Black Hat USA 2018 Highlights

black-hat-usa-2018

The yearly cybersecurity conference Black Hat Briefings kicked off Wednesday morning in Las Vegas. The conference is a gathering point for information security professionals to discuss the latest developments regarding cybersecurity. Significant players in the tech industry such as Google, IBM, Cisco, and many more will participate in the conference and provide insight to some of the most significant contemporary information technology threats. Here are some of the major points discussed in the meeting.

Hacking Into Satellite Communications

Ruben Santamarta of cybersecurity firm IOActive demonstrated that satellite communication systems(SATCOM) are vulnerable to cyber attacks. The flaw allows control of satellite antenna positioning, transmission, and GPS data. This could give potential perpetrator access to communications systems used by airplanes and ships both on the civilian and military sectors. Santamarta and his team were also able to access a planes Wi-Fi network from the ground and access smartphones within that network. Due to SATCOM’s embedded systems, the issue cannot be patched. However, measures can be taken to minimize the dangers of the vulnerability.

Vulnerabilities in Smart City Systems

Cities are increasing their use of information and communication technologies(ICT) to better manage infrastructure resources such as transportation, communications, utilities, and more. As these “smart cities” increase their usage of connected technology, ensuring their integrity is critical. To that end, Threatcare and IBM X-Force Red collaborated to test multiple smart city systems to check for flaws that would grant a cybercriminal access. The teams found critical weaknesses in numerous smart city devices. This ranged from common information security issues such as default or unencrypted passwords to more critical ones such as authentication bypass and SQL injection flaws.

Cryptocurrency and Cyber Crime

Cryptocurrencies have gained a reputation as a tool used by hackers and ordinary delinquents to perform illicit transactions. Thanks to its anonymous nature, cryptocurrency payments are the preferred method used by hackers to collect ransoms from computers that have been infected ransomware. According to Cisco officials, cryptojacking and crypto phishing has gained popularity among cybercriminals. Cryptojacking is the act of unauthorized use of a third-party’s system to mine for cryptocurrencies. Crypto Phishing, on the other hand, involves tricking a user to give up their cryptocurrency login credentials by using fake sites or emails.

Artificial Intelligence for Hacking

IBM Research demonstrated how artificial intelligence(AI) could be used to create powerful forms of malware. The company created an AI-powered malware called DeepLocker designed to avoid detection and target a specific system or user. DeepLocker disguises its code by hiding behind trusted software and will only activate once a “trigger condition” is detected. This condition tends to something the AI could use to determine its targets such as visual, audio, geolocation or system features. DeepLocker’s neural networks can even be trained to recognize a persons face using object character recognization. While the examples demonstrated by IBM research were a proof of concept, there is no doubt we will see AI being used to create some tenacious malware.

Follow Reactionary Times on WordPress.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: