Each year certain trends dominate the security shows. This year wasn’t any different and here are the larger themes I have picked up at Black Hat 2018 and DEF CON 26:
Hacking Critical Infrastructure (ICS): Presenters covered a wide range of topics related to cyber attacks wreaking havoc on smart cities, airports, industrial control systems and even satellite communications. Of course there were also plenty of IoT sessions, including hacking self-driving cars, voting machines, smart speakers and much more. Here are just a few ICS presentations worth highlighting:
Outsmarting the Smart City
Hacking PLCs and Causing Havoc on Critical Infrastructures
Through the Eyes of the Attacker: Designing Embedded Systems Exploits for Industrial Control Systems
Breaking Extreme Networks WingOS: How to own millions of devices running on Aircrafts, Government, Smart cities and more
Last Call for SATCOM Security
CPU Attacks: Following this year’s revelations about CPU vulnerabilities cristined Spectre and Meltdown, numerous kernel, side-channel and related attacks aiming at the very core of modern laptops, desktops and servers were presented. Non-exhaustive list includes:
GOD MODE UNLOCKED – Hardware Backdoors in x86 CPUs
Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre
Kernel Mode Threats and Practical Defenses
Adversarial AI: Artificial Intelligence and its subcategories – Machine Learning and Deep Learning – have been the dejour “silver bullets” of the security industry for the past few years. Malicious actors are taking note and the following sessions touches on adversarial inputs and even demonstrated a proof-of-concept of a highly targeted and evasive attack tool powered by AI:
AI & ML in Cyber Security – Why Algorithms are Dangerous
Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks
DeepLocker – Concealing Targeted Attacks with AI Locksmithing
Bonus trend – Healthcare Vulnerabilities: Perhaps the most alarming collection of presentations focused on healthcare industry and addressed everything from hacking implanted medical devices to falsifying a patient’s vital signs in under 5 seconds:
Understanding and Exploiting Implanted Medical Devices
80 to 0 in under 5 seconds: Falsifying a medical patient’s vitals
Multiple Skytalks @ DEF CON
What trends did you notice this year? What were your favorite presentations last week? Leave a comment on our Twitter or LinkedIn.