google-site-verification: google30a059f9a075f398.html

Most dangerous attack techniques, and what’s coming next

CyberWisdom Safe Harbor Commentary

Today I came across this story from helpnetsecurity.com that finds out things we don’t talk about but SANS experts presented the five most dangerous new types of cyberattacks in the 2018 Keynote Speech at the annual RSA Conference in San Francisco and how they worked, how they stopped or at least slowed down, and how companies and consumers prepared.

Dangerous attack techniques

The five threats outlined are:

  1. Repository and cloud storage data leakage
  2. Big data analysis, de-anonymization and correlation
  3. The attacker monetizes the damaged system by using miners who encrypt coins
  4. Identify hardware defects
  5. More malware and attacks disrupt ICS and utilities rather than seek profits.

Repository and cloud storage data leaks
Ed Skoudis, head of the SANS penetration test course, talks about the data leakage threats we face from increasing the use of knowledge bases and cloud storage:

“Today’s software is built in a completely different way from 10 or even 5 years ago. It has a large number of online code libraries for collaboration and cloud data storage to host mission-critical applications. However, attackers are increasingly targeting Look for passwords, encryption keys, access tokens, and terabytes of sensitive data on such repositories and cloud storage infrastructures. “.

He continued: “Defenders need to focus on data inventory, appoint a data administrator for their organization, and educate system architects and developers on how to protect data assets in the cloud. In addition, large cloud computing companies have introduced artificial intelligence. Services to help sort and maintain the data in their infrastructure.Finally, there are various free tools that can help prevent and detect leaks through the codebase.”

Big data analysis, anti-anonymization and correlation
Skoudis continues to talk about the threat of big data analytics and how attackers use data from multiple sources to anonymous users:

“In the past, we fought with attackers who were trying to access our machines and stole data for criminal use. Now, this battle is moving from hacking machines to hacking data – collecting data from different sources and merging them together. Eliminate user anonymity, find business vulnerabilities and opportunities, or otherwise undermine the mission of the organization. We still need to prevent attackers from gaining goals in order to steal data. However, defenders also need to start analyzing risks that are related to their seemingly harmless data. How to combine data from other sources to introduce business risk while carefully considering the privacy impact of the data and the potential risk of tampering with the brand or triggering a regulatory review “.

The attacker monetizes damaged systems by using encrypted coin miners
Johannes Ullrich, Dean of the SANS Institute and director of the SANS Internet Storm Center. He has been studying cybercriminals increasingly using encrypted gold miners:

“Last year, we talked about how ransomware was used to sell data to its owners, and cryptocurrency was the preferred tool for paying ransom. Recently, we discovered that attackers no longer bother data. Because of the large amount of stolen data sold, PII The value of most stolen data, such as credit card numbers, has dropped dramatically, and attackers are installing encrypted coin miners.These attacks are more subtle and unlikely to be discovered, and attackers can earn tens of thousands of dollars each month from encrypted coin miners. Those who need to learn how to detect these coin miners and find out the loopholes that are used to install them. ”

Identify hardware defects
Ullrich went on to say that software developers often think of hardware as perfect, which is a dangerous assumption. He explained why and what needs to be done:

“Software development is not difficult. Software developers also make mistakes in developing hardware. Repairing hardware is much more difficult and often impossible without replacing the entire system or suffering significant performance losses. So developers need to learn how to create Software does not rely on hardware to mitigate any security issues.Similar to how software uses encryption on an untrusted network, software needs to authenticate and encrypt data in the system.Some emerging homomorphic encryption algorithms may allow developers to encrypt Data is manipulated without first decrypting it.”

The most dangerous attack techniques

More malware and attacks disrupt ICS and utilities than seek profits
Finally, James Lyne, director of research and development at the SANS Institute, discussed the majority of the growth trends seen in non-profit-oriented malware and attacks in the past, focusing instead on disrupting industrial control systems (ICS) and utilities:

“Every day, the vast majority of malicious code is undeniably focused on fraud and profits.

Read more:

Experts from SANS presented the five most dangerous new cyber attack techniques in their annual RSA Conference 2018 keynote session in San Francisco, and shared their views on how they work, how they can be stopped or at least slowed, and how businesses and consumers can prepare. The five threats outlined are: 1. Repositories and cloud storage data leakage 2. Big Data analytics, de-anonymization, and correlation 3. Attackers monetize compromised systems using crypto coin miners … More → The post Most dangerous attack techniques, and what’s coming next appeared first on Help Net Security…. Engaging post, Read More…

thumbnail courtesy of helpnetsecurity.com

 

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » Most dangerous attack techniques, and what’s coming next