Each year at RSA Conference, the SANS Institute provides an authoritative briefing on the most dangerous new attack techniques leveraged by modern-day attackers, including cyber criminals, nation-state actors and more. The annual briefing brings together some of the best and brightest minds shaping SANS core curricula to discuss emerging threat actor tactics, techniques and procedures (TTPs), assess what they mean for the future and guide organisations on how to prepare for them.
The RSAC 2023 session: “The five most dangerous new attack techniques”, moderated by SANS Technology Institute College President Ed Skoudis, featured four prominent SANS panellists to provide actionable insights that can help security leaders get (and stay) ahead of evolving threats.
- Stephen Sims, SANS Fellow & Offensive Cyber Operations Curriculum Lead
Attack technique: Adversarial AI attacks
This portion of the session highlighted how threat actors were manipulating AI tools to amplify the velocity of ransomware campaigns and identify zero-day vulnerabilities within complex software. From streamlining the malware coding process to democratising social engineering, adversarial AI has changed the game for attackers. In response, organisations need to deploy an integrated defence-in-depth security model that provides layered protections, automates critical detection and response actions and facilitates effective incident-handling processes.
- Heather Mahalik, SANS Fellow, DFIR Curriculum Lead and Senior Director of Digital Intelligence, Cellebrite
Attack technique: ChatGPT-powered social engineering attacks
This portion of the session highlighted how AI-driven social engineering campaigns are now hitting close to home. With the rise of ChatGPT, threat actors are now leveraging generative AI to exploit human risk – targeting the vulnerabilities of individual employees to breach their wide organisation’s network, including their families. This development means that everyone is now more easily attackable than ever, and all it takes is one wrong click on a malicious file to put not only an entire company at immediate risk, but the victim’s livelihood as well. This widened attack surface requires organisations to foster a culture of cyber vigilance across every fabric of their enterprise to ensure employees are cognisant of ChatGPT-related attacks.
- Dr Johannes Ullrich, SANS Technology Institute College Dean of Research, Internet Storm Center (ISC) Founder
Attack technique: Third-party developer attacks
This portion of the session highlighted the rise of targeted attacks on third-party software developers to infiltrate enterprise networks through the supply chain. It references the December 2022 LastPass breach, where a threat actor exploited third-party software vulnerabilities to bypass existing controls and access privileged environments. For organisations across sectors, the attack underscored the criticality of effectively working in tandem with software developers to align security architectures, share threat intelligence and navigate evolving attack techniques.
- Katie Nickels, SANS Certified Instructor and Director of Intelligence, Red Canary
Attack techniques: SEO attacks and paid advertising attacks
This portion of the session highlighted the emergence of new SEO and advertising attacks leveraging fundamental marketing strategies to gain initial access to enterprise networks. In these instances, threat actors are exploiting SEO keywords and paid advertisements to trick victims into engaging spoofed websites, downloading malicious files and allowing remote user access. These attacks signify proactiveness on behalf of malicious attackers, who are increasingly pivoting away from traditional attack techniques that have become easier to defend against. These two attack vectors heighten the importance of incorporating scalable user awareness training programs tailored to new threats.
Share