{"id":8433,"date":"2023-08-11T12:00:00","date_gmt":"2023-08-11T09:00:00","guid":{"rendered":"https:\/\/blog.eset.ee\/et\/2023\/08\/11\/black-hat-2023-cyberwar-fire-and-forget-me-not\/"},"modified":"2023-08-11T12:00:00","modified_gmt":"2023-08-11T09:00:00","slug":"black-hat-2023-cyberwar-fire-and-forget-me-not","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2023\/08\/11\/black-hat-2023-cyberwar-fire-and-forget-me-not\/","title":{"rendered":"Black Hat 2023: Cyberwar fire-and-forget-me-not"},"content":{"rendered":"<\/p>\n<p><span lang=\"EN-US\">There are precious few weapons invented that weren\u2019t reused later for the next horrible thing, even if we promise the current one is the \u201cwar to end all wars\u201d. But they never are. With one notable exception \u2013 turning the global troposphere into a nuclear melty firecracker that cooks us all \u2013 there seems to be no end to the lengths to which we humans will go to destroy others, and sometimes ourselves.<\/span><\/p>\n<p><span lang=\"EN-US\">Here at <a href=\"https:\/\/www.blackhat.com\/us-23\/\">Black Hat<\/a>, there is an undercurrent beneath the surface about the dual-purpose weapons being trotted out, being used for both good and evil, depending on perspective. One nation-state\u2019s hero is another\u2019s villain, after-all.<\/span><\/p>\n<p><span lang=\"EN-US\">At ESET, we remain dedicated to protecting technology. More specifically, we believe our job is to protect technology and leave the determination of intent to governments. We\u2019re technologists at heart, and here at Black Hat, there\u2019s a lot of heart.<\/span><\/p>\n<h2><span lang=\"EN-US\">A summer camp for hackers<\/span><\/h2>\n<p><span lang=\"EN-US\">People call Black Hat as the \u201cSummer Camp for hackers\u201d, and between <a href=\"https:\/\/www.blackhat.com\/us-23\/\">Black Hat<\/a>, <a href=\"https:\/\/defcon.org\/\">DEF CON<\/a> (and <a href=\"https:\/\/bsideslv.org\/about\">BSides<\/a> for those in the know), there is a maelstrom of doodads, widgets, and no small haul of code to tie them all together for both attackers <strong><em>and<\/em><\/strong> defenders. Part of the logic is that by understanding how a thing is built you can better understand how to defend it.<\/span><\/p>\n<p><span lang=\"EN-US\">There are a lot of techniques floating around Black Hat that seek to do as much physical and structural damage to an enemy as possible. But do they make us all less safe? Hopefully, they make us more aware \u2013 and that can make us safer.<\/span><\/p>\n<p><span lang=\"EN-US\">We welcome some sophistication in the systems used to keep folks safe, often through sharing, trust groups, and red\/blue teaming to \u201csharpen the sword.\u201d We hope this results in a safer future world for everyone, the kind of world we want to live in.<\/span><\/p>\n<h2>A digital arsenal means unlimited ammo<\/h2>\n<p><span lang=\"EN-US\">When we talk about these cyberweapons, what we are talking about is malicious software (malware), which is conceptually (philosophically?) not very different from the first computer viruses \u2013 it\u2019s just orders of magnitude more complex. And malware is something that ESET, and companies like us, have been protecting computers against for years.<\/span><\/p>\n<p><span lang=\"EN-US\">What is novel about the use of malware in war is the ease with which it can be studied, copied, and turned around quickly to be used in attacks by, well, anyone. An example of this is the Stuxnet worm from 2010: When found, the worm made use of multiple zero-day vulnerabilities, including the ability to automatically run from removable media such as <a href=\"https:\/\/krebsonsecurity.com\/2010\/07\/experts-warn-of-new-windows-shortcut-flaw\/\">USB flash drives<\/a>, usually via specially crafted Microsoft shortcut (LNK) files. Within a matter of weeks, what was initially thought of as a sophisticated and expensive-to-develop attack was being used by bottom-tier script kiddies to attack their schools\u2019 networks. And this was over a decade ago, long before most nation-states were actively looking for malicious code to re-weaponize for use against their adversaries. Today, it is likely such reverse engineering and repurposing would only take nation-state adversaries a number of hours to a handful of days at most.<\/span><\/p>\n<blockquote>\n<p><span lang=\"EN-US\">Related: <a href=\"https:\/\/www.welivesecurity.com\/2017\/06\/16\/seven-years-stuxnet-industrial-systems-security-spotlight\/\">Seven years after Stuxnet: Industrial systems security once again in the spotlight<\/a><\/span><\/p>\n<\/blockquote>\n<p><span lang=\"EN-US\">This does not include accidental (or otherwise) spillover, either, which <a href=\"https:\/\/www.welivesecurity.com\/2017\/06\/27\/new-ransomware-attack-hits-ukraine\/\">happened in 2017<\/a>, when the NotPetya ransomware, spread through a backdoor in Ukrainian tax preparation software, quickly made its way around the globe through businesses whose Ukrainian branches used the software.<\/span><\/p>\n<p><span lang=\"EN-US\">What does this all mean?<span><br \/>\n<\/span>Largely that the use of malware in the cyber domain is a double-edged sword, and one that can come back to attack the attacker very quickly. If an attacker did decide to use malware as a cyberweapon, it seems likely they would first close off their own country\u2019s internet. Such a sudden action could serve as a sign of an imminent \u201cfirst strike,\u201d or at least an attempted one.<\/span><\/p>\n<p><span lang=\"EN-US\">Surmising intent has always been tough, it\u2019s why wars often get started, but by being aware of the latest cyber developments and research that an actor could have at their disposal, the defense gets that much easier.<\/span><\/p>\n<blockquote>\n<p><span lang=\"EN-US\">Before you go: <a href=\"https:\/\/www.welivesecurity.com\/2009\/07\/10\/cyber-war-or-cyber-hype\/\">Cyber war or Cyber hype?<\/a><\/span><\/p>\n<\/blockquote>\n<p class=\"wls-source\"><a href=\"https:\/\/www.welivesecurity.com\/en\/critical-infrastructure\/black-hat-2023-cyberwar-fire-and-forget-me-not\/\" rel=\"nofollow noopener\" target=\"_blank\">Read the full analysis on WeLiveSecurity \u2192<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What happens to cyberweapons after a cyberwar?<\/p>\n","protected":false},"author":5,"featured_media":8434,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2880],"tags":[],"class_list":["post-8433","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-digital-security"],"acf":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/8433","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=8433"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/8433\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/8434"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=8433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=8433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=8433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}