This year's top cyber threats that every CISO needs to know about.
Every summer, Las Vegas hosts a number of major cybersecurity conferences, including the legendary Black Hat.
The event traditionally becomes a platform for announcing and discussing the most relevant cyber threats. Every year, researchers report on vulnerabilities found in popular technologies and services. These discoveries consistently make numerous information security managers (CISOs) think about the risks to their companies.
At Black Hat 2023, experts presented a lot of interesting research and here are four of the most dangerous and high-profile vulnerabilities identified this year in the field of information security.
1. AI Vulnerabilities
As expected, the AI theme has become one of the dominant themes at Black Hat this year. The founder of the conference, Jeff Moss, opened the event with a keynote address on the risks and opportunities of artificial intelligence.
Special attention of experts was drawn to the problem of security of AI cloud services. For example, Trend Micro presented a report on discovered vulnerabilities in Azure ML, Microsoft's machine learning platform.
According to Trend Micro senior researcher Nitesh Surana, these bugs can lead to a major leak of credentials and API disclosure, which also threatens to leak internal logs of the service.
According to Surana, the problems found in Azure ML indicate potential risks for other MLaaS platforms as well. "The basic issues of security of logging, storage of confidential data, disclosure of sensitive information and possible mechanisms for securing in the system can potentially relate to other MLaaS cloud services," the expert explained.
The vulnerabilities identified by Trend Micro have already been fixed by Microsoft. However, Surana believes that cloud service providers generally lack transparency in cybersecurity issues.
2. Incorrect Azure Active Directory settings
Another hot topic of the conference was vulnerabilities of cloud platforms. A separate report was devoted to a configuration error in Azure Active Directory, which allows attackers to gain unauthorized access to client systems.
This new attack vector was first discovered in March of this year by the research team of the cloud security platform Wiz, which described its findings in detail in a visual report.
Wiz specialists have identified vulnerabilities affecting a number of Microsoft applications, including the content management system Bing.com. According to them, the problem allowed manipulating Bing search results and performing cross-site scripting (XSS) attacks on users of this service.
Microsoft quickly fixed the error in the authorization settings and issued security recommendations for its customers.
3. SAP Software Vulnerabilities
The conference was attended by researchers from Onapsis, a company that specializes in cybersecurity and regulatory compliance. They talked about security issues in the SAP P4/RMI software, which can theoretically be used for remote access in SAP enterprise systems.
According to the speakers, attackers are able to combine seemingly insignificant vulnerabilities to increase the impact of the attack. And this is bearing fruit.
"In most cases, the most likely risk is lateral movement and privilege escalation by attackers who have already gained some access to the target network using SAP P4, since these products are usually not available directly from the Internet," explained Oleg Kolesnikov from Securonix.
"Key attack scenarios in this context may include internal RCE, SQL injection, and password leakage," the researcher added, noting separately that CISOs should definitely take this issue seriously.
4. Downfall Vulnerability
Google senior researcher Daniel Mogimi made a report on the Downfall vulnerability that could affect Intel processors. This error allows accidental data leaks and potentially poses a threat to billions of devices.
Intel has already released a patch, but to solve the problem in the root, you may need to modify the processor architecture in the future.
According to Richard Vibert, co-founder and CEO of Metomic, a DLP solutions company, the Downfall error opens up the possibility for attackers to attack software vulnerabilities on Intel processors using just one instruction.
Experts believe that while Downfall remains in the realm of theoretical threats. Using such CPU-level errors as Downfall, Spectre, and Meltdown in real attacks requires some prior access to the system and a lot of problems. However, from a technical point of view, such attacks are real and extremely dangerous.
How can I reduce my risks?
Summing up, it can be stated that vulnerabilities in information security are a reality that all companies have to reckon with.
Conferences like Black Hat help CISO keep up to date with the latest cyber threats and find effective solutions to reduce risks. However, the ultimate responsibility for protecting corporate data lies with the organizations themselves.
Heads of information security departments should take a comprehensive approach to cybersecurity issues, conduct regular inspections and audits, ensure continuous training of employees, and do not forget to follow the latest industry news.
This is the only way to minimize damage from potential incidents and maintain customer trust.
Every summer, Las Vegas hosts a number of major cybersecurity conferences, including the legendary Black Hat.
The event traditionally becomes a platform for announcing and discussing the most relevant cyber threats. Every year, researchers report on vulnerabilities found in popular technologies and services. These discoveries consistently make numerous information security managers (CISOs) think about the risks to their companies.
At Black Hat 2023, experts presented a lot of interesting research and here are four of the most dangerous and high-profile vulnerabilities identified this year in the field of information security.
1. AI Vulnerabilities
As expected, the AI theme has become one of the dominant themes at Black Hat this year. The founder of the conference, Jeff Moss, opened the event with a keynote address on the risks and opportunities of artificial intelligence.
Special attention of experts was drawn to the problem of security of AI cloud services. For example, Trend Micro presented a report on discovered vulnerabilities in Azure ML, Microsoft's machine learning platform.
According to Trend Micro senior researcher Nitesh Surana, these bugs can lead to a major leak of credentials and API disclosure, which also threatens to leak internal logs of the service.
According to Surana, the problems found in Azure ML indicate potential risks for other MLaaS platforms as well. "The basic issues of security of logging, storage of confidential data, disclosure of sensitive information and possible mechanisms for securing in the system can potentially relate to other MLaaS cloud services," the expert explained.
The vulnerabilities identified by Trend Micro have already been fixed by Microsoft. However, Surana believes that cloud service providers generally lack transparency in cybersecurity issues.
2. Incorrect Azure Active Directory settings
Another hot topic of the conference was vulnerabilities of cloud platforms. A separate report was devoted to a configuration error in Azure Active Directory, which allows attackers to gain unauthorized access to client systems.
This new attack vector was first discovered in March of this year by the research team of the cloud security platform Wiz, which described its findings in detail in a visual report.
Wiz specialists have identified vulnerabilities affecting a number of Microsoft applications, including the content management system Bing.com. According to them, the problem allowed manipulating Bing search results and performing cross-site scripting (XSS) attacks on users of this service.
Microsoft quickly fixed the error in the authorization settings and issued security recommendations for its customers.
3. SAP Software Vulnerabilities
The conference was attended by researchers from Onapsis, a company that specializes in cybersecurity and regulatory compliance. They talked about security issues in the SAP P4/RMI software, which can theoretically be used for remote access in SAP enterprise systems.
According to the speakers, attackers are able to combine seemingly insignificant vulnerabilities to increase the impact of the attack. And this is bearing fruit.
"In most cases, the most likely risk is lateral movement and privilege escalation by attackers who have already gained some access to the target network using SAP P4, since these products are usually not available directly from the Internet," explained Oleg Kolesnikov from Securonix.
"Key attack scenarios in this context may include internal RCE, SQL injection, and password leakage," the researcher added, noting separately that CISOs should definitely take this issue seriously.
4. Downfall Vulnerability
Google senior researcher Daniel Mogimi made a report on the Downfall vulnerability that could affect Intel processors. This error allows accidental data leaks and potentially poses a threat to billions of devices.
Intel has already released a patch, but to solve the problem in the root, you may need to modify the processor architecture in the future.
According to Richard Vibert, co-founder and CEO of Metomic, a DLP solutions company, the Downfall error opens up the possibility for attackers to attack software vulnerabilities on Intel processors using just one instruction.
Experts believe that while Downfall remains in the realm of theoretical threats. Using such CPU-level errors as Downfall, Spectre, and Meltdown in real attacks requires some prior access to the system and a lot of problems. However, from a technical point of view, such attacks are real and extremely dangerous.
How can I reduce my risks?
Summing up, it can be stated that vulnerabilities in information security are a reality that all companies have to reckon with.
Conferences like Black Hat help CISO keep up to date with the latest cyber threats and find effective solutions to reduce risks. However, the ultimate responsibility for protecting corporate data lies with the organizations themselves.
Heads of information security departments should take a comprehensive approach to cybersecurity issues, conduct regular inspections and audits, ensure continuous training of employees, and do not forget to follow the latest industry news.
This is the only way to minimize damage from potential incidents and maintain customer trust.
