September 10, 2024
FTI Cybersecurity’s U.S. Incident Response Team attended Black Hat USA 2024, a technical cybersecurity conference bringing together global industry professionals. The FTI Cybersecurity team participated in trainings, discussed key cybersecurity trends, and exchanged ideas with cybersecurity experts from around the world. Explore the team’s key takeaways regarding cybersecurity trends emerging from Black Hat!
Security Risks of Artificial Intelligence Tools
Several talks at Black Hat focused on the cybersecurity risks of artificial intelligence (AI) tools. These discussions highlighted the critical need for robust security measures in AI systems, especially as they become increasingly integrated into business operations. Presentations underscored the importance of implementing protections, such as proper permission settings, data classification, and continuous monitoring, to mitigate risks associated with these tools. Failure to implement proper controls for AI tools could result in oversharing and inadequate permissions, insider and external threat actor risks, privacy concerns, and misconfiguration risks.
Election Security Concerns
The global cybersecurity industry has been placing a growing importance on election security, and this was reflected in several discussions at Black Hat. Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), delivered a keynote that emphasized the resilience of the U.S. election infrastructure. She noted that, despite attempts by hostile states to interfere with U.S. elections—primarily through disinformation—the integrity of the electoral system has been significantly bolstered since interference during the 2016 U.S. presidential election. The decentralized nature of U.S. elections, with different cities, counties, and states administering the process, adds to this resilience because there is not a single point of failure. Easterly also highlighted the proactive steps taken to ensure that local election officials are well-prepared for potential disruptions on election day.
A panel featuring leaders from global cybersecurity agencies also tackled election security. The consensus was that, while direct attacks on election infrastructure are unlikely to alter results due to robust safeguards, the more significant threat comes from efforts to undermine public confidence in the electoral process through misinformation. The panelists stressed the importance of combating these narratives to maintain trust in democratic systems.
VPN Exploitation
The FTI Cybersecurity team also attended a discussion surrounding exploiting virtual private networks (VPN). This session focused on identifying and understanding methods threat actors can use to leverage VPN functions to gather additional footholds into an environment. Many of the engagements FTI Cybersecurity supports involve VPN compromise, either via user credentials or a vulnerability. If threat actors access the management console of an organization’s VPN, they can:
- Abuse remote authentication servers by intercepting credentials using the VPN’s own packet capture functionality.
- Register a rogue authentication server and leverage a vulnerability in the means by which local users are authenticated to capture credentials.
- Export configuration files of a compromised VPN, which can contain local user passwords, SSH keys, certificates, and credentials of third-party service accounts.
- Leverage server functionality which stores “encrypted” passwords in cleartext in its configuration file.
Challenges Surrounding Secure Shell Security
Secure Shell (SSH) is a network protocol that securely sends commands on unsecured networks using encryption and authentication, but researchers HD Moore and Rob King unveiled significant vulnerabilities in SSH implementations across various devices and software, including more than 50,000 unauthenticated shells and misconfigurations. Their presentation at Black Hat, “Secure Shells in Shambles,” highlighted both recent developments in SSH security and persistent challenges, introducing the SSHamble open-source tool for testing SSH implementations. This research underscores the critical need for ongoing vigilance and improved security practices in SSH deployments, despite its widespread use and crucial role in remote administration.
The insightful sessions at Black Hat USA 2024 highlighted the most pressing issues within the cybersecurity space today. Though AI tools, nation-state threat actors targeting elections, and VPN and SSH vulnerabilities pose risks to organizations and individuals, heightened awareness of these threats will help drive efforts to combat them and develop mitigation strategies.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates or its other professionals. FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.
FTI Consulting is an independent global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes: financial, legal, operational, political and regulatory, reputational and transactional. FTI Consulting professionals, located in all major business centers throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges and opportunities. ©2024 FTI Consulting, Inc.
All rights reserved. fticonsulting.com