New Report Examines Top Threats Discussed at Black Hat USA
Supply chain security and vulnerabilities in enterprise software were among the threats most dicussed at this year's show, survey data reveals.
Cyberattackers never took much of a break during COVID-19 lockdowns while the rest of the world was preoccupied. They kept pressing enterprise resources with new zero-day attacks, new ransomware methods, and new ways of probing the weaknesses of enterprise systems.
These threats were among many discussed at this year's Black Hat USA, according to a recently released Dark Reading Tech Insight.
The SolarWinds breach set the tone for industry conversation about enterprise threats throughout 2021 and surfaced new questions on third-party relationships and supply chain security, one of the prevailing themes of this year's show.
Another threat highlighted was the PrintNightmare vulnerability, a critical remote code execution flaw in Windows Print Spooler with huge enterprise risk implications. Discovered by three researchers from Sangfor Technologies in China and explored in depth at Black Hat, PrintNightmare makes privilege escalation trivial for attackers on just about any system running Windows Print Spooler.
Active Directory threats were also in the spotlight. According to security practitioners at Mandiant Consulting who presented at Black Hat Asia earlier this spring, some 90% of attacks their team investigates involve Active Directory in some form. Attackers could utilize it for the initial attack vector, to escalate privileges, to sneakily distribute malware to other systems, or all of the above.
Read more about top enterprise threats in this new report.
Read more about:
Black Hat NewsAbout the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024