#RSAC: Organizations Warned About the Latest Attack Techniques

During the RSA 2023 conference, several experts highlighted the latest cyber attack techniques.

SEO-based attacks

According to Katie Nickels, Certified Instructor, SANS Institute and Director of Intelligence at Red Canary, there has been a significant growth in threat actors using search engine optimization and malvertising to infiltrate users and organizations.

He said this change is a sign that “perimeter defenses are improving,” but it means attackers’ use of legitimate SEO services is a significant new challenge for organizations.

Here, threat actors pay search engine websites to get their malicious sites to the top of search results. Nickels showed that this is proving to be effective, with the first three results of a particular search he used showing malicious sites.

This technique is used for “many different intrusions,” including infecting users with infostealer malware, he said.

Mitigation of this type of attack is difficult, since the perpetrators use legitimate and trusted services. Education is therefore vital, for example encouraging users to go directly to legitimate websites rather than using a search engine.

Nickels added that organizations should use tools such as ad-blocking software and, most importantly, report malicious websites that appear in search engine results at every possible opportunity.

Orientation to developers

Dr. Johannes Ullrich, dean of research at SANS Technology Institute College, highlighted a growing number of attacks “targeted specifically at developers.” This is an effective tactic since developers are often the first employees in an organization to be exposed to code.

There have been numerous cases where threat actors have exploited vulnerabilities in software components to inject malware, which is then installed by developers in their business, Ullrich said.

This was shown in the LastPass breaches in 2022, in which attackers targeted a DevOps engineer’s home computer by exploiting a vulnerable third-party multimedia software package. Once installed by the developer, attackers gained the necessary privileges for remote code execution.

Ullrich said that increasing dialogue with developers on security teams, such as educating them about these types of threats, is crucial to mitigating the risk.

Malicious use of ChatGPT

The next attack trend discussed in the session was the nefarious use of ChatGPT, for malware development and exploitation. Stephen Sims, Offensive Operations Curriculum Lead and Fellow at the SANS Institute, demonstrated tests he had conducted on the AI ​​chatbot to see if he could get it to write ransomware code.

While ChatGPT refused to do this when asked directly, Sims was able to work around it by asking the tool to write code for individual components of the ransomware, such as code only for the encryption In the end, he “wrote it all for us.”

Heather Mahalik, DFIR Curriculum Lead, SANS Institute and Senior Director of Digital Intelligence at Cellebrite, also highlighted the emerging threats of ChatGPT, focusing on how it can create realistic social engineering campaigns for a range of purposes ominous It demonstrated a potentially disturbing use of the tool: trying to look like a nine-year-old to lure a child into giving their home address. It turned out to be very effective in writing a realistic message this way.

He argued that this kind of use of ChatGPT is an underappreciated risk and “one of the biggest threats is certainly ignorance.”

New threat report statistics

During RSA 2023, BlackBerry released its latest Quarterly Global Threat Intelligence Reportcovering the period between December 1, 2022 and February 28, 2023.

Ismael Valenzuela, vice president of threat research and intelligence at Blackberry, sat down Infosecurity at the fair to discuss some of the major findings.

The company detected a significant increase in cross-platform malware, in which code is created that works on different platforms. “This makes sense, since attackers focus on impact,” Valenzuela said.

Another trend is the rise of information theft, often used to steal credentials, as even relatively minor organizations can provide access to high-value targets, he said. “There are a lot of people looking for credentials, whoever you are,” Valenzuela added.

The report also highlighted regional differences in the attack techniques being used. In particular, there was a significant increase in attacks targeting Southeast Asian countries, with Singapore appearing in the top 10 countries that suffered cyberattacks and Hong Kong in the top 10 countries where unique malware samples were used.

It’s very important to highlight these variations because “the threats we see there are very unique to this region,” Valenzuela said.

Read more: Experts call for applying lessons learned from Russia-Ukraine cyber war to potential China-Taiwan scenario

He highlighted an attack on a semiconductor manufacturing company in Taiwan during this period. In this case, a remote access hacking tool called Warzone was used in a very focused way. “We saw that this malware used geofencing, which means the malware will only detonate if it runs within a certain region,” Valenzuela explained.

This very targeted incident is very notable, and Taiwan needs to be watched given the geopolitical situation with China.

Source link
At the 2021 RSA Conference, organizations were warned to brace themselves as attackers are upping their game and increasingly targeting cloud-based systems. While cloud-based services have transformed the way companies do business, attackers are constantly coming up with innovative tactics and methods to exploit these services. Ikaroa, the full-stack tech company, is committed to protecting businesses from such threats and helping them prepare for the unknown.

At the conference, experts outlined the latest attack techniques and trends emerging in the space and suggest several best practices on how to strengthen security. In order to combat advanced threats, companies must have a layered defense system in place. This includes multi-factor authentication to protect user accounts, firewalls and anti-malware to block and detect malicious traffic, and encryption to protect sensitive data.

Speakers also spoke on the importance of leveraging the latest technologies, such as artificial intelligence and machine learning, to strengthen the defense. This can help organizations identify anomalies in network traffic and detect suspicious activities. Additionally, companies should deploy user and entity behavior analytics to detect and respond to threats.

Ikaroa is an experienced team of cybersecurity experts who specialize in secure cloud-based services. Our team is dedicated to helping businesses stay ahead of the latest threat landscape, offering tailored security services to address their specific needs. We are well-versed in the most up-to-date attack techniques and tools available and can help implement the latest security services to mitigate risk.

For organizations that seek to maintain a secure cybersecurity posture, the RSA Conference provided invaluable insight on the latest threat techniques. Ikaroa can help support businesses in staying ahead of the curve, offering secure cloud-based services to protect against malicious actors.


Leave a Reply

Your email address will not be published. Required fields are marked *