4 Top Takeaways from Black Hat 2023
Whether you came to fill up a suitcase full of vendor swag, meet your service providers in person, or learn about new technologies to fuel your priorities, there was something for everyone at Black Hat this year. Our team was busy on the floor helping attendees check their darknet exposure and digging into the nitty gritty of Cybercrime Analytics. But we also had some time to attend sessions and talk industry with colleagues and friends – and here’s what we’re taking away from one of cybersecurity’s best events.
Evolving alongside AI is the next big challenge for SecOps
We’d be remiss if we didn’t acknowledge the elephant on the show floor, which was highlighted Wednesday in Maria Markstedter’s keynote, Guardians of the AI Era: Navigating the Cybersecurity Landscape of Tomorrow. AI is here to stay, and with it comes a slew of new cybersecurity challenges. At the core of it all is a sharp double-edged sword: AI as a tool for both advancing the effectiveness of our existing security products and the root of more sophisticated threats. Everyone is keeping a strong pulse on both.
Session hijacking steps into the limelight
If you’re like us, you think – passwordless. Cool. We’ll use it since it’s more secure than passwords…but it’s not a silver bullet. Criminals are watching adoption of passkeys too – and instead of going for account credentials, they’re going after recovery methods. But even more scary is that they’re working around passkeys entirely with stolen cookies, perpetrating session hijacking.
Fortunately, we talked to SecOps attendees who are already thinking about it. We’re quickly seeing session cookies become one of the most prized forms of stolen data. In fact, we recaptured 1.87 billion malware cookie records from the darknet last year. That’s billion with a capital B. This is still a pretty fluid space and both criminals and defenders are working hard to operationalize stolen session information.
Cookies are most commonly stolen using infostealer malware. A valid, non-expired cookie allows a cybercriminal to become a legitimate user’s clone and bypass authentication. It basically allows them to take over a session where a user was already logged in. It behooves all of us to take this emerging threat seriously.
Automation is now table stakes
There are several things at play here – SOC teams are looking to scale their efforts to achieve better security outcomes and they’re looking for operational efficiencies to counteract an ongoing skills gap and they’re looking for ways to do more with less as businesses keep resources tight due to macroeconomic factors. It’s a lot, and that’s why there’s general agreement that automation is at least one answer to these problems.
For too long, threat intel providers have offered data as an end-all, be-all, but it requires hefty analyst intervention to make it actionable. Basically, this approach has meant more hands-on homework than actionable workflows and tangible outcomes. Instead of being handed more problems to look into and address, automation is the key that unlocks SOC teams’ ability to keep up with – and close the doors on – attackers.
At SpyCloud, that’s the thinking behind Cybercrime Analytics. We take raw exposure data from the criminal underground, correlate it to various identities, and make it actionable via automated remediation – with integrations into existing workflows within your SIEM or SOAR. Goodbye data overload, hello actionable protection.
It’s time to ditch traditional threat intel
We feel so strongly about this last point that SpyCloud’s James Shank gave a whole speaking session on it! In case you didn’t catch his hot takes live, here’s a quick recap.
As we touched on above, the threat intel industry has historically had a problem with delivering value; I should know, I’ve spent some time in it. The gap between threat intel and operational impact is just too wide. It’s useful for context, but less so for taking actual defensive action. And today’s threats move too quickly for IOCs – which reflect past knowledge – to keep up.
That’s why cybercrime is increasing. What really matters for the future of threat intelligence, and what impacts security posture most, is aligning security responses to cut off the things that actually fuel cybercrime. Next-gen response means defending with the same information that threat actors are going to use to exploit your systems. That’s acting on known points of compromise – everything from breach assets to malware logs – before they can be used by cybercriminals.
Wrapping it up
In case you missed us at our booth (not sure how, since we were rocking light-up sneakers), you can still use our online tool to check your exposure or reach out today to see how Cybercrime Analytics helps you act quickly on threats to your users and your business.
And see you next year at Black Hat!