Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Automated Cyber Attacks Are the Next Big Threat. Ever Hear of 'Review Bombing'?


Opinions expressed by Entrepreneur contributors are their own.

If you think hacks are bad now, just wait a few more years-- because "the machines" are coming.

Related:3 Ways To Protect Your Company's Website From Cyber Threats

In the next few years, artificial intelligence, machine learning and advanced software processes will enable cyber attacks to reach an unprecedented new scale, wreaking untold damage on companies, critical systems and individuals. As dramatic as Atlanta’s March 2018 cyber “hijacking” by ransomware was, this was nothing compared to what is coming down the pike once ransomware and other malware can essentially "think" on their own.

This is not a theoretical risk, either. It is already happening. Recent incidents involving Dunkin Donuts' DD Perks program, CheapAir and even the security firm CyberReason'shoneypot test showed just a few of the ways automated attacks are emerging “in the wild” and affecting businesses. (A honeypot experiment, according to Wikipedia ,is a security mechanism designedto detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.)

In November, three top antivirus companies also sounded similar alarms. Malwarebytes , Symantec and McAfee all predicted that AI-based cyber attacks would emerge in 2019, and become more and more of a significant threat in the next few years.

What this means is that we are on the verge of a new age in cybersecurity, where hackers will be able unleash formidable new attacks using self-directed software tools and processes. These automated attacks on their own will be able to find and breach even well-protected companies, aand in vastly shorter time frames than can human hackers. Automated attacks will also reproduce, multiply and spread in order to massively elevate the damage potential of any single breach.

Feeling nervous? You should be. Here are a few ways that automated attacks are evolving:

Password guessing

Crack a password, and you own the account. For years, hackers have been developing better tools to do just that.

One new innovation is an automated cyber attack called “ credential stuffing ,” which uses previously stolen passwords to break into online accounts. This attack is extremely effective -- and dangerous -- because so many people reuse their passwords across multiple accounts. This creates a major blindspot for businesses, because even if their security is up to par, all it takes is one sloppy employee, and the whole company can unravel.

Expect these attacks to increase significantly next year, especially since there is now a glut of stolen password databases for sale in the Dark Web. Hackers recently used credential stuffing totarget Dunkin Donuts’ DD Perks rewards program. More businesses will fall victim to it in 2019.

Related:The Growing Menace of Cyber Attacks in the Asia-Pacific region

However, credential stuffing is just the tip of the iceberg.

Researchershave discovered that machine learning programs can be used to predict the passwords a person will create in the future based on what he or she has used in the past . Think about that for a second. This means that if a person loses a couple of passwords to data breaches over the years (and we all know how easily that can happen), that person could -- in theory at least -- be forever vulnerable to password attacks in the future by malicious AI systems scanning the web. This could lead to continual password breaches, which will be very hard to stop.

Hacker bots

New research shows that hackers are beginning to use fully automated “bots” which can carry out extensive cyber attacks all on their own.

Bots are nothing knew: Hackers have been using rudimentary versions of them for years to send spam and scan the web. However, a recent honeypot experiment shows just how far this technology has evolved:When security researchers set up a fake online financial firm, they were shocked to see what a single bot could do . In just 15 seconds, the botwas able to hack into the fake company, gain complete control of its network, scan for employee workstations and steal all the data it could. Again: This alltook only15 seconds.

At that rate of speed, it would be exceedingly difficult for an IT team to respond. And these attacks will become increasingly common over the next few years.

Malicious chatbots

Commercial chatbots are widely used, and they are expected to save companies up to $11 billion by 2023, according to a Juniper estimate. But what happens when a chatbot goes rogue?

We’ve already seen how easily a benign chatbot can be corrupted by “input manipulation” on the web, as in the case of Microsoft’s Tay .

But cybercriminals can go much further, by hacking the bot or infecting it with malware in order to turn it into an information stealer. Ticketmaster’s Inbenta chatbot fell victim to this type of attack. Hackers could also target the back-end network supporting the chatbot, like the [24]7.ai breach which affected Delta and Sears. It is also possible for hackers to create and launch their ow

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles

Latest Images