Breaking Down the SANS Top 5 Most Dangerous New Cyber Attacks

Aside from providing cybersecurity training and degrees, the SANS Institute regularly releases resources aimed at educating the broader cybersecurity community. One of the most interesting of these SANS resources comes in the form of a list of the top five most dangerous new cyberattacks.  

Compiled by expert analysts at SANS and revealed during a panel at the annual RSA conference, this list offers some valuable and often surprising insights to companies looking to stay ahead of the curve on the current and upcoming cyber threat landscape. Read on to get the lowdown on the top five most dangerous new cyberattacks for 2023 and how you can improve your defenses against them. 

What Are the Most Dangerous New Cyber Attacks in 2023?  

The experts decided on the following attack methods as the most dangerous new ones to watch out for in 2023 (in no particular order): 

• Malicious advertising 
• SEO-based attacks 
• Adversarial AI 
• Generative AI in social engineering 
• Targeting developers 

With the cost of cybercrime expected to hit $8 trillion in 2023, it pays to know what threat actors are currently doing and planning to do more. While the SANS list is not gospel, it does reflect a high level of combined experience and expertise in cybersecurity, so it’s worth paying attention to these dangerous attack methods. 

Malicious advertising 

 Malicious advertising (malvertising) is not new, but it has often been perceived as a petty nuisance rather than a genuine cyber threat. However, with the business models of search engines depending heavily on paid advertising, threat actors are turning to malicious ads in droves. Search engines typically place ads above organic results, which gives them a prominent position on search engine results pages (SERPs).

Malvertising attacks involve creating lookalike websites that host malicious content, where the attacker pays to advertise for certain keywords to entice people to click into those sites and unknowingly install malware. An example given by the SANS panel demonstrated that for one keyword (Blender 3D), the first three adverts in Google led to malicious websites. This technique is so common that MITRE added it to its ATT&CK framework in April 2023.  

 Some ways to combat malvertising threats include: 

• Report any malicious lookalike sites to search engine companies 
• Use ad-blocking software across your business 
• Encourage employees to use safe web browsers and turn off any auto-play or auto-run features that run malicious scripts by default 
• Have 24/7 detection and response capabilities in place  

SEO-based attacks 

SEO-based attacks are related to malvertising, except that hackers target organic search results rather than running paid advertising campaigns. SEO is generally more of a long game in which the tactics used to rank organically for keywords (e.g., acquiring backlinks and writing good content) take time to work. There are also black hat methods to accelerate SEO results, which threat actors no doubt use.  

In these attacks, hackers typically try to rank for keywords that involve users searching for resources to download or urgently trying to find something (e.g., legal agreement template). When the SEO tactics pay off, the user unknowingly visits a malicious website, where they download malware. An example is Gootloader, a sophisticated malware that can lead to ransomware intrusions. Similar mitigation methods used for malvertising also apply to SEO-based attacks.    

Generative AI in social engineering   

With its impressive ability to spit out grammatically correct content in seconds based on simple user prompts, ChatGPT is a generative AI tool that took the world by storm at the end of 2022 and the beginning of 2023. While it has some positive and fun uses, generative AI is proving incredibly useful for malevolent actors, particularly in improving their social engineering techniques.  

 Anyone can freely write a convincing phishing email using tools like ChatGPT. While the creators of these tools try to put in place defenses against malicious use, it’s still easy to get them to write phishing emails and texts. At the very least, generative AI amplifies the difficulty of dealing with social engineering by reducing spammy, misspelled messages. 

Tips for dealing with this problem include: 

• Conduct simulated phishing exercises to gauge user awareness and work to improve that awareness with regular reminders and training.  
• Improve email security defenses and filtering so users receive fewer emails from spammy or untrusted domains.  

Adversarial AI 

 Given the rapid recent evolutions in various AI technologies, it’s unsurprising to see AI feature heavily in the most dangerous new cyberattacks. However, the adversarial use of AI focuses more on the technical things you can do with AI in cyberattacks rather than getting generative AI apps to help with social engineering.   

Amplifying the problem with apps like ChatGPT is that they are also useful for more technical offensive cybersecurity tasks due to their ability to code. Less technically skilled hackers can get generative AI apps to write malware or custom exploits for code vulnerabilities. If you feed code into ChatGPT, it’ll look for vulnerabilities when prompted. During the panel, one speaker even described how they got around ChatGPT’s in-built defense mechanisms against malicious use and convinced the bot to write ransomware code.  

How can you mitigate adversarial AI threats? 

• Stay on top of software patches and updates to ensure you don’t leave apps exposed. 
• Have a defense-in-depth security strategy that layers multiple defense technologies and tactics rather than relying on single points of failure. 
• Make everyone at your organization aware of how AI is being used for offensive cybersecurity. 

Targeting software developers 

Threat actors always adapt what they do and whom they target. Sometimes this adaptation comes as a response to stronger defenses, but other times, it’s due to a perception of weakness in particular areas. The SANS experts believe that developers, who often work on endpoint systems with elevated privileges and have direct access to application codebases, are increasingly being targeted by threat actors.  

 These attacks sometimes involve gaining access to private Github repositories via compromised credentials. An example from late 2022 saw Slack having proprietary source code accessed via developer API tokens.  

Another type of attack sees hackers clone legitimate extensions, third-party components or other tools that developers often rely on and add malware to the malicious versions. This malware could potentially give outsiders access to a development environment, where they can insert more malicious code to propagate throughout a software supply chain. It’s not exactly easy to spot the differences between legitimate and malicious cloned versions of dev tools/components, especially when you add in the context of fast-paced modern development environments. 

A couple of suggested mitigations for these attacks include:  

• Move toward development practices like DevSecOps that focus on security just as much as other development goals.  
• Tailor user training and awareness programs to reflect developer-focused attacks.  
• Get a quality EDR solution in place and ensure it’s effectively managed. 

How Nuspire Makes EDR More Effective 

A critical takeaway from the top five most dangerous cyberattacks in 2023 is that shoring up defenses increasingly requires defense-in-depth and round-the-clock monitoring. User endpoints are being hit harder than ever, with hackers focusing on malicious adverts, adversarial SEO, ChatGPT-powered social engineering, and hitting developer systems.  

Nuspire helps you improve your endpoint defenses with our managed EDR service. You’ll get best-in-breed EDR service, monitoring, management and automation and real-time threat remediation.