Thursday , April 24 2025

5 most dangerous new attack techniques

Cyber experts from the SANS Institute have revealed the five most dangerous new attack techniques being used by attackers including cyber criminals and nation-state actors. They were presented in a session at the RSA Conference in San Francisco, where a panel of SANS analysts explored emerging Tactics, Techniques, and Procedures (TTPs) and advised organizations on how to prepare for them.

The SANS Institute is a leading cybersecurity training, certifications, degrees, and resources company that aims to empower cybersecurity professionals with practical skills and knowledge.

SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances....
Read More
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

GitLab Releases Security Update For Multiple Vulns

GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7...
Read More
GitLab Releases Security Update For Multiple Vulns

ISPAB president “whatsapp” got hacked via phishing link

Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What...
Read More
ISPAB president “whatsapp” got hacked via phishing link

Zyxel released patches 2 vulns in its USG FLEX H series firewalls

Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws...
Read More
Zyxel released patches 2 vulns in its USG FLEX H series firewalls

South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related...
Read More
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

ChatGPT Develops Exploit for CVEs Before Public PoCs Share

Security researcher Matt Keeley showed that artificial intelligence can now develop working exploits for critical vulnerabilities before public proof-of-concept (PoC)...
Read More
ChatGPT Develops Exploit for CVEs Before Public PoCs Share

TP-Link Router Vulns Allow to Execute Malicious SQL Commands

Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their...
Read More
TP-Link Router Vulns Allow to Execute Malicious SQL Commands

SSL.com’s domain validation system’s bug found: Hacker exploited

SSL.com has revealed a major security flaw in its domain validation system, which could enable attackers to acquire fake SSL...
Read More
SSL.com’s domain validation system’s bug found: Hacker exploited

Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals

Amazon has paused some data center lease negotiations for its cloud division, particularly in international markets, according to Wells Fargo...
Read More
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals

Hackers Exploit Zoom’s Remote Control Feature for System Access

ELUSIVE COMET is a threat actor conducting a sophisticated attack campaign that uses Zoom's remote control feature to access victims'...
Read More
Hackers Exploit Zoom’s Remote Control Feature for System Access

The session, titled The Five Most Dangerous New Attack Techniques, featured four prominent SANS panelists to provide actionable insights to help security leaders understand and stay ahead of evolving threats. The five emerging cyber-attack vectors the speakers covered were adversarial AI, ChatGPT-powered social engineering, third-party developer, SEO, and paid advertising attacks.

Adversarial AI attacks

With adversarial AI attacks, threat actors are manipulating AI tools to amplify the velocity of ransomware campaigns and identify zero-day vulnerabilities within complex software, said Stephen Sims, SANS fellow and offensive cyber operations curriculum lead. From streamlining malware coding processes to democratizing social engineering, adversarial AI has changed the game for attackers, he added. In response, organizations need to deploy an integrated defense-in-depth security model that provides layered protections, automates critical detection and response actions, and facilitates effective incident-handling processes.

ChatGPT-powered social engineering

As for ChatGPT-powered social engineering, threat actors are leveraging generative AI to exploit human risk – targeting the vulnerabilities of individual employees to breach their wide organization’s network, including their families, according to Heather Mahalik, SANS fellow.

This development means that users are now more easily attackable than ever, and all it takes is one wrong click on a malicious file to put not only an entire company at immediate risk, but the victim’s livelihood as well, Mahalik said. This widened attack surface requires organizations to foster a culture of cyber vigilance across every fabric of their enterprise to ensure employees are cognizant of ChatGPT-related attacks.

Third-party developer attacks

The next most dangerous attack technique explored was third-party developer attacks (also known as software supply chain attacks) chiefly a rise of targeted attacks on third-party software developers to infiltrate enterprise networks through the supply chain, said Dr. Johannes Ullrich, SANS Technology Institute college dean of research. This played out significantly in the 2022 LastPass breach, where a threat actor exploited third-party software vulnerabilities to bypass existing controls and access privileged environments. For organizations across sectors, the attack underscored the criticality of effectively working in tandem with software developers to align security architectures, share threat intelligence, and navigate evolving attack techniques, Ullrich said.

SEO attacks and paid advertising attacks

SEO attacks are another dangerous, emerging attack method, as are paid advertising attacks, said Katie Nickels, SANS certified instructor. New SEO and advertising attacks (also called malvertising) are leveraging fundamental marketing strategies to gain initial access to enterprise networks, according to Nickels. In these instances, threat actors are exploiting SEO keywords and paid advertisements to trick victims into engaging spoofed websites, downloading malicious files, and allowing remote user access.

These attacks signify proactiveness on behalf of malicious attackers, who are increasingly pivoting away from traditional attack techniques that have become easier to defend against, Nickels said. These two attack vectors heighten the importance of incorporating scalable user awareness training programs tailored to new threats.

Attackers thrive on diversification of their techniques

The attacks outlined have become all the more prevalent, sophisticated, and harder to detect, John Davis, director UK and Ireland, SANS Institute, EMEA, tells CSO. “All are part of a larger trend in which the efforts and attack techniques used by hackers are increasingly complex and targeted.”

The sheer scale of cybercrime today, and the boldness of attackers, is hard for many business leaders to fathom – 450,000 new pieces of malware are detected each day, and 3.4 billion phishing emails hit inboxes – he adds. “No wonder so many businesses are struggling to keep the doors and windows firmly closed amid a raging storm. These audacious new threats teach us that hackers thrive on diversification of their techniques. No wonder we’re seeing established ransomware groups make layoffs, while Ransomware-as-a-Service (RaaS) gathers momentum.”

The good news is that even the smallest and youngest of businesses can defend against these attacks, Davis says. “Awareness, vigilance, and education are vital weapons and our most critical line of defense. Ultimately, if we’re to shore up the best defenses in an “always on” hacker world, it’s vital we stay ahead of the curve and keep shape shifting the approach, whatever the threat.”

Check Also

Australian Cyber Security Centre Alert for Fortinet Products

The Australian Cyber Security Centre (ACSC) has alerted technical users in both private and public …

Leave a Reply

Your email address will not be published. Required fields are marked *