Analysts unveil top five new attack techniques to watch

The annual briefing brings together some of the best and brightest minds shaping SANS core curricula to discuss emerging threat actor Tactics, Techniques, and Procedures (TTPs), assess what they mean for the future, and guide organisations on how to prepare for them.

The RSAC 2023 session, titled ‘The Five Most Dangerous New Attack Techniques’ and moderated by SANS Technology Institute College President Ed Skoudis, featured four prominent SANS panelists to provide actionable insights that can help security leaders get (and stay) ahead of evolving threats. 

Stephen Sims, SANS Fellow & Offensive Cyber Operations Curriculum Lead

Attack Technique: Adversarial AI Attacks

This portion of the session highlighted how threat actors were manipulating AI tools to amplify the velocity of ransomware campaigns and identify zero-day vulnerabilities within complex software. From streamlining the malware coding process to democratising social engineering, adversarial AI has changed the game for attackers. In response, organisations need to deploy an integrated defence-in-depth security model that provides layered protections, automates critical detection and response actions, and facilitates effective incident-handling processes.

Heather Mahalik, SANS Fellow, DFIR Curriculum Lead, and Senior Director of Digital Intelligence, Cellebrite

Attack Technique: ChatGPT-Powered Social Engineering Attacks

This portion of the session highlighted how AI-driven social engineering campaigns are now hitting close to home. With the rise of ChatGPT, threat actors are now leveraging generative AI to exploit human risk – targeting the vulnerabilities of individual employees to breach their wide organisation’s network, including their families. This development means that everyone is now more easily attackable than ever, and all it takes is one wrong click on a malicious file to put not only an entire company at immediate risk but the victim’s livelihood as well. This widened attack surface requires organisations to foster a culture of cyber vigilance across every fabric of their enterprise to ensure employees are cognisant of ChatGPT-related attacks.

Dr. Johannes Ullrich, SANS Technology Institute College Dean of Research, Internet Storm Centre (ISC) Founder

Attack Technique: Third-party Developer Attacks

This portion of the session highlighted the rise of targeted attacks on third-party software developers to infiltrate enterprise networks through the supply chain. It references the December 2022 LastPass breach, where a threat actor exploited third-party software vulnerabilities to bypass existing controls and access privileged environments. For organisations across sectors, the attack underscored the criticality of effectively working in tandem with software developers to align security architectures, share threat intelligence, and navigate evolving attack techniques. 

Katie Nickels, SANS Certified Instructor and Director of Intelligence, Red Canary

Attack Technique: SEO Attacks & Paid Advertising Attacks

This portion of the session highlighted the emergence of new Search Engine Optimisation (SEO) and advertising attacks leveraging fundamental marketing strategies to gain initial access to enterprise networks. In these instances, threat actors are exploiting SEO keywords and paid advertisements to trick victims into engaging spoofed websites, downloading malicious files, and allowing remote user access. These attacks signify proactiveness on behalf of malicious attackers, who are increasingly pivoting away from traditional attack techniques that have become easier to defend against. These two attack vectors heighten the importance of incorporating scalable user awareness training programs tailored to new threats.