• cybersecurity-news
• Visit Article Link

• Info Security Magazine
• Wed Jun 8 2022

The SANS Institute-led Top Most Dangerous Attack Techniques session is among the most popular keynote sessions at any RSA Conference. The 2022 edition was a bit more somber than past editions, following the passing of SANS founder Alan Paller who moderated the panel for over a decade. Ed Skoudis, fellow and director at SANS Institute, started the 2022 panel with a moving tribute to Paller, who was mentioned more than once during the session as the inspiration for how cybersecurity education can and should continue to improve.

(From left to right) Ed Skoudis, Katie Nickels, Johannes Ullrich, Heather Mahalik and Rob T. Lee

Living Off the Cloud The first big attack vector was detailed by Katie Nickels, certified instructor and director of intelligence at SANS Institute. In years past, SANS panels have detailed so-called living off the land (LotL) attacks, in which hackers use tools already present in an organization. With living off the cloud attacks, adversaries are now using cloud services that organizations are using to exploit unsuspecting users. "As a defender looking at network traffic, it's tough for me to tell if certain cloud traffic is an attack or benign," Nickels said. "We all use cloud services legitimately in our organizations, and stuff goes right through firewalls and proxies." Nickels suggests that organizations be aware of normal cloud behaviors and look for potential outliers to spot risks. Multi-Factor Authentication Bypass Nickels noted that multi-factor authentication (MFA) is an incredibly powerful force for security, but it is increasingly being abused by attackers. Attackers are able to bypass MFA with several different methods, including abusing an approach known as - fail open. With fail open, in cases where a system can not reach the MFA service, it will 'fail open' and allow access without the use of the MFA credential. Nickels suggests that organizations have multiple MFA backup options to limit the risk. Backups have Vulnerabilities Johannes Ullrich, dean of research at SANS Institute, identified backups as being a potentially dangerous attack vector.

Heather Mahalik warned that stalkerware and worms are still concerns for users