Each year at RSA Conference, the SANS Institute provides an authoritative briefing on the most dangerous new attack techniques leveraged by modern-day attackers, including cyber criminals, nation-state actors, and more.
The annual briefing brings together some of the best and brightest minds shaping SANS core curricula to discuss emerging threat actor Tactics, Techniques, and Procedures (TTPs), assess what they mean for the future, and guide organisations on how to prepare for them.
2023 keynote session
The RSAC 2023 session, titled “The Five Most Dangerous New Attack Techniques” and moderated by SANS Technology Institute College President Ed Skoudis, featured four prominent SANS panelists to provide actionable insights that can help security leaders get (and stay) ahead of evolving threats.
- Stephen Sims, SANS Fellow & Offensive Cyber Operations Curriculum Lead
Attack Technique: Adversarial AI Attacks
Organisations need to deploy an integrated defense-in-depth security model that provides layered protections
This portion of the session highlighted how threat actors were manipulating AI tools to amplify the velocity of ransomware campaigns and identify zero-day vulnerabilities within complex software. From streamlining the malware coding process to democratising social engineering, adversarial AI has changed the game for attackers.
In response, organisations need to deploy an integrated defense-in-depth security model that provides layered protections, automates critical detection and response actions, and facilitates effective incident-handling processes.
- Heather Mahalik, SANS Fellow, DFIR Curriculum Lead, and Senior Director of Digital Intelligence, Cellebrite
Attack Technique: ChatGPT-Powered Social Engineering Attacks
This portion of the session highlighted how AI-driven social engineering campaigns are hitting close to home. With the rise of ChatGPT, threat actors are now leveraging generative AI to exploit human risk targeting the vulnerabilities of individual employees to breach their wide organisation’s network, including their families.
This development means that everyone is now more easily attackable than ever, and all it takes is one wrong click on a malicious file to put not only an entire company at immediate risk but the victim’s livelihood as well. This widened attack surface requires organisations to foster a culture of cyber vigilance across every fabric of their enterprise to ensure employees are cognizant of ChatGPT-related attacks.
- Dr. Johannes Ullrich, SANS Technology Institute College Dean of Research, Internet Storm Center (ISC) Founder
Attack Technique: Third-party Developer Attacks
For organisations, the attack underscored the criticality of effectively working in tandem with software developers
This portion of the session highlighted the rise of targeted attacks on third-party software developers to infiltrate enterprise networks through the supply chain. It references the December 2022 LastPass breach, where a threat actor exploited third-party software vulnerabilities to bypass existing controls and access privileged environments.
For organisations across sectors, the attack underscored the criticality of effectively working in tandem with software developers to align security architectures, share threat intelligence, and navigate evolving attack techniques.
- Katie Nickels, SANS Certified Instructor and Director of Intelligence, Red Canary
Attack Technique: SEO Attacks & Paid Advertising Attacks
This portion of the session highlighted the emergence of new Search Engine Optimisation (SEO) and advertising attacks leveraging fundamental marketing strategies to gain initial access to enterprise networks. In these instances, threat actors are exploiting SEO keywords and paid advertisements to trick victims into engaging spoofed websites, downloading malicious files, and allowing remote user access.
These attacks signify proactiveness on behalf of malicious attackers, who are increasingly pivoting away from traditional attack techniques that have become easier to defend against. These two attack vectors heighten the importance of incorporating scalable user awareness training programmes tailored to new threats.
- Network / IP
- Remote surveillance
- Office surveillance
- Electronic security systems
- Office security systems
- Campus security systems
- Office security
- Application security
- Remote security
- Commercial security
- Factory security
- Private sector security
- Public sector security
- Security management
- Security policy
- Security devices
- Security installation
- Security tagging
- Security monitoring system
- Security access systems
- Radio frequency Identification
- Facial recognition systems
- Network monitoring
- Video analytics
- Identity management
- Fingerprint reader
- Building security
- Facility security
- Institute security
- Network cameras
- Security software
- IP Surveillance
- Security service
- IP security solutions
- Testing & Approvals
- Integration software
- Cyber security
- Crime prevention
- Internet of Things (IoT)
- Corporate Security
- Central Monitoring
- Data Security
- Warning Devices
- IP transmission
- Incident Management
- Cloud security
- Artificial intelligence (AI)
- Mergers & Acquisitions
- Smart Cities
