Previewing Black Hat 2022

A look at what experts at Kaspersky will be watching during Black Hat 2022.

A look at what experts at Kaspersky will be watching during Black Hat 2022.

With Black Hat 2022 kicking off this week, we wanted to check in with some of our Kaspersky Global Research and Analysis Team (GReAT) members to see what they’re most looking forward to. What sessions are they hoping to attend? What new trends will emerge? What hot topics are missing from the event this year?

Kurt Baumgartner, principal security researcher

The first thing that’s piqued my attention coming up in Black Hat 2022 is Kim Zetter’s keynote “Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed.” Of course, Stuxnet changed things, but her perspective on ongoing security issues in light of past events and consequences should be fantastic.

The vast majority of talks this year are on offensive operations. There are also more than a handful of talks on “cyber-physical systems,” including Siemens’ devices, automotive remote keyless entry, secure radio communications and more. Some of the technical wizardry and its implications have become more alarming, and since Stuxnet – more understandable to the general audience.

A couple of other talks look particularly interesting due to the use of novel exploitation techniques and implications for large scale authentication schemes from well-known offensive researchers: “I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit” and “Elevating Kerberos to the Next Level.”

I would’ve expected to see more offensive talks on attacking various machine-learning technologies and offensive cryptocurrency research.

Giampaolo Dedola, senior security researcher

I’m glad that many Black Hat briefings reflect what Kaspersky experts foresaw in their APT predictions for 2022, confirming our insights on the current state of cybersecurity.

Several talks deserve special attention – related to and covering this year’s disruptive attacks and the geopolitical crisis in Ukraine. Since such topics are an essential part of the agenda, it confirms a strict interrelation between the digital and real world, and that cybersecurity is becoming even more relevant for ensuring physical safety.

This trend will expand in the future, as cyberattacks are already reaching targets beyond our planet, such as the attacks against ViaSat satellites and Starlink.

Finally, Black Hat will touch upon a growing issue: the ethics of how a government could exploit cyber operations to fabricate evidence to frame and incarcerate vulnerable opponents.

Jornt van der Wiel, senior security researcher

Black Hat’s interesting schedule covers a variety of topics related to exploitation of devices, systems, and certain equipment that’s not easily updated. As for research, it will be useful to learn about new methods of mobile GPU exploitation on Android. Another interesting issue is the novel vulnerabilities and exploitation techniques that reliably bypass Linux syscall tracing. I’m also looking forward to “Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases,” as it should elaborate on UEFI firmware, a recent hot theme due to its allowing malware to run even after the system is reinstalled.

We expect that some of these vulnerabilities and exploits that are “harder to patch on all devices” will be abused by cybercriminals and appear in the wild soon.

Boris Larin, lead security researcher

I expect in-the-wild zero-days and microarchitectural/firmware threats to be the key topics of the conference. In the last few years, with the help of our technologies, we’ve discovered more than a dozen actively exploited zero-day exploits used by different APTs (MysterySnail, PuzzleMaker, WizardOpium), and a number of novel UEFI rootkits (CosmicStrand, MoonBounce, FinSpy, MosaicRegressor).

Our findings show that these threats are becoming more relevant than ever. Attacks using such sophisticated techniques are becoming more common and widespread. Personally, I’m really looking forward to a number of presentations dedicated to these topics, such as: “Monitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021,” “Architecturally Leaking Data from the Microarchitecture” and “Do Not Trust the ASA, Trojans!

If you’re also attending Black Hat this year, let us know what topics and talks you’re most looking forward to. You can find more insights and reports from our experts on Securelist.