The New Frontiers of Cyber-Warfare: Insights From Black Hat 2024

While Black Hat USA had many sessions focused on addressing persistent software and system vulnerabilities, larger, more looming threats dominated discussions among panelists and speakers.

Jeff Moss, founder of Black Hat, emphasized these concerns during his opening remarks at a keynote panel on democracy and electoral security. He highlighted the rapid acceleration of geopolitical tensions, starting with a question about the state of Israel’s information security industry as the country remains embroiled in an ongoing military conflict that could escalate further.

Moss urged the audience to recognize that mass military mobilizations of countries with deep tech investment introduce new challenges for organizations worldwide that depend on products from vendors in these countries. He cited an example where a Russian cybersecurity company had relied on a Ukrainian dev team before Russia's invasion in 2022, only to be forced to assemble a new team once the employees were deployed. Moss explained the difficulties created by an increasingly polarized security landscape, stating, “In this environment, pretty soon, there will be no unconflicted parties.”

Presumably, these concerns about politically influenced vendors stem from both major tech companies’ responses to Russia's military invasion of Ukraine and the continued presence of Russian threat actors in the security and tech industries. Microsoft, for example, quickly cut off sales channels in Russia after the country’s 2022 invasion and suspended access to its cloud services earlier this year.

Related:Master AI Cybersecurity: Protect and Enhance Your Network

Corporate sanctions against nations are just one aspect of the broader issue. Moss also spoke about a new kind of trade war, where nation-states are pushing back against big tech companies and their political and economic agendas – along with the agendas of countries where these companies are based. Moss noted that countries are now using digital protectionist policies to wage what he called "a new way to escalate." He cited India's 2020 ban on TikTok, which resulted in China’s ByteDance reportedly facing up to $6 billion in losses.

Moss also discussed the phenomenon of “app diplomacy,” where governments dictate to big tech companies like Apple and Google which apps are permitted in their markets. He mentioned the practice of “tech sorting,” where countries try to maintain strict control over foreign tech through redirection, throttling, or direct censorship. For example, earlier this month, YouTube speeds in Russia dropped by as much as 70%.

Related:Data Privacy Quick Reference Guide

According to American-funded media outlets like Radio Free Europe, Russia has an active campaign to push citizens away from YouTube toward domestic alternatives like VK Video and RuTube by throttling YouTube’s performance. A Reuters report from July 25 confirmed this, citing a senior Russian lawmaker who said that Russia planned to throttle YouTube in protest of Google’s censorship. The following day, Reuters reported a conflicting account from another (or possibly the same?) senior Russian lawmaker, attributing the outages to Google’s outdated equipment and its censorship campaign against individual Russian YouTube accounts – likely reflecting Russia’s official stance.

On the domestic front, many of the conference’s presentations and discussions focused on how the U.S. government is updating and monitoring its cybersecurity strategies to safeguard against these evolving global threats.

Domestic Defense: AI in the Spotlight at DARPA

Dr. Kathleen Fisher, director of DARPA’s Information Innovation Office, spoke at Black Hat USA’s AI Summit and later discussed the evolving nature of cyber threats with the Dark Reading news desk. She emphasized the increasing use of "implants," not for espionage but to disrupt civilian and military operations. Fisher pointed to the Colonial Pipeline incident in 2021 as a prime example of attacks on critical infrastructure in the "kinetic space," underscoring the real-world consequences of cyber vulnerabilities.

Related:Why Prompt Injection Is a Threat to Large Language Models

Fisher also highlighted the huge potential of using AI to identify and patch vulnerabilities automatically with minimal human intervention. This potential was reflected in DARPA's AI Cyber Challenge, held at the concurrent DEF CON, which awarded multiple $2 million prizes to teams that could meet the defense agency’s baseline standard for autonomous vulnerability identification and patching.

While Fisher and many other presenters expressed enthusiasm over AI, some attendees were more skeptical.

AI Skepticism

In a closing panel discussion hosted by Black Hat 2024's Review Board members, Nathan Hamiel, senior director of research at Kudelsky Security, said, “We’re taking things that were previously done in a more deterministic fashion and making them more probabilistic.” He noted that “people want to deploy AI in everything without realizing that some of these use cases have a low tolerance for failures.”

Other panelists at the wrap-up discussion, including Window Snyder, founder and CEO of Thistle Technologies, echoed this sentiment. Snyder brought up numerous security red flags surrounding AI agents in personal computing, such as Microsoft Copilot. She also expressed concerns about allowing AI to manage systems and access control on the infrastructure side. "We’ve decided to … traverse all these security boundaries and undermine all this security resilience work that we’ve built … for the questionable benefit of letting the AI make decisions about applying rules or analyzing configurations,” Snyder said. “I do find this to be very concerning.”

The Growing Accessibility of Weaponry for Cyberwarfare and Espionage

Shifting from concerns over AI to the emerging weapons of cyber espionage and warfare, Moss, moderating Black Hat’s wrap-up discussion, brought up the growing threat of hardware attacks. He asked Jos Wetzels, partner at Midnight Blue, to discuss the increasing accessibility of electromagnetic (EM) and laser weapons.

Wetzels confirmed that both laser injection and EM measurements are becoming more affordable. "Previously, you had to spend tens of thousands of dollars or even more to build up a hardware lab capable of doing these kinds of attacks, which kind of limited the attacker space to either nation-state adversaries or very advanced labs,” he said. “These days, these kind of attacks have become accessible to basically a student’s budget.”

Wetzels also noted that radio frequency (RF) network attacks are now easily executed, and the introduction of software-defined radio a few decades ago has only simplified the process. “You don’t even really need deep RF knowledge anymore to carry out these kinds of attacks,” he said.