RSA 2019: SANS shares top new security threats – and what to do about them

SANS offers advice about how to stop DNSespionage, domain fronting, targeted cloud individualized attacks and CPU flaws.
By Tom Sullivan
03:36 PM

SAN FRANCISCO — SANS Institute here at RSA 2019 on Thursday listed new types of cybersecurity attacks that include DNSpionage, cloud attacks, CPU vulnerabilities and domain fronting.

Three experts from SANS offered insights into those and other emerging threats – and gave tips to help defend against them.

DNSpionage, or DNS infrastructure manipulation

SANS has seen this attack significantly impact organizations in the last several months. "Bad guys compromised roughly a bajillion credentials," said SANS Fellow Ed Skoudis, adding that the attack involves enterprise DNS endpoints, fake certifications and intercepting email destined for your organization.

What to do: Use multifactor authentication, and two-factor at least for whenever you're making changes to DNS, deploy DNSSEC vigorously, revoke any bad certifications as soon as possible. Skoudus recommended the free services Security Trails and Entrust.

Domain fronting

Skoudus advised against believing its hard for attackers or that the issue has gone away. Instead, it is a very useful tactic for attackers to hide command and control channels and exfiltrate compromised data. "Domain fronting has shown the attackers that they can disappear into the cloud. They host it on cloud services and undermine organizations," Skoudis said. "They're laundering their connections from cloud provider to cloud provider."

What to do: Enterprise TLS interception, don't blindly trust traffic going to and from cloud providers, encrypt data in the cloud, and use the Black Hills free Real Intelligence Threat Analytics (RITA).  

Targeted cloud individualized attacks

When someone wants to get your information, it's easy, according to Heather Mahalik, director of forensics at SANS Institute. That includes where your are, where you intend go to, the information you put on social media. "There are so many ways to get in," Mahalik said. Common entry points include Android malware or the Apple FairPlay attack. "Everyone assumes you're safe on your iPhone," Mahalik added. "You're not."

What to do: Mahalik suggested reviewing your cloud settings. For Google, see myactivity.google.com, follow the provided guidelines, consider what is public, and look at location setting, see what other apps are leveraging that, run Security Checkup and if you don't like what you see, turn it off.

CPU flaws

SANS dean of research Johannes Ulrich said CPU issues are a continuation from 2018, "the CPU flaw year," and explained that computer systems are not a single CPU, but also consist of a bunch of other chips that have code running on them, processing power and memory. Attackers can take advantage of baseboard management controllers, for instance, and then use those against you because they have access to the management layer. "All of the different components need to be secured," Ullrich said.

What to do: Ullrich said to remove management utilities, control access to your management network, monitor access via management consoles, and use unique passwords for each system.

"We are all targets, the biggest mistake you can make is assuming that people don'tt care about your data," Mahalik said. "People will get into your systems if they want to."  

RSA 2019

Hottest news and views from the premier cybersecurity conference. See our full coverage right here.

Twitter: @SullyHIT
Email the writer: tom.sullivan@himssmedia.com 
Healthcare IT News is a HIMSS Media publication. 

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.