April 23, 2015
‘Boxing With Ghosts,’ – 6 Most Dangerous New Cyber Attack Techniques In 2015: SANS Experts Lay Out The Up-And-Coming Trends In Cyber Attack Patterns At RSA Conference
Ericka Chickowski, posted an article (April 23, 2015) the website, Dark Reading, regarding the up-and-coming cyber attack patterns and trends — as presented by SANS researchers at this weeks RSA Conference in San Francisco, CA. Ms. Chickowski writes that SANS Director John Pescatore, led a panel on future trends and threats in the cyber domain that included SANS Faculty Fellow and CEO ofCounterHack Challenges, Ed Skoudis, Jonathan Ullrich, Dean of Research for SANS, and Michael Assante, SANS Project Lead for Industrial Control System (ICS), and Supervisory Control and Data Acquisition (SCADA) Security. Each offered their thoughts on how they’ve seen [cyber] threats evolving; and, which techniques they expect to gain steam over the next year.”
Technique Number 1: Attackers Will Expose Breached Data Dumps In Dribbles: According to Dr. Skoudis, “more organizations will need to face the prospect of attackers not only getting savvy in how they steal information; but, also in how they disseminate it, particularly if they’re looking to publicly humiliate their targets. I’m talking of course, about the Sony situation. Instead of just doing the big data dump, they put a little bit out there,” Skoudis said. “The reason this is more damaging — is the organization doesn’t really know how to respond What is the magnitude of the whole thing? Also, the organization’s response…by the time you get to day three, or four, the disclosures — make what they said on day one look silly. So, there’s more damage; and, it amplifies it for the target organization. It”s like your boxing with ghosts.”