Black Hat USA 2021 & DEF CON 29 Highlights & Key Takeaways

Black Hat USA 2021 and DEF CON 29 have come to an end, and this year’s events did not disappoint, generating plenty of cybersecurity news, highlighting key industry trends and introducing some exciting new products. LinuxSecurity has been following both conferences, speaking with expert trainers and presenters and keeping our followers up-to-date on Twitter. Here are the highlights, key takeaways and notable trends we identified as Black Hat USA 2021 and DEF CON 29 unfolded that you should be aware of.

What Are Black Hat and DEF CON?

Black Hat USA, a renowned event that features briefings and trainings taught by experts from around the globe, providing offensive and defensive hackers of all levels with invaluable opportunities for firsthand technical skill-building, celebrated its 24th anniversary this year. Black Hat USA 2021 was conducted in a unique hybrid format, which began with fourdays of real-time online Virtual Trainings, followed by the two-day main conference (both a Vitual and Live at the Mandalay Bay in Las Vegas.

Each year, Black Hat USA is immediately followed by DEF CON, an infamous hacker conference also held in Las Vegas. The event consists of several tracks of speakers with expertise in the realm of computer security and hacking, as well as cybersecurity challenges and competitions (known as hacking “wargames”).

Black Hat USA 2021 & DEF CON 29 Highlights, Announcements & Notable Trends

As Cloud & Container Adoption Continues to Increase, Security Falls Behind & Ransomware Risk Skyrockets 

Cloud, Container, Kubernetes and Serverless environments have become the norm in modern infrastructure. Cloud and container adoption is rapidly increasing, as these technologies and frameworks enable organizations to grow and evolve at a very high velocity compared to the traditional workloads.

In an recent interview with LinuxSecurity, Cloud Native Security Architect and instructor of the Black Hat USA 2021 course A Practical Approach to Breaking & Pwning Kubernetes Clusters Madhu Akula explained, “The challenges we see mostly arise from misconfiguration issues, which can have a big impact like the compromise of data and infrastructure. The recent Red Hat State of Kubernetes Security Report states that 94% of respondents experienced at least one security incident in their Kubernetes environments in the last 12 months, and concludes that security misconfigurations are to blame for the majority of these issues.” He elaborates, “These past few months have shown that supply chain attacks have serious implications when it comes to the security of modern infrastructure, as everything is codified including policies, infrastructure, applications - even security. With the ever-changing technology landscape, it’s hard for organizations and teams to keep up with securing Cloud and container environments, as doing so requires them to understand the latest technology prior to solving security problems.” In the wake of the Colonial Pipeline ransomware outbreak and other recent supply chain attacks, the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released Kubernetes hardening guidance which includes various tips and best practices for securing Kubernetes.

NSA & CISA Kubernetes Hardening Advice

• Scan containers and pods for vulnerabilities or misconfigurations.
• Run containers and pods with the least privileges possible.
• Use network separation to control the amount of damage a compromise can cause.
• Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality.
• Use strong authentication and authorization to limit user and administrator access and limit the attack surface.
• Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity.
• Periodically review all Kubernetes settings and use vulnerability scans to help ensure risks are appropriately accounted for, and security patches are applied.

However, security researcher and DEFCON 29 speaker Robert Graham doesn't necessarily think that hardening defenses is the best approach to protecting against ransomware and other persistent cyber threats. Graham explains, “The way you secure a bank is not by locking the front door; the bank has to be open for business and you have to have people come in. It's the same thing with networks.” He also believes that awareness is not enough without a comprehensive understanding of the threats organizations face and the security defenses required to combat them, stating, “So the approach to ransomware is that we're aware, but we're not actually aware of the details.” Guardian Digital, the open source email security company, also recognizes this growing issue, and has created a free toolkit to help businesses understand their email risk profile and how they can bolster their email security strategy to repel ransomware and other dangerous email-borne attacks in less than two minutes.

Madhu Akula’s A Practical Approach to Breaking & Pwning Kubernetes Clusters Black Hat USA 2021 course covered multiple real-world security issues by showcasing hands-on labs for participants to teach and assess for security issues, misconfigurations and insecure defaults, going beyond basic attacks to privilege escalation, exploitation, lateral movement, persistence, defense evasion and many other advanced techniques. 

OSINT Powers Social Engineering Attacks & Security Awareness Training Designed to Combat Them

OSINT (Open Source Intelligence) is the foundation on which all engagements are built. Without credible, actionable information, social engineering attacks designed to manipulate psychology can neither be developed nor performed effectively. All forms of social engineering, be it phishing, vishing, or impersonation, begin with information gathering in order to understand the target and tailor attacks that are meaningful and relevant enough to generate engagement.

In a recent interview with LinuxSecurity for this article, Social-Engineer, LLC Chief Operating Officer and instructor of the Black Hat USA 2021 course Practical OSINT for Social EngineersRyan MacDougall explained the importance of social engineering in modern cyberattacks, “Social engineering is the mechanism behind the great success of phishing, BEC, and other email threats. Without purposeful social engineering, attackers are just sending emails to targets that will likely be ignored. Real world attackers do not have to train their targets after an attack, so they can employ malicious and manipulative techniques to induce strong negative emotions in their targets, which leads to compromise.” He elaborates, “From the ethical social engineering standpoint, once you employ scientifically proven techniques to influence a target, that is where you construct the teachable moment to train employees to critically think about a possible attack while in the moment, and still preserve their dignity and integrity. Without the information obtained via OSINT that is required to build a realistic attack, there is no training that can be provided after the engagement.” 

Qualys Demonstrates CSAM & Zero Touch Patch Management

Qualys is demonstrating Cybersecurity Asset Management (CSAM) to help users detect security gaps and respond to risk and Zero Touch Patch Management, which helps organizations to “proactively patch prioritized vulnerabilities with ‘intelligent’ automation – before attacks can exploit them,” the company asserts.

At this year’s Black Hat USA event, the leading provider of disruptive cloud-based IT, security and compliance solutions, announced its collaboration with Red Hat to drive greater security for both the container and host operating system for Red Hat OpenShift. Built on the Qualys Cloud Platform, the solution seamlessly integrates with customers’ vulnerability management workflows, reporting and metrics to help reduce risk. Qualys Cloud Agent for Red Hat Enterprise Linux CoreOS on Red Hat OpenShift helps customers: 

• See the Full Inventory – Continuous visibility of installed software, open ports, and Red Hat Security Advisories (RHSA) for all Red Hat Enterprise Linux CoreOS nodes with comprehensive reporting. 
• Manage Host Hygiene – Fully integrated on the Qualys Cloud Platform to automatically detect and manage host status related to patches and compliance adherence for known vulnerabilities.  
• Easily Deploy to the Host - Simplified deployment via the Qualys Cloud Agent to secure the host operating system. This approach eliminates the need to modify the host, open ports, or manage credentials. 
• Get Complete Coverage – Full coverage of Red Hat OpenShift and Qualys Container security delivers comprehensive visibility from the host operating system through to images and containers running on OpenShift. 

Sparrow Co. Introduces Two New AppSec Solutions

Sparrow Co. introduced two new application security solutions at this year’s Black Hat USA conference — Sparrow Cloud and Sparrow SCA. Sparrow Cloud offers application security as a service  by “performing static and dynamic analysis anytime and anywhere at minimum cost.” Sparrow SCA is an open-source management solution that “automatically identifies open-source software in use and detects security vulnerabilities in the source code and binary,” the company says.

Atakama & Spirion Showcase a Joint Multi-Level File Encryption Solution

Atakama and Spirion showcased a joint solution for classifying and protecting sensitive data through multi-factor file-level encryption at Black Hat USA 2021. The passwordless encryption solution is cross-compatible with all major OSes, and eliminates one of the biggest threats facing organizations today - data exfiltration. Atakama explains, “Each encrypted file receives its own unique AES encryption key with 256 bits, which is fragmented into components and distributed across multiple physical devices. The file is available only to authorized users, which they can unlock through a multi-factor approval process. By encrypting every file with its own unique encryption key, Atakama renders a breach almost completely useless.”

Optiv Security Launches a MXDR Service, Exabeam Unveils its XDR Alliance & SecureWorks Showcases its XDR Services

Optiv Security launched a technology-independent Managed Extended Detection and Response (MXDR) service which the company states “enables clients to take rapid and decisive action against today’s most critical cyberattacks and strengthen their security posture.” Cloud-native logging and security analytics provider Devo has been a foundational partner in Optiv MXDR.

Exabeam also unveiled its XDR Alliance at this year’s Black Hat USA event. The cybersecurity leader states that the alliance seeks to “foster an open approach to XDR (eXtended Detection and Response), which is essential to enable organizations everywhere to protect themselves against the growing number of cyberattacks, breaches, and intrusions.”

Secureworks also showcased its innovation and expertise in the realm of cloud-bases XDR products and services at the conference. The MSSP showed how Taegis XDR, Taegis VDR and Threat Intelligence can help organizations reduce the risks and consequences of a breach. The leading cybersecurity provider also discussed a new Taegis XDR Adversary Software Coverage (ASC) tool, which the MSSP says “allows users to interactively explore how Secureworks Taegis XDR maps coverage and countermeasures to the tactics and techniques used by over 500 adversarial software types against the MITRE ATT&CK framework, including ATT&CK v9”.

CrowdSec Wins a Black Unicorn Award as One of the Top 10 Cybersecurity Companies of the Year

CrowdSec was named a winner for the Top 10 Cybersecurity Startups for 2021 at the Black Unicorn Awards for cybersecurity innovators, which are hosted by Cyber Defense Magazine and take place each year during the Black Hat USA conference. The judging panel announced, “We’re pleased to name CrowdSec as a Winner for the Top 10 Cybersecurity Startups for 2021 among a small, elite group of startups in our third annual Black Unicorn awards.”

On July 8, 2021, the CrowdSec team released CrowdSec v1.1.x - the latest version of their free and open-source cybersecurity solution designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent - with new packages and repositories, as well as improvements to to the CrowdSec agent itself.

In a recent interview with LinuxSecurity, CrowdSec CEO and co-founder Philippe Humeau explains the company’s mission, “The goal is to leverage the power of the crowd to create a real-time IP reputation database. Ultimately, CrowdSec harnesses the power of the community to create an extremely accurate IP reputation system that benefits all its users. With its collaborative, transparent roots, Open Source has provided and continues to provide our team with the optimal framework to accomplish this mission”.

DEF CON 29 Badge Embraces the New Normal

DEF CON 29 was an event to remember, with its unique hybrid format due to the pandemic. Following this theme, the DC29 badge doubles as a practical tool for virtual attendees and an electronic puzzle for those who are able to bring a few of them together physically.

On its own, the DC29 badge is a four-key RGB mechanical macro pad that connects to your computer over USB-C. Featuring highly configurable software, hot-swappable switches, and customizable keycaps, the DC29 badge is a surprisingly robust and flexible little macro pad.

While a DC29 badge is quite useful on its own, it’s also designed to work in conjunction with other badges, as the edge connectors and silkscreen messages hint. Multiple badges can either snap together or be interlinked via USB cables, and they conveniently do not need to be tethered to the computer for power.

DEF CON 29 attendees: Have you tried connecting your badge with others? If so, share a picture or a video of what happened when you did with us on Twitter - we’ll share it with our followers and give you a shoutout.

Did you attend, showcase a product, or speak at Black Hat USA or DEF CON this year? We want to hear about your experience. Have a trend, highlight, or story from Black Hat USA 2021 or DEF CON 29 that was not covered in this article. Please share it with us on Twitter and we will share it with the community. Vendors and security experts: Don’t miss out on the opportunity to be featured in future LinuxSecurity articles and social media posts! Connect with us on Twitter and share your story.