July 11, 2017 By Shane Schick 2 min read

Critical U.S. infrastructure will be hit by a major cyberattack in the next two years, according to a survey of experts who attended the annual Black Hat security conference in the last two years.

Published just a few weeks before this year’s Black Hat event in Las Vegas, the survey, titled “Portrait of an Imminent Cyberthreat,” showed that only 26 percent of respondents believe U.S. infrastructure will be adequately protected by government and defense forces.

The nearly 600 security experts polled also reported concerns about the vulnerability of their own organizations. Two-thirds said they expect to be hit by a data breach in the next year, and 70 percent reported that staffing limitations will make it difficult to respond to a security incident. Meanwhile, 60 percent said their budgets aren’t keeping pace with the increasing sophistication of attacks.

US Infrastructure Vulnerable to Classic Scams

While it’s impossible to predict precisely how threat actors might strike U.S. infrastructure, 50 percent of those surveyed indicated that they were most concerned about social engineering and phishing schemes that dupe users into handing over access credentials. While the recent WannaCry and NotPetya attacks have made huge headlines recently, Black Hat attendees had already pegged ransomware as the fastest-rising threat.

Of course, there are plenty of established products and services to fend off cyberattacks, but the survey participants recognized the need for greater customization in their threat mitigation strategies. Sixty-one percent said corporations should fend off fraudsters with their own specialized online defenses. That’s probably because 45 percent reported that attacks are becoming more targeted at specific firms and pieces of U.S. infrastructure than ever before.

Conventional Wisdom Confirmed

Some of the report’s findings confirmed conventional wisdom about enterprise security. For example, 38 percent cited their own employees as a major weak spot in protecting information, while 39 percent suggested that insider threats may be more dangerous than third parties targeting U.S. infrastructure.

Perhaps the biggest worry, according to SDxCentral, is the gap between IT and management when it comes to the potential severity of cyberattacks. While compliance issues may remain top of mind for boards and CEOs, for instance, technology professionals want them to pay greater attention to data breaches.

You can be sure that topic, as well as other data points included in this survey, will generate at lot of buzz at the upcoming Black Hat conference.

More from

Bypassing Windows Defender Application Control with Loki C2

10 min read - Windows Defender Application Control (WDAC) is a security solution that restricts execution to trusted software. Since it is classified as a security boundary, Microsoft offers bug bounty payouts for qualifying bypasses, making it an active and competitive field of research.Typical outcomes of a WDAC bypass bug bounty submission:Bypass is fixed; possible bounty awardedBypass is not fixed but instead "mitigated" by being added to the WDAC recommended block list. Likely no bounty awarded but honorable mention is typically givenBypass is not…

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today