Prof. Thomas Brandstetter, Managing Director of Limes Security, is a member of the Black Hat review board. He attended this years Black Hat Europe in London in November and shared his personal take aways with us:
It was really great to be back to an in-person event at Black Hat Europe 2021. I was missing the atmosphere of security conferences, and listening to an in-person talk certainly was refreshing. Also, it was great to finally meet some of my peers from the Black Hat Review Board in person to have a chat over different talks and research approaches.
Here are some of the key points I was taking with me:
Ransomware: I agree with Black Hat founder Jeff Moss that from an economic point of view, ransomware is overall probably driving up the cost of doing business, and if I look at the research Eireann Leverett is doing on ransomware economics this is even more plausible. It certainly is up to us as security community to raise the cost also for ransomware gangs and at least try to make this a high-effort and high-stakes game for them as well.
Foundational technologies: Many talks at this year’s Black Hat Europe reminded me that we are building our digital infrastructure on technologies that serve as foundation we take for granted to be there and working reliably, but we still have issues in those as well. Specifically, the talks on Active Directory Injection Attacks, the talks on abusing Windows Certificate Services and of course the talk on vulnerabilities in the data distribution service (DDS) protocol that I had never heard of despite working in OT security for decades, reminded me that we still have to think about the security of our foundational technology. Finally Adam Laurie’s presentation on time services (GPS, DCF77 etc.) and their reliability or “spoofability” underlined that issue even further.
Technology-specific research efforts: It still strikes me sometimes to what lengths people go with their (vulnerability) research efforts. The talk on the Titan M chip amazed me as there was very little information available and they still pulled serious vulnerabilities out of this black box. Additionally fitting in that category was Marina’s and Ric’s talk on exploiting the design of industrial controllers, where they practically generated a C+C channel with just two bytes of PLC memory space. Serious research efforts behind this.
The Human factor: A talk that presented how CSIRTS could be improved using behavioral psychology brought up the human factor that we tend to forget sometimes. They referred to two problems that I encountered multiple times in my career so far:
- The superhero problem where most critical security tasks rely on a single person for getting done
- The firefighting problem where security people are constantly on the battlefield without time to step back to think what could be done better or changed overall.
Kevin Jones’ keynote put an additional spotlight on the human factor. He made a good point in describing why a human- centric approach similar to what the aviation industry has been doing for system design could be beneficial for cyber security as well. I had this feeling that despite improving efficiency, just automation is not the answer to security problems. Although I’m not a system architect, the idea that security systems should be designed better with the people in mind that actually use and make decisions based on their output is something that I’ll put more thoughts in.
I really found this year’s Black Hat Europe very much worthwhile and am looking forward to the next Black Hat event.