RSA Conference Trend Spotlight: The Most Dangerous New Attacks

According to the tradition of the annual RSA conference, the final panel event is the five most dangerous new attack technology conferences. Although the RSA conference in 2021 will be moved to an online format, it still follows this tradition.

Software Integrity Crisis

Ed Skoudis, a researcher and director of the SANS Institute, noted that breaching software integrity is one of the biggest attack vectors he sees today. Software integrity includes supply chain security for all embedded libraries and components that make up a modern application.

Skoudis said that our software development and distribution process today is all about speed, with a quest to get new code and features out faster. Developers don’t focus on reliability and security, which is a pretty serious problem.

In this regard, Skoudis also said that there is no single solution to the problems of software integrity and software supply chain management, and enterprises need to make plans according to their own conditions. The first thing that needs to be done is for organizations to know what software is in their environment so they can defend against it. The next step is to have a software bill of materials, which basically identifies all the components that make up a particular set of software applications. Skoudis also recommends that businesses incorporate threat hunting into their workflows to help find potential risks.

Risk of mishandling sessions

Heather Mahalik, director of digital intelligence at the SANS Institute, sees mishandling of conversations as the biggest risk.

Mahalik warned that every time a user logs into an app or service, some form of access token is granted in order to be able to access the session. But some sessions don’t protect the token well, so data can be leaked or misused.

However, with a few simple steps, you can reduce the risk of improper session handling. The most succinct and effective measure suggested by Mahalik is for the user to log out of the device and app session when they have finished their work.

Mahalik said that most users now like to keep the screen on, like their devices are always available, and like to check the password-free login for the next seven days, but this is actually insecure. And she also encouraged developers to create time-limited tokens to “kick” users off the network.

Be wary of artificial intelligence

Artificial intelligence and machine learning being used for malicious purposes is a potential risk, warns Johannes Ullrich, director of the SANS Institute of Technology.

Attackers can influence or manipulate machine learning training datasets, which will affect the actions that AI systems will take, Ullrich warned. The user’s training data is very important, and we need to understand these models. Understand what they are doing and know how to adjust them.

Ransomware is not just a usability issue

While ransomware is not a new threat, the fact is that ransomware in 2021 is creating new risks, said Katie Nickels, a certified instructor and intelligence director at the SANS Institute.

She pointed out that historically, ransomware has been discussed as a usability issue, where data is encrypted by attackers and users can no longer access or use it. In her view, ransomware is no longer just a usability issue, it’s starting to be associated with data breaches. Attackers are also now stealing data, then using it for different purposes, encrypting it and demanding a ransom, Nickels explained.

“In fact, in the fourth quarter of 2020, we found that more than 70% of ransomware cases involved some kind of breach and extortion,”

And, Nickels said, this dangerous new attack will become the new normal. After that, we have to take into account not only the availability of the data, but also the confidentiality of the data, and realize that there is a very high possibility that an attacker could steal and export our data.

As ransomware has become more than a usability issue, so has the advice on how organizations can protect themselves. Having an offline backup isn’t enough, Nickels said, and businesses should also take precautions, such as banning any non-essential file-sharing tools.

In the face of the stress of the pandemic and the seemingly never-ending threat to cybersecurity, Nickels offers an inspiring piece of advice. She pointed out that former U.S. President Roosevelt once said, “Use what you have and do what you can do where you are.” In her opinion, the same advice applies to IT security professionals.

“You may not be able to solve every challenge, but don’t get overwhelmed and try to start over from somewhere. Start with improving your detection capabilities, for example, no matter how much it contributes to your organization,” Nickels said. In cybersecurity or in life, do what you can with what you have and where you are.