Cybersecurity Conference Stresses Cloud Storage Service Vulnerabilities

Senior writer John Leyden, from the CSO website, highlights key takeaways from the annual Black Hat conference in Las Vegas earlier this month. The primary concern is cloud storage service vulnerabilities.

These cloud storage service vulnerabilities include Amazon Web Services, which was covered in a presentation by researchers from Aqua Security. (The problems “were responsibly disclosed to Amazon Web Services before Aqua Security’s presentation,” writes Leyden, “allowing AWS to resolve the vulnerabilities, which it has done.”)

Amazon isn’t the only victim among the cloud-hosting companies. Numerous hackers have targeted cloud services from Microsoft and Google “for command and control and data extraction.”

Other takeaways from the Black Hat conference (it’s been called “a hacker summer camp,” the CSO post notes) include the importance of supply chain resilience, an imperative brought home by the CrowdStrike-Microsoft incident.

During the conference opening roundtable, an official with the European Union Agency for Cybersecurity warned attendees to be prepared for more supply chain attacks.

Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency, also mentioned the CrowdStrike-Microsoft incident, saying it points to the importance of developing what’s been called “a secure-by-design” approach.

One presentation deflated the notion that keeping systems up to date with patches brings a reasonable assurance of security. The presenter explained how it might be possible to compromise systems through what’s been called a “version rollback attack.”

Numerous sessions addressed risks and vulnerabilities associated with AI, and one session was devoted to personal liability and other risks to chief security officers, particularly for failure to report a breach properly.