It’s safe to say, what happens in Vegas will certainly not stay in Vegas – especially when it comes to Black Hat. Our security team is keeping a close eye on all of the latest news coming out of Black Hat’s 19th year.
Social Engineering is Here to Stay
One of the big trends we’re seeing is around Social Engineering. As PC Magazine’s Max Eddy shared, “there are some exciting themes to look forward to at this year's Black Hat. Social engineering, the art of tricking people into giving away their information without resorting to exotic attacks, is a perennial theme.”
Take one of the latest sessions, for example, hosted by Nir Valtman, Head of Application Security for NCR Corporation, and his colleague, Application Security Architect Patrick Watson. The two took the social engineering approach to successfully demo bypassing a chip and PIN credit card, along with stealing a CVV2 number (the three digits on the back of your credit card). Or yesterday’s Black Hat presentation from Google security researcher, Elie Bursztein, who shared his latest discovery with USB drives at the University of Illinois Urbana-Champaign.
Envision this: a student walks home from class, finds a “lost” USB flash drive on the lawn, inserts the USB into their computer and begins to open files, only to realize its filled with malicious data. Is this just human curiosity or do hackers have the ability to socially engineer students to act in a certain way?
Bursztein, along with his other researchers, have a theory. After dropping 297 USB drives on Illinois’ campus as an experiment, they found 45%–98% of drives were plugged into participants’ computers. This study ultimately played out exactly how researchers envisioned, revealing a common hacking technique. Matt Tischer, another leading researcher on the study told MotherBoard’s Lorenzo Franceshi-Bicchierai, “It's easy to laugh at these attacks, but the scary thing is that they work—and that's something that needs to be addressed.”
As eWeek’s Sean Michael Kerner (and Bursztein) pointed out, “awareness and security training is a good thing, it's important to teach people to be mindful of what they plug into their computers.”
Source: pexels.com used under CC license.
Education is Key
While research like this still remains a major focus at Black Hat, this year there has been a shift toward security awareness and education. We’re seeing more companies moving onto the expo floor and attending sessions with more specific training information to help address some of the security concerns that happen on a daily basis. Some of the training sessions offered at Black Hat this year include – Adaptive Penetration Testing and Advanced Hardware Hacking – surely, there’s a session for everyone.
So, if you encounter any USB drives lying around, toss ‘em and educate others around you to do the same. Meanwhile, we’ll be here to educate you on the latest news as Black Hat continues!