IIMAGE: GETTY IMAGES/ISTOCKPHOTO

security implications of remote work will take

center stage. Organizations continue to struggle
with implementing identity management and
authentication processes in this new highly
dispersed work environment, and remote
workers continue to introduce new insecure
behaviors – from using personal devices for
work, to reusing weak credentials for personal
and work applications. A lot of the conver-
sations coming out of Black Hat will likely touch on the accelerating speed and volume of attacks as well as the
expanded threat surface organizations are facing in this new era of remote work, how they can best secure their
workforce and keep the new corporate environment safe – whether teams work in office, at home or a mix of both.”

Joe Partlow, CTO at ReliaQuest, said, “I expect the virtual stages and virtual halls of Black Hat to echo with a
couple of big trends. Above all is the new normal of cybersecurity, post-pandemic. This is ultimately about rapidly
evolving attack surfaces and how to maintain visibility across them as they become more complex. The overnight
shift from office to work from home – and now, for many enterprises, to employee populations now mixed
somewhere in between – has driven security teams to re-baseline everything from brute force logins to geographic

5
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

anomalies while grappling with BYOD and a host of other network and endpoint issues.”

MOBILE AND COMMUNICATIONS SECURITY IS ESSENTIAL

Rogers said he also sees mobile and communications security as a big topic. “With everyone in the world working
remotely the devices and systems we use to communicate are under more scrutiny than ever before by both good
guys and bad guys. As a result, research into this area has really taken off. From deep dives into communications
specification security such as 5G architecture and software down to the security of individual devices like mobile
phones. Due to the spotlight shone by apps like covid tracing tools and suspected nation-state information
gathering tools every aspect of the mobile device is now under the microscope. I expect to see a raft of hardware,
and software vulnerabilities from privacy issues to full on trust integrity issues that can lead to total compromise.”

HEALTHCARE SECURITY IS MORE IMPORTANT THAN EVER

And finally, healthcare. Rogers said, “Healthcare is top of mind for all of us during the pandemic and it’s the same
for the research community. Many researchers are looking at medical devices and systems both to try and identify
vulnerabilities so that they can protect patients in the time of COVID and also to try and move the medical
community to being better at securing their products and systems by design. Historically due to budget constraints
and the fact that medical devices and systems remain blackbox the medical industry has not been a great example
of security. Now due to the concerns around the pandemic many are seeing a great opportunity to research and
influence in a positive way.”

Jonathan Langer, CEO and co-founder of Medigate, also rang in on the importance of healthcare. He said “As the
sessions at Black Hat 2020 indicate, healthcare cybersecurity is a major topic on the industry’s mind right now.
It’s no secret why – the last few years have seen a marked increase in threats against hospitals and health centers as
attackers look to access critical information which they can use for monetary gain. However, what’s more apparent
from the agenda is a shift in how cybersecurity experts are designing their solutions to fit healthcare’s unique IT
security needs.

Langer said, “No longer are we seeing a one-size-fits-all approach offered by the majority of vendors, instead there
is a renewed focus on understanding how to best protect individual organizations, and also collaborating with
industry peers to facilitate this security. The recent COVID-19 pandemic highlights the need to quickly and
efficiently secure all medical and IoT devices on a network to ensure patient safety.”

THE OVERALL SECURITY CULTURE AND THREATS

Jaime Blasco, head of Alien Labs at AT&T Cybersecurity, said, “COVID-19 changed the security threats organi-
zations needed to defend against, as we observed. The conversation at Black Hat USA should focus on these

6
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

changes, and the impact they will have on security culture, remote work, the power of automation, and the indus-
try’s response to continued cyber attacks, including threat sharing and community collaboration. This year’s virtual
event features sessions that will center upon this theme, and highlight the power of timely threat intelligence in
helping organizations to detect and respond to evolving threats.”

Joe Payne, president and CEO at Code42, said, “I think the biggest question that needs to be asked at this year’s
Black Hat is how we, as a security community, are addressing the issue of insider threat. Last year, two-thirds of all
breaches were caused by insiders, yet 90% of security budget dollars are focused on hackers, phishing, nation states
and external forces. We need to address the elephant in the room: insiders may be our biggest risk.”

Brandon Edwards, chief scientist and co-founder at Capsule8, said he thinks key focus areas will include,
“Side-channel attacks and defenses, and detection. Microarchitectural attacks are still a hot topic, which has also
generally made people pay more attention to the importance of side-channel attacks. We see both offense and
defense talks on it this year.”

Om Moolchandani, co-founder and CTO at

IMAGE: BLACK HAT
Accurics, said, “Container security is expected
to be a big trend at Black Hat, and rightfully
so—organizations are rapidly embracing cloud
native infrastructure including containers,
serverless and servicemesh to build their appli-
cations. Securing these technologies is critical
since so much computing is now in the cloud,
given new realities.”

Humphries said, “we’ll see industrial control system (ICS) risk discussions, as well as a completely new take on IoT
security risks, at DEF CON’s HacktheSea village and hackasat Space Security Challenge 2020, focused on infil-
trating satellites -- showing anything can be breached from the sea to the stars.”

Kevin Livelli, director of threat intelligence at BlackBerry, said, “The Black Hat Review Board lead for the Malware
Track this year, Matt Suiche, made a point of selecting research that sheds new light on Linux malware, which often
gets overlooked at big security conferences. Several of the talks, therefore, carry that theme. Mine is among the
Black Hat ‘recommended briefings.’ The talk explores the theme of long-term IP theft, which is timely, given the
renewed attention it has received from the FBI, Department of Justice, and DHS. I also reveal who is responsible
for the largest known Linux DDoS botnet, raise questions about one of the most popular, commercially available
RATs available on the market, and discuss a worsening trend in attacker abuse of legitimate cloud infrastructure.”

7
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

Steve Ragan, security researcher at Akamai, said, “Given the breakdown of the talks happening at Black Hat,
the majority of overlapping themes will center on hardware and embedded systems, cloud and platform security,
network security, and exploit development. Defense is always a big topic of conversation, so expect to hear all about
the latest blinking boxes that will protect you from the next big threat. This year, not surprisingly there are a lot of
election disruption/election security talks happening, so that is clearly a big theme too.”

Ragan said, “Yet, the smart money will center on conversations related to supply chain defense and remote access.
The world has changed. Not only are we all working from home for the most part, but even our industry events
are virtualized. Defending assets onsite and offsite are critical elements to an organization’s security program. This
area obviously covers products and services, but also policy and risk models. Business leaders need answers and
solutions, so I expect to see several side discussions happening online addressing these needs.”

Trevor Pott, product marketing director at Juniper Networks, said he believes that at Black Hat, secure SD-WAN
will be front and center. “2020’s rapid shift to distributed work has placed significant emphasis on the need to
have organizational resources available safely and securely anywhere in the world. This has always been something
of a consideration – branch offices existed before even computers – but both the increased global distribution of
workloads and the renewed interest in distributed working have made it a priority for organizations of all sizes.

With SASE, Gartner recognizes the importance of the evolution of the WAN from traditional SD-WAN toward
an even more adaptable WAN fabric, but with an emphasis on the critical role information security must play in
this space.

Nico Waisman, head of the GitHub security lab, said security at scale is a trend he expects to see at Black Hat.
“Each year, Black Hat introduces state of the art vulnerability research from hackers and security teams around the
world. But security research should not be like a game of Whack-a-mole; the community needs a new approach
to turn that research into actionable information they can apply to day-to-day decisions. We are going to see a new
wave of security at scale — more automation and tooling that serves as a force multiplier to the amazing work that
researchers are doing. This can ultimately help to sweep full vulnerability classes out of existence.”

8
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

BLACKBERRY LAUNCHES FREE TOOL FOR REVERSE

ENGINEERING TO FIGHT CYBERSECURITY ATTACKS
One of the first announcements at BlackHat USA 2020 is an open-source tool to
fight malware that BlackBerry first used internally and is now making available to
everyone.

BY VERONICA COMBS

At BlackHat USA 2020, BlackBerry announced on Monday that its open-source internal tool PE Tree is now available
for all security professionals to use for reverse engineering malware.

This tool allows reverse engineers to view Portable Executable (PE) files in a tree view using pefile and PyQt5. This
makes it easier to dump and reconstruct malware from memory while providing an open-source PE viewer code-base.
The tool integrates with Hex-Rays’ IDA Pro decompiler to allow for easy navigation of PE structures, as well as
dumping in-memory PE files and performing import reconstruction.

PE Tree was developed in Python and supports the

IMAGE: ISTOCKPHOTO
Windows, Linux, and Mac operating systems. It can
be installed and run as a standalone application or
an IDAPython plugin, allowing users to examine
any executable Windows file and see what its
composition is.

Eric Milam, vice president of research operations

for BlackBerry, said in a press release, “As cybercrim-
inals up their game, the cybersecurity community
needs new tools in their arsenal to defend and
protect organizations and people. We’ve created
this solution to help the cybersecurity community
in this fight, where there are now more than one
billion pieces of malware with that number continuing to grow by upwards of 100 million pieces each year.”

Reverse engineers use several tools to deconstruct malware, including disassemblers, debuggers, PE viewers, and
network analyzers.

9
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

VMWARE CARBON BLACK THREAT REPORT

FINDS HACKERS USING MORE AGGRESSIVE AND
DESTRUCTIVE TACTICS
Security firm recommends digital distancing for devices and more collaboration
between IT and security teams to harden the attack surface.

BY VERONICA COMBS

A survey of security professionals finds that hackers are getting more aggressive as IT and security teams continue
their internal turf battles. The Global Incident Response Threat Report from VMware Carbon Black checked in with
practice leaders at 49 security and consulting firms about the impact of the coronavirus, the current threat landscape,
and how security teams are coping.
IMAGE: GETTY IMAGES/ISTOCKPHOTO/KAPTNALI

Tom Kellermann, head of cybersecurity

strategy of VMware Carbon Black and
former cyber commissioner for President
Barack Obama, wrote the fifth installment
of the semi-annual Global Incident
Response Threat Report along with Rick
McElroy, a security strategist at VMware.

The increase in counter-incident response

(IR)—mostly destruction of logs (50%)
and diversion (44%)—signal attackers’
increasingly punitive nature and the rise of destructive attacks. Kellermann said that this shows attacks have shifted
from being burglaries to home invasions.

“Your brand will be commandeered, your digital transform will be hijacked and used to attack customers and share-
holders, and that’s why boards and shareholders need to wake up now,” he said. “There’s more value in taking over
the infrastructure than stealing from a brand,” he said.

Survey respondents named remote access inefficiencies (52%), VPN vulnerabilities (45%) and shortage of available
or skilled staff (36%) as the biggest endpoint security challenges related to the pandemic.

Here is a recap of the report’s findings as well as advice on which security tactics are the most important during this
extended phase of working from home.

10
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

NEW ENTRY POINTS FOR MORE DESTRUCTIVE ATTACKS

Hackers are taking advantage of all the Internet of Things (IoT) devices in home offices to island hop, or move
from one point in a network to another. Usually this takes the form of attacks on third-party partners or the
supply chain.

“Last Christmas, the number one consumer purchase was smart devices,” Kellermann said in the report. “Now
they’re in homes that have fast become office spaces. Cybercriminals can use those family environments as a
launchpad to compromise and conduct criminal conspiracies in professional organizations.”

Respondents said that 27% of incidents during the 90 days prior to the survey took advantage of IoT-related
vulnerabilities.

Another growing problem is counter-incident response (IR). This tactic is on the rise, up 10% from the previous
survey and present in a third of incidents. The Kryptik trojan is one example of counter IR. It can be persistent and
difficult to detect, as it often deletes its executable file after running. It also can use trusted protocols to hollow out

VMware Carbon Black asked incident response experts about the biggest challenges they face when
working with all remote teams.
IMAGE: VMWARE CARBON BLACK

11
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

existing processes and penetrate the corporate environment even further via island hopping or lateral movement—
also known as “lay of the land attacks.” Lateral movement and island hopping also are difficult to detect, and these
attacks take on an increasingly destructive nature. Twenty-five percent of survey respondents reported destructive
attacks in half of all encountered incidents.

When considering future threats, 42% of respondents said that cloud jacking would very likely become more
common in the next 12 months, while 34% said access mining will become a bigger problem. Mobile rootkits,
virtual home invasions of well-known public figures, and Bluetooth low-energy attacks were among the other attack
types respondents predict over the next year.

IMPROVING COLLABORATION BETWEEN SECURITY AND IT

Outside attacks aren’t the only risk to a
company’s security. Almost 80% of respon-
dents described the relationship between
the IT department and the security team
as negative. An overwhelming majority of
respondents agreed that more collaboration
would improve security and lessen cyber risk.

Survey respondents listed these initiatives as

the three top actions that will drive the most
collaboration between IT and security teams:

1. Establishing a consolidated strategy

with unified metrics and goals (61%)
IMAGE: MICHAEL BORGERS, GETTY IMAGES/ISTOCKPHOTO
2. Modifying reporting structures to
streamline communications upstream (47%)
3. Integrating platforms and solutions for seamless sharing of information between teams (47%)
Kellermann said that another element of the problem is org charts that have CISOs reporting to CIOs when the
two leaders should be equals.

“The current threat landscape provides plenty of justification for increased authority and budget for CISOs,” he said.

HOW TO STRENGTHEN THE DEFENSES

The VMware report has five suggestions about how to improve network security. Enhancing collaboration

12
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 BLACK HAT 2020: CYBERSECURITY TRENDS, TOOLS AND THREATS

between IT and security teams is an obvious one. Security teams should help IT team members become experts
on how to manage the security of their own systems, which provides an easy way to encourage the two groups to
work together.

The other suggestions address how to think about security in light of the current state of remote work. Just as
humans are trying to stay six feet apart, devices should practice digital social distancing:

“People working from home should have two routers, segmenting traffic from work and home devices. They
should have a room free of smart devices for holding potentially sensitive conversations. And they should restrict
sensitive file sharing across insecure applications, like video conferencing tools.”

“Otherwise, someone can hack your TV and then get to your VPN and ride that back to the corporate network,”
Kellermann said.

The last three pieces of advice are established best practices that are even more important as working from home
starts to become the new normal:

• Gain better visibility into your system’s endpoints

• Enable real-time updates, policies, and configurations across the network
• Remember to communicate

13
COPYRIGHT ©2020 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.
 CREDITS
Editor In Chief
Bill Detwiler ABOUT TECHREPUBLIC

Editor In Chief, UK TechRepublic is a digital publication and online community

Steve Ranger that empowers the people of business and technology. It
provides analysis, tips, best practices, and case studies aimed
Associate Managing Editors
at helping leaders make better decisions about technology.
Teena Maddox
Mary Weilage
DISCLAIMER
Editor, Australia
The information contained herein has been obtained from
Chris Duckett
sources believed to be reliable. CBS Interactive Inc. disclaims
Senior Writer all warranties as to the accuracy, completeness, or adequacy
Veronica Combs of such information. CBS Interactive Inc. shall have no liability

Senior Writer, UK for errors, omissions, or inadequacies in the information

Owen Hughes contained herein or for the interpretations thereof. The reader
assumes sole responsibility for the selection of these materials
Editor
to achieve its intended results. The opinions expressed herein
Melanie Wachsman
are subject to change without notice.
Staff Writer
R. Dallon Adams Cover Image: iStockphoto/lukbar

Associate Staff
Writer
Macy Bayern
Copyright ©2020 by CBS Interactive Inc. All rights reserved.
Multimedia Producer TechRepublic and ts logo are trademarks of CBS Interactive
Derek Poore Inc.. All other product names or services identified throughout
this article are trademarks or registered trad marks of their
Staff Reporter
Karen Roby respectivecompanies.

Copyright ©2019 by CBS Interactive Inc. All rights reserved.

TechRepublic and its logo are trademarks of CBS Interactive Inc. ZDNet
and its logo are trademarks of CBS Interactive Inc. All other product
names or services identified throughout this article are trademarks or
registered trademarks of their respective companies.