Each year the SANS Institute provides a briefing on the most dangerous new cyber attack techniques leveraged by modern-day attackers, including cyber criminals, nation-state actors, and more. The 2023 briefing, ‘The Five Most Dangerous New Attack Techniques’, was presented at the recent RSA conference.
The five emerging cyber attack techniques highlighted are:
Adversarial AI attacks
Threat actors are manipulating AI tools to amplify the velocity of ransomware campaigns and identify zero-day vulnerabilities within complex software. From streamlining the malware coding process to democratising social engineering, adversarial AI has changed the game for attackers. In response, organizations need to deploy an integrated defense-in-depth security model that provides layered protections, automates critical detection and response actions, and facilitates effective incident-handling processes.
ChatGPT-powered social engineering attacks
AI-driven social engineering campaigns are now hitting close to home. With the rise of ChatGPT, threat actors are now leveraging generative AI to exploit human risk – targeting the vulnerabilities of individual employees to breach their organization’s network. This development means that everyone is now more easily attackable than ever, and all it takes is one wrong click on a malicious file to put not only an entire company at immediate risk but the victim’s livelihood as well. This widened attack surface requires organizations to foster a culture of cyber vigilance across every fabric of their enterprise to ensure employees are cognizant of ChatGPT-related attacks.
Third-party developer attacks
Targeted attacks on third-party software developers to infiltrate enterprise networks through the supply chain are on the rise. To highlight this threat the SANS Institute references the December 2022 LastPass breach, where a threat actor exploited third-party software vulnerabilities to bypass existing controls and access privileged environments. For organizations across sectors, the attack underscored the criticality of effectively working in tandem with software developers to align security architectures, share threat intelligence, and navigate evolving attack techniques.
SEO attacks and paid advertising attacks
New search engine optimisation (SEO) and advertising attacks are both emerging, leveraging fundamental marketing strategies to gain initial access to enterprise networks. In these instances, threat actors are exploiting SEO keywords and paid advertisements to trick victims into engaging with spoofed websites, downloading malicious files, and allowing remote user access. These attacks signify proactiveness on behalf of malicious attackers, who are increasingly pivoting away from traditional attack techniques that have become easier to defend against. These two attack vectors heighten the importance of incorporating scalable user awareness training programs tailored to new threats.