Black Hat Recap: 3 Facts That Will Change How You Think About Cybersecurity

Reporting back from the premier cybersecurity conference

Last month, professionals from a range of industries flocked to Las Vegas for Black Hat USA 2022, the industry’s largest cybersecurity conference to learn about the latest cyber threats, emerging technologies, and how to secure their environments.

The two-day hybrid conference featured briefings on emerging threats, demos of new security technology, and networking opportunities to connect with expert security practitioners and cutting-edge solution providers, both in-person and virtually. While Black Hat celebrated its 25th year, we kicked off our new working relationship with parent company ZeroFox and brought an IDX presence to the ZeroFox booth.

“Everyone should go to at least one Black Hat,” says Jorge Zelaya, CISO at IDX. He believes the experience makes people more aware of the threats that face themselves and their businesses. In this post, we aim to recreate that eye-opening experience by sharing three remarkable facts that popped up throughout the conference. As you read on, consider the implications of each for yourself, your organization, employees, and customers.

Fact #1: Security is moving beyond the perimeter

We used to think of organizational security as a castle. Fortify the castle and you protect the organization inside. But in the era of remote work, dispersed workforces, and BYODevice, a different model is needed.

Part of this equation is managing your company’s security to protect your employee’s private information and adding measures to ensure their information does not end up on the dark web. One way to do so is adding a Zero Trust model. Zero Trust makes no assumptions of authorization and operates under the logic of “never trust, always verify”. All users must be continuously authenticated before being granted access.

This topic came up frequently in conversations at the ZeroFox booth. Organizations are looking for solutions to address threats outside their perimeter. As the only unified platform for external cybersecurity, ZeroFox is able to expose and disrupt cyber threats across the web

Fact #2: Cheap electronics are a backdoor for hackers

Saving a few bucks on an off-brand wifi router or smart home device might seem like a good deal — but they’re a rapidly growing cybersecurity threat. When you’re shopping for a deal on electronics your biggest concern is likely the quality of the hardware — but don’t forget about the software. Off brand smart electronics often don’t have the ongoing tech support resources needed to keep up with security updates and malware protection. This creates vulnerable cracks in your network that hackers can infiltrate to steal your identity or personal information.

You might be thinking, “Sure, but what are the odds a hacker will find my device?” Well that’s where it gets extra creepy — there are search engines where hackers can find out not only who has a certain vulnerable device, but whether it’s responding to internet pings.

“Password protecting that device will just give your credentials to the hacker,” says Zelaya.

Once they're in your home system they can hack into your email, your computer files, or anything connected to your network. Worst of all, they don’t necessarily need advanced hacking skills. There are actually step-by-step tutorials available for many devices.

Fact #3: A shocking amount of sensitive information is available on the Dark Web

Private information is plentiful — and cheap — on the Dark Web. A single Social Security number costs around a dollar on the Dark Web. A credit card number with CVV is about $10. And a full profile of personal identifiable information (PII), called a “fullz” by hackers runs just $30-40. Source

Credentials are a hot seller too. Most people have around 100 password-protected online accounts, and that’s a lot of vulnerabilities to manage. “Someone might have your Netflix — is that the same password as your bank account?” says Zelaya.

A recent Verizon Data Breach Investigations Report showed over 80% of hacking-related breaches leveraged either stolen or weak passwords! That’s an overwhelming statistic to swallow, especially considering the solution is quite simple. Tools like IDX’s Password Manager make it easy to create and manage strong passwords.

On top of private or sensitive information, plenty more personal information is readily available on social media and surface web sites like Ancestry.com or PeopleFinder.com. It doesn’t take a hacker to figure out your maiden name, high school mascot, hometown, or answers to other common “security questions”.

Privacy, Proactive Protection, and the Future of Cybersecurity

Black Hat is known for their security briefings, which sound the alarm on the latest emerging or growing cybersecurity threats. We hope this post has done the same. But awareness is only half the battle. Knowing how to take action to protect yourself or your organization is vital.

As the cybersecurity landscape evolves, we continue to see an increasing importance on personal privacy to protect not only the individual, but the organizations they interact with.