With Black Hat 2022 kicking off this week, we wanted to check in with some of our Kaspersky Global Research and Analysis Team (GReAT) members to see what they\u2019re most looking forward to. What sessions are they hoping to attend? What new trends will emerge? What hot topics are missing from the event this year?<\/p>\n
The first thing that\u2019s piqued my attention coming up in Black Hat 2022 is Kim Zetter\u2019s keynote \u201cPre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed<\/a>.\u201d Of course, Stuxnet<\/a> changed things, but her perspective on ongoing security issues in light of past events and consequences should be fantastic.<\/p>\n The vast majority of talks this year are on offensive operations. There are also more than a handful of talks on \u201ccyber-physical systems,\u201d including Siemens\u2019 devices, automotive remote keyless entry<\/a>, secure radio communications and more. Some of the technical wizardry and its implications have become more alarming, and since Stuxnet \u2013 more understandable to the general audience.<\/p>\n A couple of other talks look particularly interesting due to the use of novel exploitation techniques and implications for large scale authentication schemes from well-known offensive researchers: \u201cI Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit<\/a>\u201d and \u201cElevating Kerberos to the Next Level<\/a>.\u201d<\/p>\n I would\u2019ve expected to see more offensive talks on attacking various machine-learning technologies and offensive cryptocurrency research.<\/p>\n I\u2019m glad that many Black Hat briefings reflect what Kaspersky experts foresaw in their APT predictions for 2022<\/a>, confirming our insights on the current state of cybersecurity.<\/p>\n Several talks deserve special attention \u2013 related to and covering this year\u2019s disruptive attacks and the geopolitical crisis in Ukraine. Since such topics are an essential part of the agenda, it confirms a strict interrelation between the digital and real world, and that cybersecurity is becoming even more relevant for ensuring physical safety<\/a>.<\/p>\n This trend will expand in the future, as cyberattacks are already reaching targets beyond our planet, such as the attacks against ViaSat satellites and Starlink.<\/p>\n Finally, Black Hat will touch upon a growing issue: the ethics of how a government could exploit cyber operations to fabricate evidence to frame and incarcerate vulnerable opponents.<\/p>\n Black Hat\u2019s interesting schedule covers a variety of topics related to exploitation of devices, systems, and certain equipment that\u2019s not easily updated. As for research, it will be useful to learn about new methods of mobile GPU exploitation on Android<\/a>. Another interesting issue is the novel vulnerabilities and exploitation techniques that reliably bypass Linux syscall tracing<\/a>. I\u2019m also looking forward to \u201cBreaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases<\/a>,\u201d as it should elaborate on UEFI firmware<\/a>, a recent hot theme due to its allowing malware to run even after the system is reinstalled.<\/p>\n We expect that some of these vulnerabilities and exploits that are \u201charder to patch on all devices\u201d will be abused by cybercriminals and appear in the wild soon.<\/p>\n I expect in-the-wild zero-days and microarchitectural\/firmware threats to be the key topics of the conference. In the last few years, with the help of our technologies, we\u2019ve discovered more than a dozen actively exploited zero-day exploits used by different APTs<\/a> (MysterySnail, PuzzleMaker, WizardOpium), and a number of novel UEFI rootkits (CosmicStrand<\/a>, MoonBounce<\/a>, FinSpy, MosaicRegressor<\/a>).<\/p>\n Our findings show that these threats are becoming more relevant than ever. Attacks using such sophisticated techniques are becoming more common and widespread. Personally, I\u2019m really looking forward to a number of presentations dedicated to these topics, such as: \u201cMonitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021<\/a>,\u201d \u201cArchitecturally Leaking Data from the Microarchitecture<\/a>\u201d and \u201cDo Not Trust the ASA, Trojans!<\/a>\u201d<\/p>\nGiampaolo Dedola, senior security researcher<\/h2>\n
Jornt van der Wiel<\/a>, senior security researcher<\/h2>\n
Boris Larin<\/a>, lead security researcher<\/h2>\n