The SANS Institute — a leading authority in cybersecurity research, education and certification — released its annual Top Attacks and Threats Report. This report provides insights into the evolving threat landscape, identifying the most prevalent and dangerous cyberattack techniques that organizations need to prepare for.

This year’s report also highlighted the main takeaways from the SANS keynote hosted at the annual conference. During the keynote presentation, five new cybersecurity attacks were identified and discussed by key SANS members along with suggested actions to address them.

The 5 most dangerous new attack techniques identified

The SANS Institute’s yearly RSA Conference presentation provides an in-depth analysis of the evolving cyber threat landscape. The goal is to help organizations understand the current tactics, anticipate future trends and proactively strengthen their defenses against these ever-evolving threats.

Below is a list of the five new attack techniques that were discussed at the conference, along with the necessary steps that should be taken:

1. AI-powered child sextortion

Heather Mahalik Barnhart, a SANS DFIR Curriculum Lead and Senior Director of Community Engagement at Cellebrite, led the discussion on the sensitive topic of AI-powered child sextortion. Barnhart explained how AI deepfakes have allowed malicious parties to create convincing images or videos of their victims without them ever having shared any compromising material.

The fear of having fabricated content shared online can lead victims to comply with extortionists’ demands, regardless of their validity. To combat this threat, Barnhart stresses the importance of awareness and education. Adults and children alike should be reminded not to talk to strangers online and to carefully consider their privacy settings when using social media.

In the unfortunate event that someone falls victim to sextortion, Barnhart reminds everyone that there are ways to help them get out of the situation. Resources like the National Center for Missing and Exploited Children’s “Take It Down” program and various support lines can assist in removing harmful content and providing necessary assistance.

Explore AI cybersecurity solutions

2. Using generative AI to skew public perception

Terrence Williams, a SANS DFIR Certified Instructor and Security Engineer, spoke on the topic of generative AI and the challenges it is presenting in the approaching 2024 political elections. While technology has created new opportunities for innovating political campaigns, the use of deep fakes and targeted misinformation that it facilitates can severely erode public trust.

Terrence mentioned that as AI progresses, adversaries are quickly gaining the upper hand, uncovering new vulnerabilities and launching attacks with greater efficiency. This urgent situation calls for proactive measures to address tech debt and increase security protocols, ensuring the protection of critical infrastructure.

Williams emphasizes the importance of collaboration between tech companies, political parties, academia and grassroots organizations to establish checks and balances, ensuring accountability on all levels.

3. AI LLMs hyper-accelerate exploitation lifecycles

Steve Sims, SANS Offensive Cyber Operations Curriculum Lead and Fellow, spoke about how AI and automation are beginning to significantly increase the capabilities of offensive cyber operations. Using tools like Shell GPT that integrate AI elements into command-line interfaces like PowerShell and CMD allows cyberattackers to automate their coding tasks even in areas where they don’t have enough expertise.

Sims highlighted that the core concern is the rapid pace at which AI allows vulnerabilities to be discovered and exploited, particularly with LLMs (Large Language Models). The ability to automate patch diffing, leverage threat intelligence and weaponize vulnerabilities fast and effectively is a major concern.

Sims also anticipates the emergence of sophisticated, multi-agent systems that can autonomously handle various stages of the attack lifecycle, potentially leveraging LLMs for decision-making and code generation. In answer to this, Sims emphasized the need to leverage automation and intelligence on the defensive side, suggesting a continuous loop of instrumentation, threat intelligence analysis and rule generation.

4. Exploitation of technical debt

Johannes Ullrich, Dean of Research at SANS Technology Institute, addressed the far-reaching consequences of technical debt on enterprise security. He emphasized how technical debt is becoming increasingly critical, affecting not only enterprise applications but also the security infrastructure itself.

Ullrich also drew attention to the evolution of programming languages and the challenges posed by legacy code. As developers retire and newer languages gain more popularity, organizations are left dealing with codebases written in languages like Perl that very few modern developers understand. This creates a significant vulnerability as it becomes increasingly difficult to maintain and secure these aging systems.

Ullrich argued that organizations can no longer afford to delay updates and fixes. He also advocated for a proactive approach to patching, highlighting the tendency of many developers to skip seemingly minor updates. These oversights can accumulate over time and create a significant technical debt burden when a major security vulnerability emerges.

5. Deepfakes complicating identity verification

During the keynote address, Ullrich also explored the implications of deepfakes on identity verification. He highlighted how the decreasing cost of creating convincing fake videos and audio is significantly complicating the process for technologies to verify someone’s identity online.

He pointed out that using traditional human verification methods like CAPTCHAs is increasingly ineffective as machine learning systems surpass human capabilities in solving them. Instead, Ullrich stressed the importance of using a two-pronged approach to identity verification.

The initial identification, he argued, requires a substantial investment of time and resources to ensure accuracy. Subsequent interactions should rely on incremental authentication mechanisms to maintain security. The second part of the process deals with regulatory requirements, such as “Know Your Customer (KYC),” which is a set of procedures put in place to support anti-money laundering (AML) and counter-terrorism financing (CTF) rules.

Ullrich concluded by emphasizing the need for a risk-based approach to identity verification. Organizations need to assess the likelihood of breaches and the criticality of verifying each individual’s identity to determine the appropriate level of effort to invest in identity verification measures.

Looking forward

As each year passes by, it has become more important to remain vigilant when identifying new cyberattack methods and staying up-to-date regarding effective mitigation strategies. With disruptive technologies continuing to play a critical factor in the scale and severity of modern-day cyber threats, industries will need to continue to adapt their security approaches while benefiting from the expertise and guidance of cybersecurity leaders and the organizations they represent.

More from Risk Management

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Are we getting better at quantifying risk management?

4 min read - As cyber threats grow more sophisticated and pervasive, the need for effective risk management has never been greater. The challenge lies not only in defining risk mitigation strategy but also in quantifying risk in ways that resonate with business leaders. The ability to translate complex technical risks into understandable and actionable business terms has become a crucial component of securing the necessary resources for cybersecurity programs.What approach do companies use today for cyber risk quantification? And how has cyber risk…

Cybersecurity Awareness Month: Cybersecurity awareness for developers

3 min read - It's the 21st annual Cybersecurity Awareness Month, and we’re covering many different angles to help organizations manage their cybersecurity challenges. In this mini-series of articles, we’re focusing on specific job roles outside of cybersecurity and how their teams approach security.For developers, cybersecurity has historically been a love-hate issue. The common school of thought is that coders are frustrated with having to tailor their work to fit within cybersecurity rules. However, many companies are embracing a security-first approach, and some developers…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today