Previewing Black Hat Europe 2024 in London: 20 Hot Sessions – Source: www.databreachtoday.com

Black Hat , Events

From Automotive Exploits and Bootloader Bugs to Cybercrime and ‘LLMbotomy’ Trojans Mathew J. Schwartz (euroinfosec) • December 9, 2024    

The long-running Black Hat Europe conference returns to London this week for a packed roster of all things cybersecurity.

See Also: How to Take the Complexity Out of Cybersecurity

The conference at the ExCel conference center in London Docklands features more than 45 keynotes and briefings covering everything from cybercrime, nation-state attacks and regulatory red tape to bootloader bugs, exploitable flaws in vehicles and seemingly more artificial intelligence vulnerabilities than an AI could even hallucinate.

Here are my picks of just some of the hot-looking sessions happening this week:

Day 1: Wednesday, Dec. 11

• Geopolitics of the Datasphere – 9:00 a.m.: Unraveling the intersection of geopolitics and cybersecurity is more important than ever in these turbulent times. Frédérick Douzet serves as professor of geopolitics at the Paris 8 University, directs the French Institute of Geopolitics research team, and serves on a commission President Emmanuel Macron launched in 2021 to combat disinformation and its threat to democracy.
• From Pass-the-Hash to Code Execution on Schneider Electric M340 PLCs – 10:20 a.m.: After reversing the cryptographic protocol used in Schneider Electric industrial control systems architecture, researchers found vulnerabilities that allow hackers to masquerade as an engineering station to a programmable logical controller through which they could remotely execute code, install rootkits and potentially reprogram boot firmware.
• How the Internet Dodged a Bullet: The KeyTrap Denial-of-Service Attacks Against DNSSEC – 10:20 a.m.: The Domain Name System is a critical component of the internet, and the DNSSEC security extension deployed on about one-third of DNS systems is meant to help protect it. In this talk, a team of researchers will detail vulnerabilities they’ve dubbed KeyTrap, which can be exploited to cause a denial of service for “any DNSSEC-validating DNS resolver.” Researchers disclosed the vulnerability to core developers and operators including Google, Cloudflare and Akamai, leading them to close off KeyTrap from exploitation.
• WorstFit: Unveiling Hidden Transformers in Windows ANSI! – 11:20 a.m.: For decades, Windows has used a “best fit” feature to automatically transform unsupported Unicode characters to their closest supported one. What could go wrong? Enter two researchers from Taiwan-based cybersecurity firm Devcore, including vulnerability-hunting legend Orange Tsai, who promised in a post on social platform X: “Let’s see how many calcs we will pop!”
• LLMbotomy: Shutting the Trojan Backdoors – 1:30 p.m.: Topping my shortlist of this year’s best-titled briefings, Tamás Vörös, a senior data scientist at Sophos, promises to detail how large language models can be subverted via “malicious modifications inserted during the training life cycle and triggered by specific inputs to cause harmful behaviors,” as well as mitigations for such Trojan backdoors.
• Operation MIDAS: Tracking Fraudulent Financial Program Organizations – 2:30 p.m.: Researchers will chart their discovery of a fake online brokerage that stole or extorted $6.3 million from victims, and how it worked. The researchers’ work helped law enforcement identify and seize attackers’ infrastructure, including over 20 servers, and identify and arrest 32 suspects tied to the fraud ring.
• The CVSS Deception: How We’ve Been Misled on Vulnerability Severity – 2:30 p.m.: A bevy of personnel from JP Morgan will share their research into how the more than 170,000 common vulnerabilities and exposures, or CVEs, to date have been prioritized via CVSS scoring, and why trade-offs underlying such scores can lead to a “false sense of security.” They’ll also offer guidance on how to combat some of the resulting “operational challenges,” and highlight some as-yet unsolved challenges.
• Vulnerabilities in the eSIM Download Protocol – 2:30 p.m.: As use of the downloadable eSIM in smartphones continues to rise, researchers from Finland’s Aalto University will detail the Remote SIM Provisioning – RSP – protocol that enables consumer to download these SIM profiles to a secure part of their device, as well as “the RSP protocol architecture and the assumptions made in its design,” and why some of those assumptions allow for exploitable vulnerabilities.
• Unmasking State-Sponsored Mobile Surveillance Malware From Russia, China and North Korea – 3:20 p.m.: Researchers from mobile-focused cybersecurity firm Lookout promise a deep dive into the latest “threat actors, tactics and defense strategies” pertaining to nation-states’ advanced persistent threat groups, including adversaries’ cyber espionage penchant for lobbing mobile malware at targets for surveillance purposes.
• The Bugs in Your Bootloaders: Embedded Device Secure Boot Fails and How to Fix Them – 4:20 p.m.: Security engineer Henrik Ferdinand Nölscher promises to demonstrate how a vulnerability in the secure boot chain of the Dell iDRAC9 – used in the PowerEdge family of servers, among other devices – can be compromised via a new vulnerability called “RootBlock,” as part of a wider look at how the complex boot sequences underpinning secure boot implementations can often be broken or subverted via just a single flaw.
• Exposing the Dark Corners of SAP: 4-Years of Threat Intelligence Data Analyzed – 4:20 p.m.: Who’s targeting SAP’s ERP software, and why? Yvan Genuer, a senior security researcher at Onapsis, will share information gleaned from SAP-focused threat intelligence gathered by Flashpoint to pinpoint the most popular zero-days targeted by attackers and the most-discussed flaws discussed on underground cybercrime forums, all in pursuit of helping SAP shops better secure their applications.

Day 2: Thursday, Dec. 12

• Fighting Cybercrime in 2024 – 9:00 a.m.: Brigadier General Eric Freyssinet of the French Gendarmerie Nationale – a branch of the armed forces with law enforcement responsibilities – will recap anti-cybercrime success stories and how greater international cooperation and public/private partnerships have helped, as well as detail ongoing challenges and his proposals for what needs to happen next.
• Mind the Data Gap: Privacy Challenges in Autonomous AI Agents – 10:20 a.m.: Does your organization use tools based on artificial intelligence agents? If so, they must be safeguarded against the many different ways such tools can be subverted, “including adversarial attacks, prompt injections and social engineering risks,” say researchers Narayana Pappu and Rubens Zimbre. They promise to detail not just risks, but how to respond.
• Over the Air: Compromise of Modern Volkswagen Group Vehicles – 10:20 a.m.: “Let us entertain you (while secretly tracking your location and speed and stealing your contacts database)” could well be the subtitle of this talk by a bevy of researchers from pen-testing firm PCAutomotive, given that they discovered a chain of critical vulnerabilities in the “infotainment system” built into millions of Volkswagen Group vehicles, via which hackers could run exploit code and remotely control the units “every time the car starts.”
• Reasonable Regulations Versus Red Tape: How Should Governments Tackle the Cyber Intrusion Market – 11:20 a.m.: Benjamin Walden, head of proliferation policy in the Cyber Policy Department inside the U.K. Foreign, Commonwealth and Development Office, will review the question of “how should governments tackle the cyber intrusion market?”
• The Devil Is in the (Micro-) Architectures: Uncovering New Side-Channel and Bit-Flip Attack Surfaces in DNN Executables – 11:20 a.m.: New technology means fresh attack surfaces. Enter deep neural networks, aka DNN, executables that get generated via deep learning compilers and deployed onto heterogenous systems, ranging from high-end GPUs to lightweight internet of things devices. In this talk, a team of researchers detail “a general DNN architecture stealing framework named DeepCache” that can be used to target these platforms via side-channel and bit-flip attacks, potentially allowing them to crack encrypted data.
• CodeCloak: A DRL-Based Method for Mitigating Code Leakage by LLM Code Assistants – 1:30 p.m.: Researchers will share their efforts to safeguard the use of LLM-based code assistants by developers without their exposing proprietary code. “CodeCloak is a novel deep reinforcement learning agent that manipulates the prompts before sending them to the code assistant service,” designed to still return helpful suggestions to developers while “minimizing code leakage,” they say.
• Infusing AI in Cybersecurity: The Times They Are AI-Changin’ – 1:30 p.m.: A team from the large European bank ING details their efforts to date to apply AI to critical cybersecurity and security operation center domain problems, ranging from vulnerability management and secrets leakage prevention to identity and access management and data leakage prevention. They’re promising to detail key challenges, successful approaches and tangible results from “managing and defending a complex banking infrastructure.”
• Is JavaScript Trustworthy in Cloud Computing? – 2:30 p.m.: Cloud computing environments heavily feature JavaScript applications, which pose a range of security threats, including “lagging version updates” as well as “uniformity in software and configuration profiles” that attackers can exploit to target environments such as Amazon Web Services and Azure, researchers warn. They’re set to detail not only “practical exploitation techniques” using zero-days in cloud environments, but also “a comprehensive series of defensive mechanisms” to mitigate those risks.
• Locknote: Conclusions and Key Takeaways – 4:20 p.m.: This wrap-up will feature takeaways from the conference and how these trends will affect information security as we know it, analyzed by Black Hat Founder Jeff Moss, joined by conference review board members and speakers Stefano Zanero, James Forshaw, Meadow Ellis and Vandana Verma.

That’s my non-exhaustive look at just some of what’s a long list of superb-looking Black Hat Europe 2024 briefings. Hope to see you at this year’s event.