5 most dangerous new attack techniques

Cyber ​​experts at the SANS Institute have revealed the five most dangerous new attack techniques used by attackers, including cybercriminals and nation-state actors. They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging tactics, techniques and procedures (TTPs) and advised organizations on how to prepare for them.

The SANS Institute is a leading cybersecurity training, certification, degree and resource company that aims to equip cybersecurity professionals with practical skills and knowledge.

The session, titled The Five Most Dangerous New Attack Techniques, featured four prominent SANS panelists to provide actionable insights to help security leaders understand and stay ahead of evolving threats. The five emerging cyber attack vectors speakers covered were adversarial AI, ChatGPT-powered social engineering, third-party developer, SEO, and paid advertising attacks.

Adversary AI attacks

With adversarial AI attacks, threat actors manipulate AI tools to amplify the speed of ransomware campaigns and identify zero-day vulnerabilities in complex software, said Stephen Sims, SANS Fellow and Curriculum Lead for ‘offensive cyber operations. From streamlining malware coding processes to democratizing social engineering, adversarial AI has changed the game for attackers, he added. In response, organizations must deploy an integrated defense-in-depth security model that provides layered protections, automates critical detection and response actions, and facilitates effective incident management processes.

Social engineering powered by ChatGPT

In terms of social engineering powered by ChatGPT, threat actors are leveraging generative AI to exploit human risk, targeting the vulnerabilities of individual employees to breach their organization’s network, including their families , according to SANS Fellow Heather Mahalik.

This development means users are now more easily attackable than ever, and it only takes one wrong click on a malicious file to put not only an entire company at risk, but also the victim’s livelihood, Mahalik said. This expanded attack surface requires organizations to foster a culture of cyber vigilance across the fabric of their enterprise to ensure employees are aware of ChatGPT-related attacks.

Copyright © 2023 IDG Communications, Inc.

Source link
From the dramatic increase of cyber-attacks over the past few years, hackers have become more creative and sophisticated with their malicious techniques. As new attack methods emerge, it’s imperative to be aware of the most dangerous ones, so that safety measures can be taken in order to protect from potential damages. Therefore, at Ikaroa, we have prepared a list of the five most dangerous new attack techniques that you should become aware of today.

1. Credential Stuffing: Credential stuffing is a common attack method used by cybercriminals. It’s a process in which hackers gain access to a data set of usernames and passwords and attempt to use them to gain access to multiple accounts or websites.

2. Social Engineering: Social engineering is the art of manipulating people into performing certain actions or revealing confidential information. It consists of online scams, phishing emails and malicious downloads, among other techniques.

3. Cryptojacking: This type of attack occurs when a hacker infiltrates a computer system and mines cryptocurrency without the owner being aware. It’s a way for cybercriminals to generate revenue without the legitimate user’s consent.

4. Ransomware Attacks: This type of attack consists of hackers blocking access to a user’s data and demanding a ransom payment in order to restore the data.

5. DDo S (Distributed Denial of Service): This attack method consists of flooding a website or network with a huge amount of traffic, in order to render it inaccessible to its intended users.

Overall, it’s important for users to remain aware of the evolving attack techniques in order to protect themselves from potential damages. By taking the proper security measures, such as strong authentication, password protection and regular software updates, users can help make sure their data is secure. To protect your data, contact Ikaroa today.


Leave a Reply

Your email address will not be published. Required fields are marked *