{"id":17089,"date":"2020-07-24T12:17:08","date_gmt":"2020-07-24T16:17:08","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/black-hat-2020-preview\/17089\/"},"modified":"2020-07-29T18:00:42","modified_gmt":"2020-07-29T14:00:42","slug":"black-hat-2020-preview","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/black-hat-2020-preview\/17089\/","title":{"rendered":"Virtual Preview: Black Hat 2020"},"content":{"rendered":"<p>Let\u2019s be honest: No one, and I mean no one, could have predicted 2020\u2019s particular challenges. If you know anyone who says they knew it would all go down like this, please send them my way \u2014 I have a special present for them.<\/p>\n<p>The vast majority of the population has had to make major changes to the way they live and work. Few were at all prepared for so many people to be working from home, needing to wear masks outside of the home, and lots more. With that said, one group seems almost immune to the pandemic and the changes surrounding it: cybercriminals.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Cybercrims always follow the users. Users switched to remote work, so cybercrims switched to attacking their remote work.<br>During the <a href=\"https:\/\/twitter.com\/hashtag\/coronavirus?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#coronavirus<\/a> times we see bruteforce attacks against RDP<br>have rocketed across almost the entire planet.<br>Details \u21d2 <a href=\"https:\/\/t.co\/Fj0LtQ5UhO\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Fj0LtQ5UhO<\/a> <a href=\"https:\/\/t.co\/IppsWAe9tT\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/IppsWAe9tT<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/1255473308847558658?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 29, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Crooks saw the pandemic as an opportunity not only to survive but to thrive. In April, <a href=\"https:\/\/securelist.com\/it-threat-evolution-q1-2020-statistics\/96959\/\" target=\"_blank\" rel=\"noopener\">we saw a spike<\/a> in criminal activity that dropped off a bit in May only to return to April levels in June and July. To find out why that happened, we asked Eugene Kaspersky during a recent briefing with media. \u201cCybercriminals work from home \u2014 until they get caught and go to jail,\u201d he summarized.<\/p>\n<p>The panel Kaspersky was on was dedicated to the upcoming Black Hat conference (August 1\u20136) and also included Costin Raiu and Kurt Baumgartner of the company\u2019s Global Research and Analysis Team (GReAT). Like our Security Analyst Summit, the annual hacker summer camp became a virtual event.<\/p>\n<h2>Most anticipated talks of Black Hat 2020<\/h2>\n<p>Virtual or not, we still expect Black Hat to be one of the biggest cybersecurity events of this year, and so we asked Raiu and Baumgartner about the <a href=\"https:\/\/www.blackhat.com\/us-20\/?_mc=sem_bhus_x_3pvr_le_tsnr_x_goog_brandgen_2020&amp;gclid=Cj0KCQjw6uT4BRD5ARIsADwJQ18qnuhzemT4c8GXkbJR29MaRgvWa2SmzmxaEYHK-pfLwYRo4TLa5NIaAhZvEALw_wcB\" target=\"_blank\" rel=\"noopener nofollow\">Black Hat<\/a> presentations they are most looking forward to this year. Here are some of the presentations they listed:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.blackhat.com\/us-20\/briefings\/schedule\/#reversing-the-root-identifying-the-exploited-vulnerability-in-0-days-used-in-the-wild-20308\" target=\"_blank\" rel=\"noopener nofollow\">Reversing the Root: Identifying the Exploited Vulnerability in 0-days Used In-The-Wild<\/a> \u2014 Maddie Stone<\/li>\n<li><a href=\"https:\/\/www.blackhat.com\/us-20\/briefings\/schedule\/index.html#iot-skimmer-energy-market-manipulation-through-high-wattage-iot-botnets-20280\" target=\"_blank\" rel=\"noopener nofollow\">IoT Skimmer: Energy Market Manipulation through High-Wattage IoT Botnets<\/a> \u2014 Tohid Shekari &amp; Raheem Beyah<\/li>\n<li><a href=\"https:\/\/www.blackhat.com\/us-20\/briefings\/schedule\/#spectra-breaking-separation-between-wireless-chips-20005\" target=\"_blank\" rel=\"noopener nofollow\">Spectra: Breaking Separation Between Wireless Chips<\/a> \u2014 Jiska Classen &amp; Francesco Gringoli<\/li>\n<li><a href=\"https:\/\/www.blackhat.com\/us-20\/briefings\/schedule\/#fastcash-and-injx_pure-how-threat-actors-use-public-standards-for-financial-fraud-19371\" target=\"_blank\" rel=\"noopener nofollow\">FASTCash and INJX_Pure: How Threat Actors Use Public Standards for Financial Fraud<\/a> \u2014 Kevin Perlow<\/li>\n<li><a href=\"https:\/\/www.blackhat.com\/us-20\/briefings\/schedule\/#operation-chimera---apt-operation-targets-semiconductor-vendors-20699\" target=\"_blank\" rel=\"noopener nofollow\">Operation Chimera \u2013 APT Operation Targets Semiconductor Vendors<\/a> \u2014 Chung-Kuan Chen, Inndy Lin &amp; Shang-De Jiang<\/li>\n<\/ul>\n<h2>Bonus track: Most interesting APTs of 2020 so far<\/h2>\n<p>During the panel, we also asked our collective group what their \u201cfavorite\u201d cyberespionage campaign was during the last year.<\/p>\n<p>For Raiu, it was Wellmess, a group his team at Kaspersky has been observing for 1.5 years and that was mentioned in the recent <a href=\"https:\/\/zoom.us\/webinar\/register\/1315942903439\/WN_31aVVq-lSheiKPc5pDr7Ag\" target=\"_blank\" rel=\"noopener nofollow\">GReAT Ideas session<\/a>. He also added that hacker-for-hire operations are an interesting area to monitor as the cost barrier for entry continues to drop, ranging from $500 to $500,000.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">As of July 6, CISA had no actor attributed to WellMess. July 6. Remember that. In 11 days, they were able to go from not knowing, to publicly backing direct attribution to an APT actor who hasn't been seen in over a year? <a href=\"https:\/\/t.co\/h6udgjAPk8\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/h6udgjAPk8<\/a><\/p>\n<p>\u2014 Brian Bartholomew (@Mao_Ware) <a href=\"https:\/\/twitter.com\/Mao_Ware\/status\/1284137701688647681?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 17, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>For Baumgartner, the focus shifted to the East, \u201cwhen I look back at this year, one of the campaigns that stick out for me, that we don\u2019t always report on, has to do with a group that we call Two Sail Junk and their LightRiver malware implants, in part because it was so relevant. In January we saw some forums being used as watering holes, and these forums are being visited by Hong Kong activists \u2014 maybe some other people, but definitely activists are using these sites, and we saw a full chain; we were able to collect a full chain iOS or iPhone exploit and malware implant set that were targeting these activists (in all likelihood). We pulled it apart, and it was under development. You could tell that there were mods and changes made to this implant over time, over the next couple of months, and of course it turned out that Hong Kong is a very hot spot, especially for these activists. But the tech piece was very interesting because you don\u2019t always see iPhones being targeted in this manner and being used actively.\u201d<\/p>\n<p>Eugene Kaspersky added that his \u201cmost interesting\u201d were the ones that we do not know about or the ones that are still ongoing and have not yet been exposed. Perhaps, new information about them is also something we can look forward to at Black Hat 2020.<\/p>\n<p>For those virtually attending Black Hat, be sure to visit our booth. To get there, visit the exhibition center tab on the app and then search for Kaspersky. Our team will be on hand to discuss how your organization can leverage threat intelligence to increase your internal efficiency in <a href=\"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/threat-intelligence-socs\/21835\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=gl_Espo_je0066&amp;utm_content=link&amp;utm_term=gl_kdaily_organic_6oxzqd66khsj8mu\" target=\"_blank\" rel=\"noopener noreferrer\">fighting advanced threats<\/a>.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"earth-2050\">\n","protected":false},"excerpt":{"rendered":"<p>A preview of Black Hat 2020 with Eugene Kaspersky, Kurt Baumgartner, and Costin Raiu.<\/p>\n","protected":false},"author":636,"featured_media":17090,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[740,72,1925,575],"class_list":{"0":"post-17089","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-black-hat","9":"tag-eugene-kaspersky","10":"tag-events","11":"tag-great"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/black-hat-2020-preview\/17089\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/black-hat-2020-preview\/21625\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/black-hat-2020-preview\/22897\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/black-hat-2020-preview\/21084\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/black-hat-2020-preview\/8640\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/black-hat-2020-preview\/36492\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/black-hat-2020-preview\/13732\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/black-hat-2020-preview\/27915\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/black-hat-2020-preview\/27746\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/black-hat\/","name":"black hat"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/17089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/636"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=17089"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/17089\/revisions"}],"predecessor-version":[{"id":17100,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/17089\/revisions\/17100"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/17090"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=17089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=17089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=17089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}