Ed Skoudis knows he and his colleagues at the SANS Institute could easily have come up with a list of the 50 top cyber-threats of 2022. It’s been that kind of year.
But Skoudis, whose cybersecurity information and training organization annually presents the most dangerous cyber-threats at RSA conferences each year, said the SANS Institute opted instead to narrow down the list to five major categories of cyber-threats.
Skoudis, a fellow at the SANS Institute and president of the SANS Technology Institute College, said it’s particularly important for those in the channel to understand what their customers are now facing in terms of potential attacks.
“They need to know what’s coming,” said Skoudis of the general types of cyberattacks used today.
“Channel players don’t want their customers – or themselves – to get hacked,” he said. “Customers are demanding better security. If they don’t get it, they’ll get it from someone else. It’s that simple.”
The following are five of the most dangerous attack techniques, as described by the SANS Institute:
‘Living Off The Cloud’
As organizations increasingly use cloud-based services to store data, provide applications on the internet, and conduct business operations, attackers are not only targeting these cloud services, they are leveraging cloud offerings as attack platforms. Enterprises that use cloud services tend to trust their own cloud provider, giving more access to their corporate environments to and from the cloud than they would to arbitrary systems on the internet. Attackers take advantage of this by registering with the same cloud provider as their target organization and then launching attacks from the cloud against that organization’s cloud-based services as well as their corporate network.
Attacks Against Multi-factor Authentication
Many organizations and internet services have deployed Multi-Factor Authentication to improve the security of their systems by using text messages or a key fob to transmit a multi-digit code when a user attempts to login to the system. Attackers are employing a variety of techniques to bypass Multi-Factor Authentication, especially targeting the processes used to register and re-register a mobile device to receive the multi-digit codes. By subverting the registration process, attackers can register their own devices to receive the texts, allowing them to authenticate and take over a user’s account.
Attacks Against System Backup
For many organizations, system backups have become the last line of defense against the latest ransomware attacks. But software used to create the backups themselves has flaws. Most major vendors of backup software had to address significant vulnerabilities in the past year. Attackers use this backup software deployed in companies, government agencies, military systems, and more to either compromise systems or exfiltrate data. Such attacks, like “ghost backups,” are challenging to detect as they mimic the behavior of regular backup processes.
Attacks Involving ‘Stalkerware’ Against Mobile Devices
Most threats, especially those on mobile devices, leverage traditional exploitation techniques we’ve seen in the past. But now, attackers are using those techniques to deploy evermore powerful “stalkerware” to track users’ actions through their mobile devices. The latest mobile device exploitation tools require zero clicks from users, and can give an attacker stealthy control of iOS and Android devices.
Attacks Against Communication Satellites
Satellite hacking and purposeful infrastructure disruption have made their way into the headlines, not as theory but as factual events. It sounds like the stuff of James Bond movies, but the boundaries of civilian technologies, communication infrastructure and military application are blurring further. The panel at SANS discussed how such lofty attacks impact the world, including the blurring of civilian and military targets, increasing nation state aggressiveness in targeting commercial communications facilities, and the possibilities of other space-based cyber attacks.