Once again I had the huge privilege of being on the program committee for the RSA Conference 2024, reviewing the always popular track (in terms of the number of submissions): Hackers and Threats. For me the submissions were a great indicator of the challenges we should expect to see in the coming year, though some were early proof-of-concepts that may or may not take off.
It was no surprise to see lots of diverse submissions in this track. Some topics proposed a deep-dive into specific actors, while others looked at how traditional concepts have been evolving into cloud platforms, such as Azure-specific ransomware attacks.But submitters weren’t just talking about the threats themselves; many also leveraged current affairs. Whilst there were still papers looking at how the ongoing war between Russia and Ukraine has impacted cyber actors and techniques being used, there were more papers looking at the Middle East conflict between Israel and Hamas.
So what stood out this year? Well to little surprise Generative AI was the most prolific topic among the submissions. Some challenged what could really be done, whilst others challenged whether the technology was mature enough. Seemingly just about every aspect of cybersecurity analysis is looking to take advantage of GenAI, be that detecting BEC, making honeypot analysis more dynamic, adding a new layer to deception capabilities, challenging how we do detection, or simply improving phishing detection.
At the same time, there were plenty of papers flagging concerns on how it can be used for threat generation, prompt injection attacks, deeper deep fakes, creating various forms of 0-days or being the source of 0-days--and of course-- a myriad of forms of data scraping. What became clear through reading all of these ideas is that generative AI will have a significant impact on cybersecurity - both positive and negative - in the coming years.
If I could suggest one late new year’s resolution, it would be to make sure you learn as much as you can about how GenAI will impact your role in your company. Attending the RSA Conference 2024 is a great way to start that journey.
Now what about the rest of the submission? Well, the list was pretty broad but here’s just a few of them.
VULNERABILITIES IN:
○ Agile development
■ CI/CD pipelines, Jenkins, Kubernetes
○ Cloud
■ Cloud configuration errors, Azure
○ Endpoints
■ Chrome extensions, MS Defender
○ IDAM
■ Data protection API, Guest Accounts
○ Hardware
■ UFEI SecureBoot bypass
ATTACKS EVOLUTIONS:
○ Supply chain
○ Process injection techniques
○ Injection attacks into biometric systems
○ Web 3.0 attacks
○ Cloud attacks (the scale and scope continues to evolve)
○ Using containers and SaaS infrastructure for their attacks
○ Data theft/exfiltration in the cloud
○ LOL Binary & Cloud attacks
○ Nation state attacks & those caught in the crossfire
○ Hardware hacking
○ Using defunct websites/domains as attack vectors
○ AI systems data breach
○ Payment & Cashpoint fraud
○ New ICS attack techniques
○ Hacking unmanned systems
○ MSP/MSSP attacks/breaches
○ Compromising blockchain servers infrastructure
○ API BoTs
○ DDoS
○ Attacks within election processes
○ Hacking Industrial IoT/OT attacks
○ APTs leveraging cloud and social media as launch platforms
○ Youtube channel/stream jacking
○ Evolving C2 techniques
Of course, Hackers & Threats is about more than how the adversary gained access and what they did. There were also plenty of submissions looking at how incident response capabilities are continuing to evolve, with some asking if you can really track down your data once it's on the dark market.
Still others asked more ethical questions, for example: Looking at the security in the adversary’s infrastructure, can and should we hack back? Can we better track the humans behind the attack via image files? As an industry, we continue to push the boundaries of how to gather the richest insights to better understand and recover from cyberattacks, leaving many asking: When quantum computing finally becomes commercially viable, what impact could this have on the ability to respond to an incident?
Reading all the amazing submissions (and my most humble thanks to everyone that submitted, I wish we could select you all), made me reflect on just how complex today's cyber world has become. We live in an ever more entangled digital spaghetti of digital workflows. The scope of complexity of threats adapts at pace to new technology spaces but also continues to evolve. Whether we like it or not, the innovation each year shows no abatement and generative AI seems to be another force multiplier that can be used for both good and bad.
I do want to say a huge thanks to the RSA Conference for allowing me to continue to have the honor of being on the committee to read all of the submissions, and also to everyone that submitted. It takes time and a lot of creativity to submit, the bar each year keeps getting higher, and so does the cut rate, so if you didn’t get selected to speak this year, please do try again next year. And, if you didn’t submit this year, think about submitting for 2025!