5 most dangerous new attack techniques (yes, they include AI)

Every year at the RSA Conference in San Francisco, the SANS Institute leads a popular keynote session outlining what their analysts see as the five most dangerous new attack techniques for a given year.

[ Follow SDXCentral’s complete RSA Conference 2023 coverage ]

Whereas in some years there are five very different techniques that analysts discuss, this year the list was a bit more compressed with overlapping risks and AI an overarching and pervasive theme.

Your branch has changed. Your SD-WAN should, too

1. Search Engine Optimization (SEO) a new tool for bad guys

Katie Nickels, certified instructor at the SANS Institute, said that from her perspective, search engine optimization (SEO) is a growing risk. To be clear, these are the same basic SEO approaches and techniques that publishers and websites have been using since the dawn of the very first search engines. Though instead of SEO used for positive purposes, it is being abused for nefarious gains by miscreants.

NIckels said that attackers use keywords and other SEO techniques to make sure their malicious websites are at the top of those search engine results. Those well-placed results then lead unsuspecting users to the attacker’s sites, which can then have malware, or attempt to steal user credentials.

2. Malvertising – using search engines to optimize threats

The second trend, also outlined by Nickels, is closely related to the first one. Malvertising is a technique for malicious advertising.

With malvertising, adversaries are buying ads from legitimate search engine providers to try to get their content at the top. Malvertising is so prominent in 2023 that it was added as a common threat vector to the MITRE ATTACK framework this week. Nickels noted that many attackers are using Malvertizing and SEO techniques in combination to get users to download something or do something that could lead to credential theft.

Neither SEO nor malvertising,however, are new techniques. In fact, both have been around for several years. Nickels argued that while SEO and malvertising are not new, the panel is about the most dangerous techniques and from her perspective the levels of both techniques have been rising in recent months.

Nickels said that defending against both SEO and malvertising start with user education and training users to only obtain software from trusted sources. She also advocates for the use of ad-blocking software and recommends that users report malicious sites to search engine providers.

3. Developers are now primary targets

Johannes Ullrich, dean of research, SANS Technology Institute College identified attacks targeting developers as a top dangerous trend.

“We talk a lot about dependencies and malicious components,” Ullrich said. “The first individual in your organization that’s exposed to these malicious components is the developer, and we have had components that specifically attacked developers.”

Attacks against developer’s build tools and desktops represent a strong risk for contagion. Instead of just impacting a single individual, a malicious component in a developer build could find its way into a production application, impacting thousands of people.

So what can and should security professionals be doing to help developers? Ullrich suggests education and some well configured endpoint protection software.

“Be nice to developers, don’t make their life any harder,” Ullrich said. “Make them your allies, teach them about these particular threats.”

4. Using AI, specifically ChatGPT, to develop malware

Stephen Sims, offensive operations lead at SANS Institute was the first of two panelists to bring up AI as a top threat.

Sims detailed the risks of AI with regard to exploitation and adversarial activities and more specifically the ability to create actual malware. He recounted that back in November 2022, when ChatGPT first launched, he could simply type a prompt to create a ransomware script. That same prompt won’t work as it did in April 2023 as ChatGPT now tries, somewhat unsuccessfully, to block users from writing exploit code.

Sims detailed how by taking an iterative step-by-step process it is still very much possible to use ChatGPT to build effective ransomware and other types of malware.

How can users defend against AI powered exploit development?

Sims noted that defense in depth, exploit mitigations and generally understanding how AI and machine learning works are all important tasks for organizations to undertake.

5. Weaponizing generative AI for social engineering

Heather Mahalik, curriculum lead at SANS Institute, also identified an aspect of AI as one of the most dangerous attack trends.

Rather than using AI to build exploit code, she described in painful detail how generative AI can be used for social engineering that is highly effective.

“If someone sent my dad something saying that it was his banking, or Social Security or his Medicare, he’s going to respond because he’s not going to know the difference,” she said.

“Someone that doesn’t speak your same language can use this to do whatever they want”

Mahalik’s advice is for people not to fear the power of generative AI, but rather to take the time to understand it and have layers of defense.

“The bottom line is you need to educate,” she said. “You need to learn how to use it properly and you cannot fear technology. “