Open Forum

All Communities
 View Only

Security BUZZ - 2023 RSA offers cyber predictions

  • 1.  Security BUZZ - 2023 RSA offers cyber predictions

    Posted 06-02-2023 08:32

    Experts at this year's pinnacle RSA Conference attempted to outline the five most dangerous forms of cyberattacks for 2023. Most of them are not new. Nonetheless...

    1. SEO-Boosted Attacks. Just as regular businesses utilize search engine optimization (SEO) to boost the rankings of specific terms to market their products and drive traffic to revenue-generating sites, the bad guys also turn to SEO. In their case, they use it to boost the rankings of their malware-loaded sites to send more victims their way.
      • The top search results are always ads and promotional links. Scroll down to the meat and pay attention to the URL before you click on it.
    2. Malvertising. Similar to how marketers utilize both organic search techniques via SEO and paid search techniques utilizing advertising, cybercriminals are doing the same. Drive-by attacks are also similarly fueled by malicious advertising (malvertising) campaigns that artificially boost the rankings of sites for certain keywords. Lookalike sites are nearly identical to the actual website adding to the challenge, as the bad guys are getting good at mimicking certain sites (i.e., Microsoft and Google login pages).
      • This has been a problem for our and many other industries for a while. Pay very close attention when using the federated login
    3. Focus on Developers. Developers are an extremely enticing target as they usually have elevated privileges across IT and business systems, the systems they use can be subverted to infect the software supply chain, and they tend to work on computers that are less locked down than the average user to enable them to experiment with code.
      • Think you don't develop any products? Think about all the partners and services you use to conduct business
    4. Offensive AI. With the explosion of large language models (LLMs) like ChatGPT, defenders should expect attackers - even very non-technical ones - to ramp up their development of exploits and zero-day discovery utilizing these AI tools. Thus far, attempts to create a malicious code have been successful but very rudimental.
    5. Weaponizing AI for Social Engineering. We have witnessed these types of attacks firsthand. Anything from phishing emails to impersonation attempts will get better and highly believable.
      • We are already seeing levels of phishing sophistication never seen before. Pay attention to EVERY email that comes your way 

    The evolution of cybercrime is moving at light speed. We need to be prepared to respond at the same rate. Resilience to these types of attacks will be the name of the game in 2023. 



    ------------------------------
    Genady Vishnevetsky
    Chief Info Security Officer
    Stewart Title Guaranty Company
    Houston TX
    ------------------------------
    ALTA Marketplace