The SANS Institute-led Top Most Perilous Attack Techniques session is among the most well known keynote periods at any RSA Conference.
The 2022 version was a bit much more somber than past editions, next the passing of SANS founder Alan Paller who moderated the panel for in excess of a decade. Ed Skoudis, fellow and director at SANS Institute, started the 2022 panel with a transferring tribute to Paller, who was mentioned far more than after during the session as the inspiration for how cybersecurity training can and really should continue on to strengthen.
(From left to correct) Ed Skoudis, Katie Nickels, Johannes Ullrich, Heather Mahalik and Rob T. Lee
Dwelling Off the Cloud
The initial significant attack vector was in-depth by Katie Nickels, certified instructor and director of intelligence at SANS Institute. In yrs earlier, SANS panels have comprehensive so-referred to as residing off the land (LotL) attacks, in which hackers use applications by now present in an business. With residing off the cloud attacks, adversaries are now applying cloud companies that corporations are working with to exploit unsuspecting buyers.
“As a defender on the lookout at network visitors, it is tough for me to convey to if certain cloud targeted visitors is an attack or benign,” Nickels explained. “We all use cloud solutions legitimately in our organizations, and stuff goes right via firewalls and proxies.”
Nickels implies that businesses be conscious of usual cloud behaviors and glimpse for potential outliers to location dangers.
Multi-Factor Authentication Bypass
Nickels observed that multi-factor authentication (MFA) is an unbelievably potent drive for security, but it is significantly getting abused by attackers.
Attackers are in a position to bypass MFA with quite a few distinct approaches, including abusing an solution regarded as – fall short open up. With fall short open up, in circumstances where by a procedure can not access the MFA support, it will ‘fail open’ and make it possible for obtain without the use of the MFA credential. Nickels suggests that companies have various MFA backup options to restrict the risk.
Backups have Vulnerabilities
Johannes Ullrich, dean of investigate at SANS Institute, discovered backups as remaining a potentially risky attack vector.
Heather Mahalik warned that stalkerware and worms are nevertheless concerns for customers
Ullrich explained that backup methods have obtain to endpoints and servers throughout an company and signify an beautiful goal for attackers. He pointed out that attackers are wanting for acknowledged vulnerabilities in backup methods in order to exploit them.
To mitigate the risk of a backup system, Ullrich implies that companies be diligent in patching and ensuring that access to the backup system is secured.
Stalkerware and Worms are Even now a Risk
Heather Mahalik, senior instructor and director of digital intelligence at SANS Institute, warned that what’s aged is new once again in security as stalkerware and worms are continue to fears for customers.
Stalkerware is software program that tracks people and has become a large issue once again with the emergence of Pegasus in 2021. Laptop or computer worms which are among the the outdated type of cybersecurity risk, also remain an issue, according to Mahalik.
“Do not permit the shiny APT (advanced persistent menace) distract you from what is truly hiding there and just ready to attack you,” she stated.
In phrases of shielding in opposition to stalkerware and worms, Mahalik endorses simple cybersecurity hygiene, which features standard patching, backups and anti-malware instruments. She also advises that users make helpful use of multi-factor authentication.
The Risk is in Place
Rob Lee, chief curriculum director and faculty guide at SANS Institute warned that an rising risk arrives from securing non-terrestrial internet communications.
With the present-day war in Ukraine, between the earliest targets was the internet infrastructure on the floor. Elon Musk stepped up and aided supply Ukraine with Starlink satellite internet, which has assisted deliver communications accessibility. In the potential, Lee warns that adversaries will progressively target satellite systems for internet and terrestrial programs.
Lee observed that organizations need to have to take into account how to make absolutely sure that they can continue functions, even in the absence of internet obtain.
Overall, for IT security practitioners, Mahalik suggested that people will need to be passionate to be prosperous with cybersecurity irrespective of the risk vector.
“We ended up speaking about Alan Paller and remembering him and a person reported it was tough to tell when Alan was performing, and when he was obtaining pleasurable,” she explained. “That is exactly where you really should hope to be, so uncover your enthusiasm and live it.”
Some parts of this write-up are sourced from: