By Tom Resau on

Black Hat: 3 Security Trends to Watch

Tom Resau

Resau: “Anytime an OS grows and starts supporting more apps, commerce and identity information, the bad guys come calling.”

(If you like this blog, please share it. Thanks!)

Attending the most recent Black Hat USA after taking a couple years “off” is like returning to a favorite neighborhood after being away for a while: You get a sense that much has changed (such as security trends) while, at the same time, there’s a certain consistency that’s comforting.

I enjoy seeking out old friends and media contacts. Relationships are special, particularly in the relatively small security universe. And, of course, in working for a high-tech PR agency, going to Black Hat in person is a great way to serve our clients by working on site at a high-profile event.

As for hot trends discussed, the following stood out:

Malware re-infection. Unquestionably, we’re intercepting more strains of malware and remediating them from devices. Yet, they pop up on the same machines soon afterward, prompting response actions all over again. It’s easy to peg this as a vulnerability management problem. And it is. However, there are other, less-obvious factors in the bigger picture, such as malicious code seeping into companies via supply chain partners who share the same networks for the sake of business productivity. Combine these arrangements with the fact that many large, complex systems – like those processing transactions in banking or retail – simply can’t be taken down to promptly apply every tested patch (let alone new patches) and you can see why re-infection is a persistent problem.

Mobility. I’m not surprised Black Hat featured so many sessions on iOS attacks and exploits, given the popularity of Apple’s devices. Anytime an OS grows and starts supporting more apps, commerce and identity information, the bad guys come calling. This is certainly true of more handhelds today. Also: Look out for attacks on cell carriers’ systems.

Security holes. Meaning, vulnerabilities within software code running our power meters, utility networks and other industrial systems. It was sobering to see these targets discussed at the show alongside browsers and OSes. We only now understand what wider Internet connectivity can inflict upon these systems, let alone focused attackers reading up on their basics. Granted, it takes a lot of time and skill to study these control system protocols. That’s why I wonder when we’ll see wider exploits of other unconventional targets, such as software platforms embedded in cars. After all, there are more vehicles in circulation for hackers to take home and tinker with than, say, turbine control panels.

All in all, it was well worth enduring the summer heat in Las Vegas for this insightful and enjoyable trip. Black Hat is still a must-attend conference that brings the security community together and never disappoints. In departing, it’s like leaving that fond, old neighborhood: You want to immediately start planning your next visit.

@TomResau

Tom Resau is a vice president at W2 Communications.

 

 

Tom Resau, Senior Vice President, Cybersecurity and Privacy Practice

Tom brings more than 15 years of experience in cyber security communications, including the creation and management of public sector, energy and financial services PR programs for Symantec’s corporate communications team. In addition, he has represented top information security vendors, consultants and systems integrators – including many focused on U.S. military and other government customers. Tom takes an intelligence-driven approach to creating unique activities and generating opportunities that set clients apart in this crowded industry. Tom’s clients often appear in top-tier business, broadcast and industry-trade media.

Contact Us

The professionals at W2 Communications welcome the opportunity to learn more about your project and discuss the many ways we can help you succeed.