Black Hat 2023 Preview: What not to miss

With "Hacker Summer Camp" in Las Vegas quickly approaching, all eyes are on new emerging threats, but as cyber threat spillover from the Ukraine conflict and the potential for AI to further roil the security field, it’s important not to take your eyes from the continuing evolution of ransomware.

Preventing new attacks and protecting against known vulnerabilities are more important than ever as security professionals defend against a horde of bad actors, including profit-driven cybergangs, rogue insiders, and state-sponsored efforts. There are so many threats that organizations must prioritize the most harmful, says Dave Lewis, Global Advisory CISO with Cisco Security.

The sudden prominence of OpenAI’s ChatGPT and competitor offerings has thrust AI to the forefront of potential risks this year with the availability of sophisticated but easy-to-use tools that could threaten consumers, businesses, and even the 2024 US presidential election.

Lewis says he’s aware of generative AI already being used against one European company, which was targeted with a fake phone call purportedly from the CEO, who had just left on vacation. Many executives have been recorded speaking at public events, "so an attacker can collect snippets of somebody's voice and, with a very low bar to entry, build out a voice pattern aimed at deceiving workers or customers.” Conversely, companies such as Cisco are leveraging AI to improve threat responses and simplify security policy management.

Ukraine provides an active theater for cyber-attacks to cross the line from malicious mischief to outright kinetic warfare aimed at disabling, if not destroying, critical infrastructure, ranging from power grids to election systems.

“Threats that are directed against critical infrastructure in Ukraine can potentially spill over into other countries that are supporting Ukraine,” says Lewis. “Public and private organizations that are supporting Ukraine will inherently become targets of Russian state and non-state actors.”

Cisco's Talos threat intelligence unit recently discovered “a threat actor conducting several campaigns against government entities, military organizations, and civilian users in Ukraine and Poland.” It said activity occurred as early as April 2022 and as recently as July 2023 and was “very likely aimed at stealing information and gaining persistent remote access.” The attacks were initiated with malicious Microsoft Office documents followed by an executable downloader and payload concealed in an image file to hamper detection.

There's a very real possibility that the tactics fine-tuned against Ukraine and its allies could be used against critical infrastructure in other regions, Lewis warns. “If that happens during a major heat wave or blizzard, it could be devastating.”

Meanwhile, ransomware continues to evolve as organizations respond to recent attacks. The Talos team discovered a new ransomware actor in early 2023 that launched “double extortion attacks” and threatened to publish exfiltrated data that it threatens to expose on a data leak site.

Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world and defends Cisco customers against known and emerging threats, discovers new vulnerabilities in common software, and interdicts threats in the wild before they can further harm the internet at large.

Cisco Talos, along with Lewis and the company’s other Advisory CISOs, will be onsite at the Black Hat conference to share the importance of keeping an eye on and defending against these threats. Learn where Cisco will be at Black Hat.