Experts from around the globe gathered at the RSA Conference 2023 in San Francisco, and shared what they are predicting to be the 5 most dangerous cyber security threats impacting organisations today.
The panel consisted of four respected SANS analyst experts, invited to explore the latest Tactics, Techniques and Procedures (TTP’s) of modern adversaries, and empower organisations with the correct detection and defence advice. This discussion highlighted key themes of recent cyber security threats, such as the influence of AI and the rise of paid-advertising attacks.
Cyber security threats: SEO-boosted attacks
Threat actors are increasingly moving away from traditional attack methods.
In the same way that marketers use Search Engine Optimisation (SEO) to boost their rankings and reach higher volumes of traffic, malicious actors are adopting this same method to trick more victims into engaging on fake/impersonating websites. This new cyber security threat highlights a shift from targeting organisations, to now focusing on individual users, leveraging the vulnerabilities of remote work and the blurred lines between business and personal devices. Katie Nickels, senior director of digital intelligence for Red Canary and SANS instructor explains how attackers are using SEO to their advantage “So, imagine some of you are in marketing and you’re using search engine optimization to get your company’s results to the top – well, adversaries do the same thing, but for evil, right? They use keywords and other SEO techniques to make sure their results, their malicious websites, are at the top of those search engine results”.
Cyber security threats: Malvertising
Just as cybercriminals are hijacking SEO, paid advertising is yet another marketing techniques which is increasingly being exploited to trick users into interacting with malicious websites. This cyberattack is carried out by creating fake websites which look almost identical to the original, and ranking 1st, 2nd and even 3rd as advertisements. This cyber security threat demonstrates the sophistication of threat actors approach and the creative ways hackers have had to adapt to global efforts to crack down on common cyber security threats. Nickels explains that neither SEO-boosted attacks or malvertising are relatively new techniques, but the reason she ranks them so highly as a threat is the increasing frequency of these cyberattacks this year.
Cyber security threats: Targeting developers
Johannes Ullrich, dean of research at SANS Technology Institute shared this insight “What I noticed last year, I think that’s something that’s really going to increase, is that attacks are specifically targeting developers”. Developers are commonly the first target of a cyberattack in an organisation as they require far less restricted access, to move laterally and code software across all IT and business systems. Meaning that if a cybercriminal was able to infiltrate a developers user details/sensitive data, the entire organisations systems would be in the hands of a malicious actor. This poses an extreme cyber security threat to organisations, as a majority of end-point protection prioritizes the general workstation, without putting protective measures in place for systems with developer tools installed.
Cyber security threats: Offensive Uses of AIz
With Large Language Models (LLM’s) such as ChatGPT integrating into every aspect of digital life, there has unsurprisingly been an increase in AI-powered cyber security threats. Steven Sims, offensive operations curriculum lead for SANS, highlights the ease in which cybercriminals (even fairly inexperienced ones) can use prompts to uncover a zero day and write code for a basic piece of malware. Despite the restrictive measures put in place by ChatGPT to prevent this kind of misuse of the technology, attackers are still finding ways to work around these defences. Sims goes on to say “Defensive depth is important. Expert mitigations is important. Understanding how this works is important. Writing your own AI and machine learning to understand more about it is important. These things are really all you can do because it’s out there and it’s amazing.”
Cyber Security threats: Weaponizing AI for Social Engineering
Just as malicious groups are using AI to create and spread malware, social engineering and impersonation techniques are now also becoming far easier to carry out through the help of LLM’s. Director of digital intelligence for Cellebrite and digital forensics, Heather Mahalik reaffirmed the legitimate threat this poses, and demonstrated the power of AI-powered social engineering on her son. The experiment involved asking ChatGPT to send ‘convincing’ texts with emojis, designed to impersonate a 9-year-old girl trying to get the son’s address. Mahalik goes on to say “It can be used to target people in your organizations – I chose to target my son because I tried to make everything really personable and show that we’re all attackable.”.
The threats outlined by SANS fall under a uniting trend, which is that cybercriminals are becoming more sophisticated, complex, and harder to detect.
450,000 new pieces of malware are detected every day, and everyday 3.4 billion phishing emails are sent to inboxes, resulting in a rate of cyberattacks that every organisation is struggling to detect and defend from. As John Davis, director UK and Ireland, SANS Institute, EMEA states: “These audacious new threats teach us that hackers thrive on diversification of their techniques.”. However all hope is not lost, no matter the size or maturity of a business, every enterprise can defend against these new cyber security threats, as Davis goes on to say “Awareness, vigilance, and education are vital weapons and our most critical line of defence”.
Want to know more about how your organisation can defend against these cyber security threats?
For 24/7/365 peace of mind on your organisations assets, speak to one of our experts today about our award-winning SOC.
To fully optimise the communications, productivity and operations of your business, get in touch and find out more about the power of the Microsoft 365 suite, secured by Azure.