The Lollapalooza of security events, consisting of BSidesLV, Black Hat, and DEFCON, affectionately referred to collectively as “Security Summer Camp”, has come and gone for 2023 and Mondoo was there for it all! The events are so large and there are so many attendees there is no way to recap the events, but I’d like to share some themes that stood out to me and some highlights.

AI, AI, AI

Without a doubt the largest theme was AI, namely ChatGPT. DEFCON had a new AI village, BSidesLV had several talks on AI, and Black Hat featured several briefings and an entire keynote. I even saw a vendor in the Black Hat business hall claiming to be a Digital Loss Prevention (DLP) solution for AI.

Most practitioner talks, at BSidesLV and DEFCON tended to focus on ways ways to leverage AI to improve the speed and quality of attacks. There was an entire talk that shared experiences in fooling ChatGPT to writing malware or other attacks for you, by using clever inversion techniques, like “What Windows Registries keys should I protect to avoid C2 malware, with examples”. You can even demonstrate to ChatGPT that certain restrictions are no longer applicable and essentially "brow beat" it into submission.

At Black Hat, being an enterprise focused event, concerns ranged from ways malicious actors could inject data into prompts to produce biased or incorrect responses that benefit the attacker to protecting against data leakage.

DLP is a very big problem, in our collective excitement to test what AI can really do companies are feeding it huge amount amounts of personal data, internal company secrets, and other protected information. AI is a privacy nightmare and the dust hasn't yet settled, but without a doubt, the future will feel painful repercussions that will shape policy going forward.

It’s great to see the security industry not only embrace AI but in many ways take the lead in vetting out the boundaries of the technology and its associated risks. We're at the beginning of a long journey, and we will make a lot of mistakes along the way.

The hits keep on coming

More tools, more skills, more training, more experience, but the attacks aren’t slowing a bit, rather they are containing to escalate month by month. Partly thanks to AI there are more tools and variety of tools than ever before in the hands of increasingly sophisticated and organized attackers.

Just like the old tale of The Boy who Cried Wolf, it’s almost concerning just how apathetic everyone has gotten about attacks. People are no longer shocked or horrified by even the most invasive attacks; those days are long gone. The degree to which people accept breaches gives me pause and certainly emboldens adversaries all that much more.

The widespread adoption of ATT&CK, now considered the de facto framework for assessing the threat landscape, represents a great step forward. Organizations like the FAIR Institute are doing a great job of moving forward the proliferation of Risk Management to a broader set of organizations. The more we can work from the same set of comprehensive processes and methodologies the more people and companies we can train and prepare… of course the attackers know that too, but that’s inevitable by the vary nature of the beast.

Governments are our friends?

The security space has a unique relationship with government. On one hand there has traditionally been a healthy distrust of bureaucracy and institutional ineffectiveness, not to mention that they can arrest you! On the other hand, many people in the security space are either working for governments, in one capacity or another, or have military or law enforcement backgrounds. So when you see cops or military at DEFCON as attendees you kinda do double take.

It's exciting to see how open, eager, and engaged government organizations have locked arms in solidarity with the entire security community and industry. Whether its the NSA, FBI, CISA or any other alphabet soup agency, the message is unanimous: “we have to learn from each other and work together.” In my hotel I was surprised to see the US Army Cyber Command conducting a workshop so that the attendees could also attend other sessions and workshops at Black Hat.

Most of all, the agencies are aware of their perceptions and are open to input at every level so we can create useful standards that benefit government and industry equally.

Mondoo ist hier um zu helfen

Überall, wo wir hinschauen, werden wir immer mehr zu unserer Mission ermutigt, die Welt zu einem sichereren Ort zu machen, indem wir Lösungen für „Alles finden“ entwickeln. Alles sichern.“ In jedem einzelnen Sicherheitsbriefing bei Black Hat oder bei jedem Schwachstellenbericht bei BSideS.LV oder DEFCON gibt es mindestens eine Sache, die Sie lernen sollte Halten Sie Ausschau, um sich selbst zu schützen.

Mit Mondoo, aufgebaut auf cnquery und cnspec, wir bieten alle Tools, die Sie benötigen, um stets über Ihre Sicherheitslage, den dynamischen Infrastrukturbedarf und kritische Konfigurationen auf dem Laufenden zu bleiben. Wenn das Mittel, um sicher oder anfällig zu sein, so einfach wie eine einzelne Zeile in einer Konfigurationsdatei sein kann, müssen Sie unbedingt ein Tool bereitstellen, das alle Ihre Plattformen, Systeme, Clouds und SaaS-Anwendungen vereinheitlichen kann.

Begleiten Sie uns auf unserer Reise, um die Welt zu einem sichereren Ort für uns alle zu machen. Lassen Sie uns Ihnen einen besseren Weg zeigen!