Organizations, Security, and Threats Transform: RSA Conference 2022 Trends in Hackers & Threats


Posted on by Limor Kessem

I can hardly believe it’s already October, and the hot summer days are slowly cooling off out here in sunny Tel Aviv. It’s an exciting time for me—starting to work on all the absolutely intriguing talk submissions we receive on the RSA Conference Hackers & Threats track. I am honored to be a committee member within this community for yet another year.

Among all the submissions, we did see four trends coming through this year. Like everything in information security, these subjects often intertwine across attacks and trends, but here are the four I found most prominent in the Hackers & Threats track.

Nation-State Espionage and Crime

Many of this year’s submissions had a focus on nation-state espionage. I really enjoyed seeing the variety here—think evolution of espionage all the way to the crossover of state-sponsored and cybercrime attacks.

This theme comes at a very ripe time, after events like the SolarWinds attacks and other major cases that were eventually attributed to nation-state threat actors. More than ever before, 2021 showed the world how prolific nation-state attacks are. The pandemic pushed the limits, and mainstream media was discussing attribution like never before.

Governments all over the world are working harder to understand cyber espionage threats and counter them on a national level. This is where threat intelligence on prominent espionage groups and their tactics become critical, making this a great topic for the RSA Conference Hackers & Threats track!

Ransomware

Is ransomware a digital attack? Is it a ransom-negotiation situation? Can it be called a guerilla attack?

Well, all those definitions can be true. Ransomware has transformed. In the past few years, what used to be a digital attack has evolved into full-blown extortion operations on any size company, from the smaller firms to the largest organizations alike. In all cases, it is crippling and damaging, causing direct losses and reputational damage that amasses further losses years down the line.

Talks that came in discussing ransomware ranged from trends to detection techniques and insider threats, from prevention to response and best practices. The significant factor is the experience that’s brought forth in those submissions. The security community and all of its ranks have been weathering these attacks so frequently that we have a true wealth of information to share about the ongoing ransomware crisis.

Cloud Security Vulnerabilities and Attack Vectors

Issues we have in the cloud can be stealthy, deep inside the infrastructure that underpins it. They can be totally out of our control and vary with each cloud model and deployment. Cloud can be more secure and properly isolated than many other forms of deployments, but there are many ways by which it can be compromised. Platform-level vulnerabilities. Container flaws. API weaknesses. This year’s submissions reflect the rush to the cloud that has picked up serious momentum since the pandemic started.

Security teams that had to get everyone working from remote locations are grappling with the sorts of data and workloads they are moving to clouds and looking to secure the places where attackers may try to get in. It’s quickly becoming evident where they might attempt first, so keep your eyes on cloud security talks on our track this year!

Supply Chain Attacks

Supply chain attacks have become the motherload of attacks. Not only do they begin by compromising an untold number of organizations, but they are unwanted ‘gifts’ that keep on giving. After the first compromise is uncovered, more victims come forth, more data is lost, and the dots eventually connect down the line.

Global organizations, like ENISA and others, have been releasing advisories and best practices to explain supply chain attacks and help practitioners mitigate risks. ENISA found that 66% of attacks in this category focus on the targeted supplier’s code. A similar ratio exploits the inherent trust relationships and connection between the supplier and its customer base.

Some true monsters have reared their heads in the supply chain attack category, and these costly, disruptive attacks are now on every CISO’s mind. Unfortunately, organizations can suffer a supply chain attack even if their security defenses are adequate. And since these attacks pack that sort of punch, they are expected to quadruple over the next year. It is no surprise we received some compelling submissions around this subject.

Beyond the Trends

Beyond the trends we saw in this year’s submissions, we received a plethora of talks around other topics that are just as interesting, from Dark Web economy talks to AI, 5G, threat intelligence, forensics, incident response, malware, IoT and medical devices. Oh, my! We also get some goodies on social engineering, fraud, cybercrime ops, but some of our favorites were talks about vulnerabilities that impact entire ecosystems.

This year’s submitters represent both variety and technical depth. We hope you stay tuned to see the talks that make it to the 2022 agenda. We sure are looking forward to diving into and working on each selected talk in more detail.

Contributors
Limor Kessem

Executive Security Advisor, IBM Security

Hackers & Threats

ransomware supply chain Internet of Things cloud security DevSecOps

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community