Register now for better personalized quote!
Additional Contributor:David Keller
Monitoring DNS is essential to gain a high-level understanding of network usage trends at Black Hat. Cisco has secured Black Hat with DNS since 2017.
Routing DNS traffic through a centralized, intelligence-driven service provides valuable insights-DNS queries can reveal connections to destinations ranging from malware, crypto mining, and phishing sites to categories like social media, finance, and illicit activities. Moreover, these domains are classified into specific applications that can be reviewed in Umbrella's App Discovery report, which highlights the use of thousands of web, desktop, and mobile apps. At Black Hat USA 2025, we started blocking encrypted DNS requests on event networks using Umbrella DNS to ensure we had maximum visibility into user traffic. This forced conference attendees to resolve requests without encryption, enabling inspection to detect compromises or malicious activity.
One of our top monitoring priorities was the ApateWeb potentially unwanted program (PUP) delivery and phishing campaign, which uses 'two/three-name' domain pattern. We've monitored this campaign at major sporting events, Black Hat Asia, RSAC and Cisco Live this year. Common characteristics for domains associated with the campaign are:
Examples:
NOC leaders were comfortable with blocking resolution requests for these domains to protect attendees from the campaign, based on these characteristics, as seen in the screenshot shared below.
Fig. 1: Blocked resolution requestsThis year, we saw over 66.1 million DNS queries, as more attendees decided not to connect to the conference network vs recent years.
Fig. 2: Black Hat DNS queries, visualized year-over-yearWith the decline of DNS requests, we also saw about the same number of apps at Black Hat USA as in 2024:
Last year, there was one stand out Application Category that has been growing in popularity, Generative AI. It will likely be no surprise that we saw a rise in the number of Generative AI apps accessed by attendees vs. one year ago.
With so many talks incorporating AI subjects, the real-world usage of attendees serves as a metric to measure the increase of adoption and the proliferation of AI tools.
Each year, the NOC leaders give out awards for the top requested websites by category. In 2025 we saw Slack hold serve for the top chat app, along with clashes of big names like Apple vs. Google and Tinder vs. Hinge. We'll present the last matchup with no comment.
Fig. 4: Black Hat USA 2024, top DNS categoriesSee you at Black Hat Europe!
Black Hat is the cybersecurity industry's most established and in-depth security event series. Founded in 1997, these annual, multi-day events provide attendees with the latest in cybersecurity research, development, and trends. Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more. As the event series where all career levels and academic disciplines convene to collaborate, network, and discuss the cybersecurity topics that matter most to them, attendees can find Black Hat events in the United States, Canada, Europe, Middle East and Africa, and Asia. For more information, please visit the Black Hat website.
We'd love to hear what you think! Ask a question and stay connected with Cisco Security on social media.
Cisco Security Social Media
LinkedIn
Facebook
Instagram
X
Hot Tags :
Cisco Talos
Cisco XDR
Black Hat
Cisco Security Cloud
Cisco Secure Access
Cisco Breach Protection
Cisco User Protection
Security Operations Center SOC
Network Operations Center NOC
Register Email now for Weekly Promotion Stock
100% free, Unsubscribe any time!
Add 1: Room 605 6/F FA YUEN Commercial Building, 75-77 FA YUEN Street, Mongkok KL, HongKong Add 2: Room 405, Building E, MeiDu Building, Gong Shu District, Hangzhou City, Zhejiang Province, China
Whatsapp/Tel: +8618057156223 Tel: 0086 571 86729517 Tel in HK: 00852 66181601
Email: [email protected]
English
Pусский
Français
Español
Português
