This was my first year on RSA Conference’s program committee for the Hackers & Threats track, and the experience has helped me realize how critical and exhausting, yet joyful, the entire process of designing a track really is. It involved mind-mapping close to 400 submissions (that’s just one track out of many), whiteboarding in a war room, occasional fights over choosing which papers had overlapping content and lots of coffee.
The image below is a word cloud generated by using the titles of all the Hackers & Threats track submissions for 2020, and the frequency of word occurrences is denoted by their font sizes. While some of the words like “threat,” “malware,” “attack,” “vulnerability,” “AI” and “cloud” were definitely the most prominent, there were some interesting entries like “election,” “war,” “deepfake,” “serverless” and “behavior,” which suggests what we might witness in the years ahead of us. Here’s a look at some of the trends I identified while reviewing submissions for the Hackers & Threats track.
Figure 1: Word cloud generated from titles of submissions to RSAC 2020
Commodity Malwares, Threats and Attacks Still Rule
Some of the well-known attack vectors like ransomware, crypto miners and phishing continue to incarnate into new forms, leading to more infections and evolving detection techniques. Browser-based attacks like data skimming (Magecart, formjacking, etc.), data leakage and client-side cryptomining attacks have also gained significant traction and will continue to grow due to the changing trends in web attack patterns.
The Human Element
One trend I realized through reviewing the 2020 submissions is that the human element plays a critical role in defining the security posture of any organization or nation. There were submissions around how humans are critical for red & blue teaming, incident response and threat intelligence. The submissions talked about cases and scenarios where human common sense excels over any tool or technology used to detect fraud, deception and abnormal behavior patterns. On the other hand, we had submissions around how adversarial use of technology can mold human behavior into believing what is not true, thus leading to consequences like defaming a brand or swinging election votes.
Deepfakes, Social Media Propaganda and Fake News Are Here to Stay
Social media technologies and communication platforms have seen a rapid transformation in the past decade. There were a good number of submissions around how we can better classify what is true and what is false, distinguishing machine-generated content (deepfake, fake news, etc.) from a real human interaction. We expect to see behavioral security research to mature further into understanding how digital interaction, likes and choices can be altered through fake news, political propaganda and social media influence.
Cloud and API as the New Playground for (in)Security
IT and networking infrastructure have seen a tremendous change in the past decade. With the rise of cloud, containers and API, we are entering into a new era where cybersecurity terminologies might need new definitions. Though cloud and API services do provide a faster and more reliable means of IT workload management, they’re also adding new security challenges. Cloud service misconfigurations led to multiple high-profile data breaches over the past couple of years. API abuses have cost significant monetary damage to services built on top of them. Many interesting submissions came through where researchers have talked about different offensive and defensive approaches to secure these services. I expect this trend to grow in the upcoming years as more and more workloads find their way into private and public cloud services and as the web continues to move from HTTP to API.