Cybersecurity

SANS reveals ‘Top 5’ cyberattack techniques for 2024

Tech debt, deepfakes, and more deepfakes.
article cover

Francis Scialabba

· 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Scary drum roll, please.

At this year’s RSA Conference, instructors from the cybersecurity-training organization SANS revealed its annual list, “The Five Most Dangerous New Attack Techniques You Need to Know About”:

Technical debt. Johannes Ullrich, dean of research for SANS Technology Institute College, spoke about the growing number of vulnerabilities in legacy software.

Two recent industry reports—Mandiant’s M-Trends and Verizon’s DBIR—highlighted vulnerability exploits as a top attack vector.

His take: Apply patches as they’re released, Ullrich said. “The problem is five years from now, after you skip 10, 15 different incremental updates, then the big security vulnerability hits that library, and now you have to work through all of these little quirks that got added over the years,” Ullrich told the crowd at RSA.

Verifying digital identity

Ullrich also highlighted the challenge of identity verification as low-cost, convincing deepfakes emerge.

“The scale in use of media manipulation has dramatically increased as the complexity of leveraging manipulated media has fallen,” according to guidance from the National Security Agency (NSA) in September 2023.

His take: Ullrich recommended splitting authentication into two parts: initially establishing identity (likely requiring multiple verifications with, say, webcams or biometrics), and then reestablishing identity with “solid, incremental authentication as that user comes back to you,” Ullrich said on the panel.

Sextortion

An “edgy threat that nobody wants to admit exists,” according to Heather Mahalik Barnhart, DFIR curriculum lead at SANS Institute.

On May 8, President Biden signed The REPORT Act, which compels online-service providers to report material related to the sexual abuse of children.

Her take: Barnhart recommended the National Center for Missing and Exploited Children (NCMEC) and its “Take It Down” services to help remove videos and photos specific to extortion attempts.

AI and the election

SANS-certified instructor Terrence Williams highlighted the disruptive potential of AI to the 2024 election cycle.

A January 2024 CISA advisory noted how generative-AI-enabled capabilities like text-to-image and text-to-video creators can lead to false depictions that “could impact the security and integrity of election infrastructure.”

Some advice: Stopping deceptive AI will be largely up to the effort and discernment of those casting a ballot, according to Williams, who told the audience, “The average voter needs to understand that we're in a time of ‘trust, but verify.’”

AI and offense

What’s coming, Stephen Sims, offensive operations curriculum lead and fellow, SANS Institute, said: the automation of finding (and exploiting) complex bugs.

Computer scientists at University of Illinois Urbana-Champaign (UIUC) reported in April 2024 that OpenAI's GPT-4 large language model (LLM), after receiving advisory descriptions, could autonomously exploit some common vulnerabilities and exposures (CVEs).

His take: Automation on the defensive side and not being complacent. “With AI…you should be leveraging this to be your best friend and to make you better,” Sims told the crowd.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.