The number of cyberattacks on an enterprise is expected to continue to grow, stretching across software supply chains, development operations, and technology stacks. Black Hat 2022's presentations and announcements for enterprise security give an insightful look at how businesses are at danger of more severe, devastating cyberattacks. Held last week in Las Vegas, for the 25th year in a row, Black Hat's reputation for investigative analysis and reporting large-scale security breaches is unparalleled.
The more complex the tech stack and the more likely it is to be hacked, according to Chris Krebs, the former director of the United States Cybersecurity and Infrastructure Security Agency (CISA) during a keynote presentation at the Black Hat 2022 conference last week. Krebs explained that weaknesses often stem from creating too many vulnerability points for cybercriminals to exploit.
Krebs stressed how critical software supply chain security is, claiming that businesses and international governments aren't doing enough to prevent another attack of the magnitude of SolarWinds.
According to the keynote audience, companies that are shipping software products are shipping targets.
On October 4 in San Francisco, CA, MetaBeat will bring together thought leaders to discuss how metaverse technology will transform the way all industries communicate and do business.
Cybercriminals understand the responsibilities and trust connections we have with our software services and technology providers, and they are moving up the ladder through the supply chain, Krebs added.
Moreover, eliminating implicit trust is a top concern in reducing supply chain incidents, as Krebs stressed throughout his talk.
Reducing the growing blast radius in enterprise security
Researchers' discoveries on infrastructure, development processes, and enterprise software vulnerabilities made the enterprise-specific sessions worthwhile. In addition, improving identity access management (IAM) and privileged access management (PAM), stopping ransomware attacks, reducing Azure Active Directory (AD) and SAP HTTP server attacks dominated the enterprise sessions.
Software supply chains are the most dangerous attack surfaces due to continuous integration and continuous delivery (CI/CD) pipelines. Despite many organizations' best efforts to include cybersecurity as a core part of their devops processes, CI/CD software pipelines are still hackable.
Several presentations at the conference discussed how cybercriminals may use remote code execution (RCE) and infected code repositories to hack into software supply chains. One session in particular focused on how advanced hackers might make code-signing inescapable of a developer.
Another example illustrates how hackers can leverage source code management (SCM) systems to expand lateral movement and privilege escalation across an organization, infecting repositories and gaining access to software supply chains at scale.
As cybercriminals skills develop, IT stacks are becoming more accessible. One presentation on how Azure AD user accounts can be backdoored and hijacked by exploiting external identity links to bypass multifactor authentication (MFA) and conditional access policies demonstrated just how an enterprise can lose control of a core component of their tech stack in only minutes.
Cybercriminals might exploit two memory corruption vulnerabilities discovered in SAP's HTTP server by using high-level protocol exploitation techniques in a separate session. CVE-2022-22536 and CVE-2022-22532 are remotely exploitable and might be used by unauthenticated attackers to breach any SAP installation globally.
Malware incidents continue to rise across businesses, often bypassing IT infrastructure and networks that depend on implicit trust. A new approach, developed by Dmitrijs Trizna, a security software engineer at Microsoft, has allowed for advanced malware classification techniques to be detected early.
Trizna said that AI [artificial intelligence] isn't a magic pill; it isn't a silver bullet that will solve all your (malware) issues or replace you. It's a tool that you need to grasp and utilize. So don't discard it completely.
Trizna makes ML code for the models he's working on available on GitHub.
Cybersecurity providers are double down on AI, API, and supply chain security.
Most of the new product announcements focused on API security and how to secure software supply chains, according to CrowdStrikes, demonstrates how rapidly cybersecurity providers are maturing their platform strategies based on AI and ML advances.
The AI-based IOAs presented at Black Hat combine cloud-native ML with human expertise, a technique invented by CrowdStrike more than a decade ago. As a result, IOAs have proven successful in identifying and stopping breaches based on actual adversary behavior, regardless of the malware or exploit used in an attack.
IOAs that are AI-powered are trained on cloud-native ML models, trained on CrowdStrike Security Cloud data as well as expertise from the company's threat-hunting teams. IOAs are analyzed at machine speed using AI and ML, providing the accuracy, speed, and scale enterprises need to thwart breaches.
CrowdStrike is leading the way in preventing the most sophisticated attacks thanks to our industry-leading indicators of attack capability, which revolutionized how security teams prevent threats based on adversary behavior rather than easily changed indicators, according to Amol Kulkarni, the chief product and engineering officer at CrowdStrike. Now, we are enabling organizations to exploit the CrowdStrike Security Cloud to detect adversary behavior at machine speed and scale in order to prevent breaches in the most effective manner possible.
Over 20 never-before-seen adversary patterns have been discovered by AI-powered IOAs, which have been validated and enforced on the Falcon platform for automated detection and prevention.
Cundall, a leading engineering business, is one of the most advanced in the world in terms of I.T. and cybersecurity adoption, according to Lou Lwin, who operates the company. Security is not one and done. It is constantly evolving.
CrowdStrike demonstrated AI-powered IOA use cases, including post-exploitation payload detections and PowerShell IOAs using AI to identify malicious behaviors and code.
Canonic Security, Checkmarx, Contrast Security, Traceable, and Veracode are among the vendors introducing new API security products at Black Hat. Checkmarx is well-known for securing CI/CD process workflows. Checkmarx is well-known for its expertise in securing CI/CD process workflows.
Traceable AI has announced several improvements to their platform, including identifying and stopping malicious API bots, identifying and tracking API misuse, and anticipating potential API attacks throughout software supply chains.
The majority of Black Hat's CI/CD, devops, or zero-trust vendors promoted potential solutions to halt supply chain attacks, including the most hyped vendor theme. NIST is continually reviewing its standards, including NIST SP 1800-34, in particular, to address supply chain security issues.
Cycode, a supply-chain security specialist, has announced that it has added application security testing (SAST) and container-scanning capabilities to its platform, as well as software composition analysis (SCA).
Veracode, well-known for its security testing solutions, has added new functionality to its Continuous Software Security Platform, including support for software composition analysis (SCA) and PHP Symfony. Ruby 3.x is supported.
The Open Cybersecurity Schema Framework (OCSF) addresses an enterprise security demand.
The most common complaint from CISOs about endpoint detection and response (EDR), endpoint management, and security monitoring platforms is that there is no common standard for enabling alerts across platforms. The Open Cybersecurity Schema Framework (OCSF) project is a collaboration between eight major security vendors that allows the normalization of security telemetry across a wide variety of security services and products.
The OCSF project was cofounded by AWS and Splunk, as well as CrowdStrike, Palo Alto Networks, IBM Security, and others. The objective is to continually develop new services and products that support the OCSF specifications, enabling standardization of alerts from cyber monitoring tools, network loggers, and other software, to simplify and speed up the interpretation of data.
According to Michael Sentonas, CrowdStrike's chief technology officer, our mission is to increase productivity for businesses. We believe strongly in the concept of a shared data schema, which allows organizations to understand and digest all data, manage security operations, and mitigate risk. As a member of the OCSF, CrowdStrike is committed to providing solutions that businesses need to stay ahead of adversaries.