Supply chain security and vulnerabilities in enterprise software were among the threats most dicussed at this year's show, survey data reveals.
Cyberattackers never took much of a break during COVID-19 lockdowns while the rest of the world was preoccupied. They kept pressing enterprise resources with new zero-day attacks, new ransomware methods, and new ways of probing the weaknesses of enterprise systems.
These threats were among many discussed at this year's Black Hat USA, according to a recently released Dark Reading Tech Insight.
The SolarWinds breach set the tone for industry conversation about enterprise threats throughout 2021 and surfaced new questions on third-party relationships and supply chain security, one of the prevailing themes of this year's show.
Another threat highlighted was the PrintNightmare vulnerability, a critical remote code execution flaw in Windows Print Spooler with huge enterprise risk implications. Discovered by three researchers from Sangfor Technologies in China and explored in depth at Black Hat, PrintNightmare makes privilege escalation trivial for attackers on just about any system running Windows Print Spooler.
Active Directory threats were also in the spotlight. According to security practitioners at Mandiant Consulting who presented at Black Hat Asia earlier this spring, some 90% of attacks their team investigates involve Active Directory in some form. Attackers could utilize it for the initial attack vector, to escalate privileges, to sneakily distribute malware to other systems, or all of the above.
Read more about top enterprise threats in this new report.
Read more about:
Black Hat NewsAbout the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024