The SANS Institute — a leading authority in cybersecurity research, education and certification — unveiled its annual Top Attacks and Threats Report. The release of this report offers insights into the changing threat landscape, pinpointing the most prevalent and hazardous cyber intrusion techniques that organizations must ready themselves for.
This year’s report also spotlighted the core messages from the SANS keynote session held at the yearly conference. During the keynote delivery, five fresh cybersecurity assaults were pinpointed and deliberated upon by principal SANS members, accompanied by recommended courses of action to counter them.
The 5 most perilous modern attack techniques recognized
The yearly RSA Conference presentation by the SANS Institute delves deep into assessing the evolving cyber threat panorama. Its objective is to aid organizations in grasping the contemporary tactics, foreseeing future trends, and fortifying their defenses proactively against these continuously evolving threats.
Listed below are the five new assault methods discussed at the conference, along with the requisite steps that should be taken:
1. AI-fueled young person blackmail
Heading the discussion on the delicate subject of AI-backed young person blackmail was Heather Mahalik Barnhart, a SANS DFIR Curriculum Lead and the Senior Director of Community Engagement at Cellebrite. Shedding light on how AI deepfakes have empowered malicious entities to craft convincing images or videos of their targets without any shared compromising content.
The possible dissemination of fabricated material online could compel victims to comply with extortionists’ demands, irrespective of their validity. Countering this threat, Barnhart underlines the importance of promoting awareness and education. Both adults and children should be reminded not to engage with unfamiliar individuals online and to meticulously adjust their privacy settings while using social platforms.
In case of a victim falling prey to blackmail, Barnhart reassures that avenues exist to aid them in extricating themselves out of such predicaments. Resources like the National Center for Missing and Exploited Children’s “Take It Down” scheme and different support hotlines can step in to purge harmful content and offer necessary assistance.
Explore AI cybersecurity solutions
2. Applying generative AI to skew public opinion
Tackling the theme of generative AI and the challenges it raises in the upcoming 2024 political polls was Terrence Williams, a SANS DFIR Certified Instructor and Security Engineer. Despite technology fostering fresh avenues for enhancing political campaigns, its exploitation via deep fakes and targeted disinformation can severely undermine public confidence.
Williams highlighted that with AI advancing, adversaries are swiftly obtaining leverage, exposing fresh vulnerabilities, and launching assaults more efficiently. This pressing situation necessitates preemptive measures to mitigate tech liabilities and ramp up security frameworks, ensuring the safeguarding of crucial infrastructure.
Williams stresses the significance of synergy among tech firms, political factions, academia, and grassroots entities to institute checks and balances, ensuring accountability at every level.
3. AI LLMs aggressively expedite exploitation lifecycles
Discussing how AI and automation are brewing a substantial upsurge in the potential of offensive cyber maneuvers was Steve Sims, SANS Offensive Cyber Operations Curriculum Lead and Fellow. The utilization of tools like Shell GPT that embed AI components into command-line interfaces such as PowerShell and CMD empowers cyber assailants to automate their coding operations even in domains where they lack ample expertise.
Sims underscored the primary concern — the swift pace at which AI unveiling vulnerabilities and exploiting them, particularly with LLMs (Large Language Models). The capacity to automate patch evaluation, harness threat intelligence, and weaponize vulnerabilities rapidly and effectively raises a significant concern.
Sims foresees the emergence of sophisticated, multi-agent systems capable of autonomously handling various attack lifecycle phases, potentially drawing on LLMs for decision-making and code formulation. In response to this, Sims accentuates the need to leverage automation and intelligence defensively, proposing a continuous cycle of instrumentation, threat intelligence analysis, and rule formulation.
4. Capitalizing on technical debt vulnerability
Addressing the extensive repercussions of technical debt on enterprise security was Johannes Ullrich, the Dean of Research at SANS Technology Institute. He accentuated how technical debt is growing increasingly pivotal, affecting not just enterprise applications but also the security framework itself.
Ullrich also raised awareness regarding the evolution of programming languages and the hurdles posed by aged code. As developers phase out and contemporary languages gain traction, organizations grapple with legacy codebases crafted in dialects like Perl, understood by few modern developers. This precipitates a significant vulnerability as maintaining and securing these aging systems becomes progressively daunting.
Ullrich contended that organizations can ill-afford to defer updates and corrections. He recommended a proactive stance towards patching, emphasizing the proclivity of numerous developers to overlook seemingly minor updates. These oversights compounded over time can birth substantial technical debt when a major security vulnerability surfaces.
5. Deep fakes complicating identity confirmation
Examining the ramifications of deep fakes on identity verification during his keynote speech, Ullrich underscored how the dwindling cost of forging convincing counterfeit videos and audio is significantly complicating technologies’ ability to verify a person’s identity online.
He noted that traditional human verification means like CAPTCHAs are losing effectiveness as machine learning systems surpass human skills in resolving them. Ullrich advocated for a dual-tiered strategy towards identity confirmation.
The initial verification, according to him, demands a substantial investment in terms of time and resources to ensure precision. Subsequent interactions should pivot on incremental authentication systems to sustain security. The subsequent phase concerns regulatory mandates such as “Know Your Customer (KYC),” a set of protocols enacted to support anti-money laundering (AML) and counter-terrorism financing (CTF) statutes.
Ullrich concluded by emphasizing the necessity of a risk-centric approach to identity verification. Establishments must gauge the probability of breaches and the necessity of verifying each person’s identity to decide the appropriate degree of commitment to invest in identity verification mechanisms.
Gazing ahead
With each sequential year, the imperative of vigilance in identifying novel cyber intrusion methods and staying abreast of effective mitigation strategies augments. Given the proliferating influence of disruptive technologies in the amplitude and severity of contemporary cyber threats, industries must persevere in adapting their security methodologies while reaping the wisdom and guidance of cybersecurity authorities and the entities they stand for.