The SANS Institute — a leading authority in cybersecurity research, education and certification — released its annual Top Attacks and Threats Report. This report provides insights into the evolving threat landscape, identifying the most prevalent and dangerous cyberattack techniques that organizations need to prepare for.
This year’s report also highlighted the main takeaways from the SANS keynote hosted at the annual conference. During the keynote presentation, five new cybersecurity attacks were identified and discussed by key SANS members along with suggested actions to address them.
The 5 most dangerous new attack techniques identified
The SANS Institute’s yearly RSA Conference presentation provides an in-depth analysis of the evolving cyber threat landscape. The goal is to help organizations understand the current tactics, anticipate future trends and proactively strengthen their defenses against these ever-evolving threats.
Below is a list of the five new attack techniques that were discussed at the conference, along with the necessary steps that should be taken:
1. AI-powered child sextortion
Heather Mahalik Barnhart, a SANS DFIR Curriculum Lead and Senior Director of Community Engagement at Cellebrite, led the discussion on the sensitive topic of AI-powered child sextortion. Barnhart explained how AI deepfakes have allowed malicious parties to create convincing images or videos of their victims without them ever having shared any compromising material.
The fear of having fabricated content shared online can lead victims to comply with extortionists’ demands, regardless of their validity. To combat this threat, Barnhart stresses the importance of awareness and education. Adults and children alike should be reminded not to talk to strangers online and to carefully consider their privacy settings when using social media.
In the unfortunate event that someone falls victim to sextortion, Barnhart reminds everyone that there are ways to help them get out of the situation. Resources like the National Center for Missing and Exploited Children’s “Take It Down” program and various support lines can assist in removing harmful content and providing necessary assistance.
Explore AI cybersecurity solutions
2. Using generative AI to skew public perception
Terrence Williams, a SANS DFIR Certified Instructor and Security Engineer, spoke on the topic of generative AI and the challenges it is presenting in the approaching 2024 political elections. While technology has created new opportunities for innovating political campaigns, the use of deep fakes and targeted misinformation that it facilitates can severely erode public trust.
Terrence mentioned that as AI progresses, adversaries are quickly gaining the upper hand, uncovering new vulnerabilities and launching attacks with greater efficiency. This urgent situation calls for proactive measures to address tech debt and increase security protocols, ensuring the protection of critical infrastructure.
Williams emphasizes the importance of collaboration between tech companies, political parties, academia and grassroots organizations to establish checks and balances, ensuring accountability on all levels.
3. AI LLMs hyper-accelerate exploitation lifecycles
Steve Sims, SANS Offensive Cyber Operations Curriculum Lead and Fellow, spoke about how AI and automation are beginning to significantly increase the capabilities of offensive cyber operations. Using tools like Shell GPT that integrate AI elements into command-line interfaces like PowerShell and CMD allows cyberattackers to automate their coding tasks even in areas where they don’t have enough expertise.
Sims highlighted that the core concern is the rapid pace at which AI allows vulnerabilities to be discovered and exploited, particularly with LLMs (Large Language Models). The ability to automate patch diffing, leverage threat intelligence and weaponize vulnerabilities fast and effectively is a major concern.
Sims also anticipates the emergence of sophisticated, multi-agent systems that can autonomously handle various stages of the attack lifecycle, potentially leveraging LLMs for decision-making and code generation. In answer to this, Sims emphasized the need to leverage automation and intelligence on the defensive side, suggesting a continuous loop of instrumentation, threat intelligence analysis and rule generation.
4. Exploitation of technical debt
Johannes Ullrich, Dean of Research at SANS Technology Institute, addressed the far-reaching consequences of technical debt on enterprise security. He emphasized how technical debt is becoming increasingly critical, affecting not only enterprise applications but also the security infrastructure itself.
Ullrich also drew attention to the evolution of programming languages and the challenges posed by legacy code. As developers retire and newer languages gain more popularity, organizations are left dealing with codebases written in languages like Perl that very few modern developers understand. This creates a significant vulnerability as it becomes increasingly difficult to maintain and secure these aging systems.
Ullrich argued that organizations can no longer afford to delay updates and fixes. He also advocated for a proactive approach to patching, highlighting the tendency of many developers to skip seemingly minor updates. These oversights can accumulate over time and create a significant technical debt burden when a major security vulnerability emerges.
5. Deepfakes complicating identity verification
During the keynote address, Ullrich also explored the implications of deepfakes on identity verification. He highlighted how the decreasing cost of creating convincing fake videos and audio is significantly complicating the process for technologies to verify someone’s identity online.
He pointed out that using traditional human verification methods like CAPTCHAs is increasingly ineffective as machine learning systems surpass human capabilities in solving them. Instead, Ullrich stressed the importance of using a two-pronged approach to identity verification.
The initial identification, he argued, requires a substantial investment of time and resources to ensure accuracy. Subsequent interactions should rely on incremental authentication mechanisms to maintain security. The second part of the process deals with regulatory requirements, such as “Know Your Customer (KYC),” which is a set of procedures put in place to support anti-money laundering (AML) and counter-terrorism financing (CTF) rules.
Ullrich concluded by emphasizing the need for a risk-based approach to identity verification. Organizations need to assess the likelihood of breaches and the criticality of verifying each individual’s identity to determine the appropriate level of effort to invest in identity verification measures.
Looking forward
As each year passes by, it has become more important to remain vigilant when identifying new cyberattack methods and staying up-to-date regarding effective mitigation strategies. With disruptive technologies continuing to play a critical factor in the scale and severity of modern-day cyber threats, industries will need to continue to adapt their security approaches while benefiting from the expertise and guidance of cybersecurity leaders and the organizations they represent.