An RSA Conference 2019 a panel representing the SANS Institute – featuring Heather Mahalik, director of forensics engineering at ManTech and mobile forensics course director, and Ed Skoudis, instructor, and Johannes Ullrich, dean of research – addressed the most dangerous attack techniques facing organizations and individuals today.
According to Skoudis, there are two specific attack vectors that he’s seeing increasingly. First is the manipulation of the DNS infrastructure associated with specific enterprises. “Hackers are using credentials that they have compromised in the normal course of business,” he explained. “Bad guys are logging into DNS and name registrars and manipulating the DNS records there. Emails destined for your organizations are actually being redirected to them.”
The second attack vector is domain fronting, a technique that obscures where the attacker is located. However, that’s just the start, he said, as many of these attackers are disappearing into the cloud and acting as a trusted cloud provider.
Mahalik revealed how easily anyone can be targeted in individualized attacks. If someone wants to get your information, it can be easily tracked in the cloud. “The lazier we get as humans, the better the glimpse into our lives for everyone else.” Information that is in one cloud is being shared in other clouds, making it available to bad guys who want it.
Ulrich returned to the DNS problem; it is an issue of privacy versus security. If a bad guy intercepts your traffic, they know a lot about you, so you want to go to something more private. HTTPS seems like the optimum solution, but HTTPS makes it more difficult for security staff to monitor logs that would otherwise find anomalies in the traffic.
Finally, Ulrich said there has been a rise in CPU flaws. Hackers are taking advantage of the flaws in these features to attack your system.
The solution? All three experts said there needs to be an increase in the use of MFA to make it more difficult for outsiders to gain access to your networks, your clouds, your servers or your private information.