CyberWeek in Las Vegas Highlights: What You Need to Know

Last week, the Vegas strip played host to 3 of the most influential cybersecurity events in the industry - BSidesLV, Black Hat USA and DEF CON.

The trio are collectively referred to as “Hacker Summer Camp,” and brought together policymakers, experts, executives, hackers, and enthusiasts from all over the world to discuss issues related to online security, labor shortages in the cybersecurity industry, and the new dangers facing the private and public sectors that have sprung up in 2022.

For those who are not familiar to the annual events, they are as follows:

• Black Hat USA 2022: The famed Black Hat cybersecurity event featured keynote speakers Christopher Krebs, the first director of the Cybersecurity and Infrastructure Security Agency (CISA). Krebs firing before the end of the Trump administration was controversial, as he had disputed the former President’s claims of election fraud and had additionally gone as far as to proclaim, “the 2020 election the most secure in history.” Also speaking at the event was investigative journal Kim Zetter. She delivered a keynote on how things have changed since Stuxnet malware was discovered in 2010. Stuxnet malware is famous for being deployed by the US in what is widely accepted to be the first instance of cyberwarfare in global history – the American attack that caused physical damage to Iranian nuclear centrifuge systems. The event also featured new products, services, and techniques, that are sure to become a staple of this ever-changing industry.
• DEF CON 2022: One of the major highlights of DEF CON 2022 saw security researcher Patrick Wardle reveal a flaw in Zoom’s installer for macOS could allow hackers to gain administrative access to the operating system, as well as system files and sensitive user docs. Wardle discovered that Zoom’s macOS installer has an auto-update feature that runs in the background with elevated privileges, allowing hackers to run any program through the update function, gaining those privileges. The flaw was later fixed by Zoom via an update released over the weekend.
• BSidesLV: BSides Las Vegas is hosted by a non-profit organization that operates within the Information Security industry and provides an annual, two-day conference for security professionals as well as those interested in entering the field.

Other highlights from the trio of events featured cybersecurity researcher Lennert Wouters revealing that it’s possible to hack into Starlink terminals using a $25 device. Wouters took the stage at Black Hat on Thursday and showcased how he was able to hack StarLink’s user terminals using a homemade circuit board, or “modchip.”

Some news was made just before DEF CON, as CISA Director Jen Easterly told reporters that although she is concerned about threats to the upcoming US midterms elections, including possible Russian interference operations similar to those seen in 2016, she is far more concerned regarding disinformation, misinformation and potential threats to election officials. She stated that CISA would continue using its Rumor Control website, which allows the agency to counter false election narratives. “I need to make sure that my resources and my focus are where we can make the most difference at the end of the day,” Easterly said.

The Biden administration does not expect the struggling Ukraine to stand much of a chance against Russian cyberattacks, according to National Cyber Director Chris Inglis. At DEF CON on Friday he stated, “We didn’t give enough credit to the Ukrainians for being able to defend cyberspace.” Inglis continued, “I and a whole bunch of others would have said…that the Ukrainians would have a really tough time defending themselves in cyberspace against the Russians because the Russians have lots of capabilities.”

But perhaps the biggest splash of all was made by Victor Zhora, one of the Ukraine’s leading cybersecurity officials, who made an unannounced visit to Black Hat. Zhora spoke to the event regarding the state of cyberwarfare in the country’s ongoing conflict with Russia. Zhora, who serves as deputy chairman of Ukraine’s State Service of Special Communications and Information Protection, revealed that cyber incidents in the country have tripled since the Russian invasion in February, adding that Ukraine had suffered more than 1,600 “major” cyber incidents so far this year, including the discovery of the Industroyer2 malware. Industroyer2 Malware is capable of manipulating the equipment used by electrical utilities to control the flow of power.

The biggest crisis in 2022 regarding cybersecurity is the pronounced shortage of capable professionals globally. Events like the ones that comprise “Hacker Summer Camp” provide an important spotlight on an industry looking to seriously expand in employees. That expansion can mean the difference between relative calm or an explosion in new cyber-attacks.