Emerging Trends and Techs in Cyber Security from Black Hat Asia 2024
Just like other areas of IT, in the constantly changing world of cyber security, new knowledge, technologies, and the latest research emerge rapidly. Researchers, and even threat actors, continuously discover new techniques, findings, and research for us working in cyber security, to proactively study, analyze, and fix system vulnerabilities to prevent cyberattacks on our organizations. Usually, this new discovery will be shared through news, articles, and conferences both locally and internationally, including the Black Hat event, which we’ve just joined and will cover in this article.
But first, let us introduce ourselves. There are two writers for this article — Prae Chananya Choosak and Gring Kulnis C.
We both work in the Offensive Security Engineer team under the Cyber Defense Center in the Cyber Security team of KASIKORN Business-Technology Group or KBTG. 💚
Our Offensive Security Engineer team at KBTG has the critical role of thoroughly inspecting systems, performing penetration testing to strengthen defenses against cyber threats, and improving organization’s overall security.
Having been given the opportunity by KBTG to attend this amazing cyber security conference, we want to share our experiences through this blog. We will be recapping some highlights from this year’s event to keep you updated on the latest 2024 cyber security trends.
Chapter 1: What is Black Hat??
Although the word ‘Black Hat’ is commonly referred to ‘a type of hacker’, it’s also the name of a global cyber security conference that brings together research, knowledge, and new trends in cyber security from all over the world. This allows attendees to update their knowledge on techniques for attacking the system and defense against new cyber threats, which they can apply to effectively protect their organizations.
The Black Hat event is typically divided into zones by continent: Asia, USA, Middle East & Africa, and Europe. We attended the Black Hat Asia 2024 event held at the Marina Bay Sands in Singapore from April 16–19.
The main activities at the event were the following
- Training: Cyber security training courses, varying from 2-day (April 16–17) to 4-day (April 16–19) programs across multiple tracks.
- Briefings: The cyber security seminar conducted by cyber security researchers and experts from various organizations to showcase their research. This included keynote sessions discussing the future and trend of cyber security (April 18–19).
The event also featured a business hall with booths where companies set up for showcases. Attendee could collect passport stamps for the lucky draw, a sponsor zone for product demos, an arsenal area showcasing new penetration testing tools and threat response techniques, a Bricks & Picks zone for Lego building and lock picking skills, and a Network Operation Center (NOC) for network analysis throughout the event.
Chapter 2: Keynote
Now that you have a better picture of what the Black Hat conference is, we will take you along to Black Hat Asia 2024 and summarize interesting key points.
Starting with Day 1, the conference opened with an opening thought from the founder of Black Hat, Mr. Jeff Moss.
Here are the five main points:
1. Internet Problem is a Global Problem
The internet problems we face are global issues, not just specific to one nation. New computer viruses, cybercrime, and system vulnerabilities are issues that no one can solve alone. We need to collaborate. Even if those countries may have conflicts in other areas, we must collaborate to tackle these issues because, in the end, we all utilize the same technology.
2. The Closest One Should be the Most Responsible One
A key point was the need to assign responsibility for internet vulnerabilities. It was argued that those closest to the problem, the creators of the systems or software, should bear the primary burden in finding solutions. The current practice of using temporary fixes was criticized. Instead, manufacturers should address the underlying problems themselves, rather than depending on downstream providers for solutions. This concept may not please everyone, but it can’t be denied that solving problems at the source is the right approach.
3. Consequences of Great Power Competition
The Russia-Ukraine war has highlighted the risks of using shared Cloud Services. Cloud Providers serving Ukraine are facing opponents with the highest potential threats in the world, forcing them to continuously improve security. Meanwhile, various technology providers are being sided with one party or the other based on politics. This impacts organizations that need to remain neutral in the war — if they want to maintain neutrality, they would have to build their entire IT infrastructure themselves, which is nearly impossible.
4. Shift from Mitigation to Elimination
The final point Mr. Moss made is that there has been an ongoing debate about whether the approach of mitigating problems through patching and temporary measures has become an unsustainable solution. There is a concept of shifting from mitigating to eliminating the root causes of problems. Organizations like CISA in the U.S. have started paying attention to “Secure by Design” approaches and transitioning to using programming languages that are safe from certain types of issues, such as memory-safe languages. This method may only eliminate around 30% of problems, which doesn’t seem high. But it allows focusing on the remaining 70% instead of continuously applying mitigations while all problems still exist.
5. The Attack on Open Source Dependency
Last topic for opening thought was about the recent incident where developers became under attack from a threat actor disguised as a developer in XZ-Utils project. The threat actor had acted like a trusted member of the XZ-Utils open-source project team for many years to gain privilege to deploy a backdoor. Unfortunately, a version containing this backdoor was released. This incident highlights how organizations must prioritize auditing open source components and developing security tools for these ecosystems.
Next, Mr. David Koh, the Commissioner of Cybersecurity and Chief Executive at the Cyber Security Agency (CSA) of Singapore, presented the keynote - Securing Our Cyberspace Together. This talk was a continuation from Jeff Moss’s opening thought, in which we got to see the perspective of the Singapore government in managing cyber security in their country.
1. Growing Threats in Cyberspace
Malicious actors are adapting and becoming more sophisticated, utilizing techniques like “living off the land” attacks to evade detection and cause significant damage. The scale of attacks is increasing, with the sale of malicious tools and services making cybercrime more accessible to less skilled attackers.
2. Rise of Supply Chain Attacks
Attackers are targeting not only high-value assets but also third-party organizations to gain access to larger networks. Supply chain attacks pose a significant challenge to enterprise cyber security.
3. Real-World Implications of Cyber Attacks
Serious cyber attacks are increasingly having spillover effects into the real world, impacting critical services like healthcare and causing financial losses. The potential for ransomware attacks to disrupt essential services highlights the need for robust cyber security measures.
4. Complex Technological Landscape
Rapid advancements in technologies such as cloud computing and artificial intelligence create both opportunities and challenges for cyber security. While these technologies hold huge potential, they also have new security risks, such as insecure APIs and misconfigured containers.
5. Shared Responsibility
As cyber threats continue increasing both complexity and severity, dealing with them requires collaboration from all parties — governments, private sector, academic institutions, and the public citizens. Everyone must participate in sharing information, setting standards, and developing cyber security personnel.
Many governments, including Singapore’s, have started implementing control and regulations for cloud service providers to ensure that critical digital infrastructure is secure. There is also support for research budgets and developing cyber security innovations to keep up with rapidly evolving threats.
Security in the digital world is a shared responsibility for all of us. Whether you are a software developer, business owner, or general internet user, we all play an important role in maintaining cyber security by building awareness, using appropriate security measures, and supporting policies that uplift a more secure cyberspace.
Chapter 3: Fireside Chat
On Day 2, the session that we found interesting was the fireside chat on Artificial Intelligence (AI). We had AI specialist, Mr. Ruimin He, Singapore’s Chief Artificial Intelligence Officer, talk with Mr. Moss on the increasing role and impact of AI in today’s society, including the topic of AI and cyber security.
1. Reflecting Societal Values through AI
Different countries have different ways of using AI to reflect their societal and cultural values. The EU focuses on human rights, the U.S. on business, and China on governance. In Singapore, regulations should encourage responsible AI innovation. Reflecting values in AI might need more human monitoring of AI outputs rather than directly embedding values into the AI itself.
2. Ensuring AI Safety and Verifiable Outputs
A key challenge is making sure AI systems are safe and their outputs can be verified. One way to do this is by creating auditing tools and security systems to manage AI operations, instead of trying to directly fix the complicated AI model code.
3. Humans and AI — A Powerful Combination
The “Human + AI” concept works best when humans use AI as a tool to help make decisions. It’s important to create user-friendly interfaces for interacting with AI. People need to know they still play a key role and have the ability to control AI, not to be completely replaced. Therefore, it’s crucial to prepare both AI systems and to train people to work with AI effectively.
4. Future of Authentication and Identity Verification
AI’s ability to generate realistic media like images, audio and text increase challenges for future identity verification, as GenAI content could be used for impersonation. Governments must develop systems and measures to reliably verify identities.
5. Cyber Security Challenges
AI can assist repetitive tasks like log file analysis and spam/phishing detection. Nevertheless, there are concerns that AI learning processes may favor offensive over defensive development since attackers can get response on successful attacks more easily. Simulating attacks is important for improving defensive AI resilience before deployment.
6. AI Cyber Security Business Opportunities
AI technology can make software development more efficient and secure in several ways. For example, AI can analyze code to identify security risks or vulnerabilities, allowing developers to fix these issues quickly. AI can also rewrite code to improve security, such as using Rust language, of which memory safety capabilities can reduce system vulnerability risks. Overall, AI offers great opportunities for creating new and better cyber security solutions and services.
Chapter 4: Briefing
Apart from these two sessions, there were plenty of briefing sessions available. If you are interested in learning more, you can follow the Black Hat YouTube channel, where they will release recordings for you to watch later.
Chapter 5: We ❤ Side Quest
During the breaks between sessions, we had time to walk around and visit booths in the business hall from various corporate sponsors. You can learn about their new products and services, and receive some giveaways. The arsenal zone was another noteworthy highlight, showcasing a variety of tools which we can use in our work. Many areas were featured as usual, such as Pentest, VA, IR, forensics, mobile, etc.
Having said that, the most entertaining area at the event was definitely the Bricks & Picks zone. As mentioned earlier, this was the spot where people could play with Lego building blocks to jointly create a Black Hat poster and try out their lock picking skills. There were casual options just for goofing around and learning something new, as well as competitive tournaments where you could win prizes. It was a way to take a break from the serious, intense content and just relax. Or it might even make some people more stressed out — who knows!
Conclusion
It was a very fun and valuable experience. We got to be exposed to new insights and trends. For members of the cyber security community, we were able to access knowledge from high-level topics all the way down to specific technical levels, along with experiencing a lot of new things. We can take home the knowledge gained from the event to share with our teams or even use it to adapt and plan organizational strategies on cyber security.
We also learned about the latest technology trends such as cloud and AI, on which we need to stay up-to-date in order to keep our organization safe from future cyber threats.
Lastly, we would like to thank the cyber security team and KBTG for this opportunity, and for continually encouraging and supporting us to pursue growth through learning new skills that will tremendously aid us in securing our organization.
For those who enjoy this article, don’t forget to follow Medium: KBTG Life. We have tons of great pieces written by KBTG people in both English and Thai.
