Supply chain attacks, IoT threats on tap for Black Hat 2021

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

With the 2021 edition of the Black Hat conference set to kick off in an unprecedented hybrid setup, industry analysts said the security market is also facing challenges it has never seen before.

The annual infosec conference, long billed as a meeting point of enterprise security professionals and researchers who operate at the cutting edge of intrusion and data theft tactics, begins its public sessions on Wednesday. The conference kicks off with a keynote address from Matt Tait, COO of mobile security startup Corellium and a former infosec analyst with the U.K.’s Government Communications Headquarters.

Among the topics Tait is expected to address are supply chain infections, something that has come to the fore in recent months. The 2020 SolarWinds attack, in which software updates for the Orion IT management platform were poisoned, brought the idea of supply chain infections into the public light.

The idea was reinforced months later when Kaseya’s VSA platform was compromised and seeded with ransomware that would eventually infect more than a thousand managed service providers’ clients.

Given these two major attacks, the ideas around supply chains and preventing downstream service providers from falling victim to malware are likely going to be first and forefront on the minds of everyone attending this year’s conference, both in-person and via streaming video.

When combined with the rise in sophisticated ransomware gangs, supply chain attacks could well become the most dangerous threat facing enterprises. “The top two themes have to be supply chain risk and ransomware,” said Eric Parizo, principal analyst of cybersecurity operations at analyst firm Omdia.

“In the wake of the SolarWinds incident and the many high-profile ransomware compromises, both issues have clearly reached the point where new and more comprehensive approaches need to be discussed, including at the highest levels of government.”

Also on the mind of industry analysts are attacks that make the jump from conventional data-based IT networks to machine-controlling operational technology (OT) networks. With the threat of attacks on IoT gear being higher than ever, analysts are worried that cyber attacks could…