During a last years according to Top 10 cyber attack analysis, the cost of cybercrimes is growing abnormally fast. The ‘bad guys’ is continuously finding a new cyberattack threats and breaches, new more sophisticated way to get inside into network infrastructure. Cybersecurity specialists, from another hand, do their best to prevent and if happens stop bleeding as soon as it possible to minimize the costs.
These are the most eye catching attack surfaces we have to worry about next years.
Internet-of-Things (IoT)
Edge computing becomes a industry standard over the last time. IoT integrated to any aspect of our life: our home, our car and even implanted to ourself. Making a life much more convenient and controllable. But every computer is hackable and IoT not an exception. The whole world around us is potentially hackable and this is a bit scary.
This forces the attackers to look at other vulnerabilities, including the edge nodes as an access point to larger systems. End nodes historically have not been an especially lucrative target because the reward was just the information contained on that particular device. The adversary not actually interesting in hacking harmless home device, it brings a possibility to target other smart devices on the same network. As it turns out, one unprotected device can make your entire home vulnerable. This is known as a pivot attack is an attack on an end node for the purpose of using it to attack the higher-level infrastructure.
Not only information becomes a tasty fruit for an attacker, IoT device itself might be used for malicious purposes. The Mirai Botnet took place in October of 2016, and it still ranks as the largest DDoS attack ever launched. The attack that targeted a DNS service provider Dyn, using a botnet of IoT devices. It managed to cripple Dyn servers and brought huge sections of the internet down. Media titans like Twitter, Reddit, CNN, and Netflix were affected.
Another frightening example is The Jeep Hack attack. This attack was first demonstrated in July of 2015 by a team from IBM. They were able to access the onboard software of a Jeep SUV and exploit a vulnerability in the firmware update mechanism. Researchers took total control of the vehicle and were able to speed it up and slow it down, as well as turn the wheel and cause the car to veer off the road.
The most recent, in March 2022. Russia was behind a massive cyberattack against a satellite internet network that took tens of thousands of modems offline at the onset of Russia-Ukraine war. The satellite modem sabotage caused a “huge loss in communications in the very beginning of war”, Ukrainian cybersecurity official Victor Zhora said.
The IoT promises to change our future, but at the same time, it poses severe security risks. Therefore, we should stay aware and learn how to protect our devices against cyber attacks.
Artificial Intelligence (AI)
It becomes normal using AI in any aspect of out life nowadays. AI helps us predict behavior based on trend noticed in an industry during past time. It helps us recognize problem quicker or even notify us before a failure occurs. AI helps us in root cause analysis, makes it easy to understand how an attack happens and how to mitigate a risk quick. Electronic asystent, chat bots makes life easier, safe our time and money, provide us with information we need with a few clicks.
But sometime it hard to understand if something is going wrong with a training, model data must be retrieved and filtered with care to avoid insufficient moral and legal behavior or even abuse. The good example is March 2016, Microsoft was preparing to release its new chatbot, Tay, which could automatically reply to people on Twitter and engage in casual conversation, often using teenage slang. Within 16 hours of her release, Tay had tweeted more than 95,000 times, and a troubling percentage of her messages were abusive and offensive. Twitter users started registering their outrage, and Microsoft had little choice but to suspend the account.
What if AI powers by malicious purposes? A bad guys use AI to develop a new vectors of attack, specific for Artificial Intelligence. Use AI to design a new type of attack to get into network or system based on previous knowledge and models, poisoned by an attacker.
Don’t feed AI with proprietary data or use to generate a company owed code. It may cause the data be shared with OpenAI. As an example, ChatGPT is an AI language model that can assist in answering questions and generating text based on the input it receives. However, it does not have the capability to guarantee secure coding practices or conduct security assessments on code. ChatGPT does not ensure secure coding, at least for now.
But it might be used to write a simple malicious software. How it was reported that ChatGPT was used as a script kiddie to write nice functional python code combined various cryptographic functions, including code signing, encryption, and decryption.
Another kind of AI attack thread, a very new and rapidly continue to grow, is Deepfakes. Deepfake utilizes a form of artificial intelligence/machine learning (AI/ML) to create believable, realistic videos, pictures, audio, and text of events which never happened. Many applications of synthetic media represent innocent forms of entertainment, but others carry risk. The perfect way for phishing attack, direct way to influence on people’s way of thinking.
All of there is referred to adversary AI. A ‘bad guys’ use AI to provide successful attacks, they have made significant progress last years. So a ‘good guys’ should start use AI more steal.
Distributed Computing and Cloud HPC
High performance competing (HPC) is very useful with solving problem that traditional are not able to do. Doing high performance computing, simulations and real-time analysis in record time. Another level of performance is quantum systems, the systems which might be used to attack cryptography algorisms we use to protect data in rest, asymmetric algorisms we are rely on every secure transaction in transit, any secure communication protocol we are leveraging and broke them in a matter of minutes.
In epoch of cloud infrastructure it become a question of a few click provisioning as much operational and computing power as you wish. Cloud computing or any kind of distributed systems like boot nets might be used for retrieving password from hash and leverage unlimited power for cryptomining mechanisms.
69% of organizations experienced some level (at least one end-user instance) of unsolicited cryptomining. It’s not surprising that cryptomining generated the most internet traffic out of any individual category. While cryptomining is often favored by bad actors for low-key revenue generation, but, when software-based, often serves as a gateway into more serious forms of cybercrime. Malicious third parties get into your environment, and then set up a miner to make passive income while they conduct lateral moves to exfiltrate data or do something else malicious.
According to Kaspersky Lab, malicious mining programs are widely distributed through unpatched vulnerabilities in operating systems. In Q3 2022, nearly one in six cases of exploiting well-known vulnerabilities was accompanied with miner infection.
A botnet (derived from ‘robot network’) is a large group of malware-infected internet-connected devices and computers controlled by a single operator (C&C or C2). A botnet attack is any attack leveraging a botnet or devices linked together to perform the same task like cryptomining, carrying out intense web scraping or DDoS attack.
One of the most known botnet last decade is ZeuS. ZeuS spreads across banking trojans until present days. Infected over 13 millions of computers in over 200 countries. 3ve (“Eve”) was a click fraud botnet spreading using social engineering and spam. The botnet was shut down due to the joint efforts of the FBI, Google, Amazon, ESET, Adobe, and Malwarebyte. Researchers estimate the malefactors’ earnings at about $30 million.
Human Factor and Lack of Competence
These days the most successful way to breach a system is by hacking human behavior; tricking someone into giving up their username and password through phishing attacks. But even that’s getting harder to do as companies are doing a great job educating their employees on how to recognize these scams.
Data breach costs constantly excess a few millions of dollars per incident. Unproper or misconfigured data storage, credentials leak and outdated software are most common surfaces which costs a lot for even for big organization in nation scale. Data breach often serves as a gateway into more serious forms of cybercrime like ransomware and any kind of blackmail.
Over the last 20 years, the majority of cyberattacks have been remote attacks from the cloud carried out by individuals with simple goals – to see if they can do it, or to access some protected information. But over the last four or five years, we’ve seen the rise of much more organized groups focused on extortion via ransomware attacks. This “cyber mafia” are large criminal enterprises with hundreds of employees and coordinated extortion operations. In the past, most ransomware attacks have focused on extorting individuals.
Phishing and ransomware has been the case for a long time and be the case now. A lot of great work done here, but a attackers continuously looking for new ways. Cryptomining, phishing, ransomware, and trojans query volumes of around 100 million each month and this is about 90% of all attack threads detected.
Last years, more and more visible become a skill gap in cybersecurity. Companies invests more in automation, getting it bussines flows 24/7. The number of microcontrollers, smart systems and software rises exponentially, provides more attack surfaces and threads. The only about 75% of vulnerabilities of open source project are fixed, a lot of them still vulnerable. Available patches are not applied, continuous build and delivery pipelines are not protected enough (even at all). All of theses is an evidence of lack of appropriate security knowledge and as a result, an insufficient security posture of organization.
‘Bad guys’ are always one step further. We can’t make a cybersecurity specialist so quick but we could work smarter, using artificial Intelligence and machine learning (ML), implementing and following best security practices, taking care about supply chain and third party solution we use. The solutions like Multy-Factor Authentication (MFA), Extended Detection and Response (XDR), Security information and event management (SIEM), appropriate logging and monitoring for the potential attack threads will bring us a better resilience against cyberattacks in future.
Be a ethical, save your privacy!