The Black Hat USA 2022 Keynotes
Black Hat USA was held last week. It’s one of the cybersecurity industry’s most important conferences — and as it has in the past, this year’s Black Hat USA kicked off with two keynote talks. Here are highlights and takeaways from the Black Hat 2022 keynotes:
A foreboding future
The first of the two Black Hat 2022 keynotes was delivered by Chris Krebs, a leader in the cybersecurity community and former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Entitled “Black Hat at 25: Where Do We Go from Here?”, Krebs’ talk attempted to assess the state of cybersecurity today and the outlook for the future. He also offered some suggestions on how to build a more secure tomorrow.
There were some notes of pessimism in the keynote:
- Due to what Krebs characterizes as “society’s insatiable and almost pathological need to connect everything,” the attack surface available to bad actors has increased significantly.
- The US has spent too much energy worrying about APTs — and not enough on unglamorous security problems like ransomware. The result, says Krebs, is that “cybercriminals have been eating our lunch.”
- Businesses are still reluctant to invest in cybersecurity, viewing it as costly and a hindrance to innovation, while simultaneously trying to shift everything to the cloud.
- STEM education still lags in US school systems, contributing to the ongoing problem of the cybersecurity skills gap.
A hopeful long-term outlook
However, while there is cause for concern in the short term, Krebs says that he is still hopeful for the future — largely because “every day that goes by, our workforce becomes increasingly tech-native.”
In terms of recommendations for the future, Krebs says that the US needs to give its young people more opportunities to experience coding and to learn critical thinking skills — critical if we want to build a skilled cybersecurity workforce. He also called on the infosec industry to do more long-term planning, suggesting in particular that security professionals and organizations prepare for the possibility of cyberwarfare in Taiwan.
Reading cybersecurity tea leaves
The second Black Hat 2022 keynote was given by Kim Zetter, an award-winning journalist who writes about cybersecurity and national security.
Zetter’s talk, “Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed,” makes the case that the cybersecurity industry is guilty of “a lack of imagination…about the next move that hackers will make.”
Looking at the history of cyberattack trends, Zetter argues that malicious actors tend to “pivot to new but often wholly predictable directions.”
For example, Stuxnet highlighted the vulnerabilities of critical infrastructure all the way back in 2010. But when the Colonial Pipeline attack took place in 2021, some folks still seemed surprised. Zetter offered numerous other examples of cybersecurity early warning signs that were ignored or minimized until it was too late.
Black Hat 2022 keynotes: Takeaways for Mac users
The Black Hat 2022 keynotes provided valuable insights into the state of security today — and the future of cybersecurity. And while Krebs and Zetter focused on these issues in a general way, many of the points they made can be applied to the world of Mac security as well.
Krebs, for example, notes that ransomware is often overlooked by security professionals — basically because it’s not as exciting as APT threats. But cybercriminals, being opportunists, don’t seem to mind. They just go where the targets are.
That’s a dynamic we’ve seen in the world of Mac security as well. People will focus on the relative rarity of macOS 0-days to make some version of the old claim that “Macs don’t get malware.” Meanwhile, they’ll downplay the issue of malware installed via social engineering tactics — even though this is how bad guys compromise Mac users every day!
Zetter’s argument about the predictability of emerging threats is also applicable to Mac security. In fact, SecureMac’s own Israel Torres made a similar point in a recent discussion of Apple’s updates to XProtect. To quote Torres:
If we look at the issue historically, through what Microsoft experienced, we can make some safe assumptions about what Apple will encounter in the future. We’ll see malware authors really stepping up their own game to turn a profit and exploit macOS. That will mean more and better Mac malware, including ransomware. The storm is coming.
If there’s a silver lining for Mac users, it’s that the third-party macOS security community has always been a bit ahead of the curve. Hey, you kind of have to be if you want to do Mac malware research when everyone else is saying Macs don’t get malware! And we like to believe that it’s this forward-looking community, in cooperation with Apple’s internal security teams, that will help keep Mac users safe in the future.