RSA 2022: The Five Most Dangerous New Attack Techniques

The migration to the cloud doesn’t always guarantee clear skies.

As more organizations migrate to cloud and hybrid-cloud platforms, Symantec, by Broadcom Software, has long highlighted the potential risks and steps they need to take to secure data and workloads. But inevitably, the transition to multi-cloud infrastructure environments has brought with it the difficult security challenge of managing a highly fragmented set of security and compliance controls – and attackers are taking note.

Indeed, adversaries are increasingly “living off the cloud,” warns Katie Nichols, a SANS Certified Instructor.

Which services are being abused? According to Nichols, nearly all of them.

“Google Drive is used by a lot of different crimeware families, Slack, Discord, etc.,” she said. “I don’t know any cloud service that is immune. The takeaway is that instead of pointing fingers at specific cloud services, realize they (attackers) are doing it.”

Nichols made her comments at an RSA 2022 conference panel where SANS representatives identified the top attack techniques.

The rise of cloud-based attacks was just one of several security risks highlighted at this year’s panel, which was moderated by Ed Skoudis, President, SANS Technology Institute. The other panelists included Johannes Ulrich, Dean of Research, SANS Technology Institute; Heather Mahalik, DFIR Curriculum Lead and Sr. Director of Digital Intelligence, SANS Institute and Cellebrite; and Robert T Lee, Chief Curriculum Director and Faculty Lead, SANS Institute.

As part of good OpSec, organizations are regularly encouraged to back up their data to protect against ransomware and other unexpected attacks. Not surprisingly, backup software itself has become a target by today’s adversaries. Ulrich warned that backup software is essentially like “giving attackers a single key to get all your data. Most organizations have multiple backup technology. For each backup solution, there are unique attacks that can be launched against them.” In addition, backup software can also have vulnerabilities and misconfigurations that attackers can exploit.

How organizations should do backups depends on the organization’s threat model.

“What are you most afraid of?” Ulrich said. “Keep your encryption strong and keys close, whether you are doing it the cloud or local. No one size fits all.”

Nichols also discussed the risks posed by multi-factor authentication (MFA) bypass attacks while Mahalik pointed to the disruptive, long-term impact of Internet worms.

“Adversaries still are using old techniques” to wreak havoc. “WannaCry is still impacting endpoints since 2017. Do not let shiny APTs distract you,” said Mahalik, adding that WannaCry – a ransomware with a worm component -- spread around the world within a day, infecting more than 230,000 computer systems in 150 countries and costing approximately $4 billion in financial losses. “Why would adversaries reinvent the wheel when they can simply use what works?” she said. 

Mahalik also discussed the danger posed by stalkerware.

“We are all stalkable. Don’t think you aren’t important enough.” Traditionally, to install stalkerware, you needed access to the device; that is no longer the case. Developed by the Israeli-based NSO Group, Pegasus is spyware that can covertly enter a smartphone and turn it into a surveillance device. It does not require user interaction and can self-destruct before it is discovered. According to Mahalik, Pegasus is the “most prevalent APT malware that impacts IOS and Android today.”

The panel encouraged the audience to continue to focus on security basics to reduce risk and better protect against both known and unknown attacks. Lee also asked attendees to continue to educate themselves about current and new technologies, including cloud, mobile and satellites, to better protect them against current – and future -- attacks. “Technology is constantly changing. How does that impact possible attacks?” said Mahalik, who recommended that organizations have at least one person on the team who knows mobile or hire an expert. 

To learn more on how Broadcom Software can help you modernize, optimize and protect your enterprise, contact us here.