Cyber Criminals Turn to Automated Hacking Tools
17th April 2018
A study has found that Cyber-Hackers are turning to automated bots in order to find and hack vulnerable machines and servers more efficiently than ever before.
The study which used a fake server known as a “honeypot” was used to log and store information on all attacks that intruders attempted on the system along with successful attempts and the activity that followed them.
The study was put online by Cyber Security Firm Cybereason and remarkably, in no time at all the server was found by a bot which breached its cyber defence in seconds and started to look through the server’s systems. This attack was carried out completely automated with little to no human help once it had been set on its way making the process simpler and more efficient for hackers. Essentially, they have become lazy and have started to create bots to do their dirty work for them.
Cybereason has said it expects to see more attacks staged with little human help in the near future.
The fake server or “honeypot” was made to look more convincing by making it look like a fake finance company, this was done by Cybereason giving it a name, creating fake staff identities and creating false network traffic. This allowed bots to see it as a worthy target that might hold some valuable information and data and therefore they attacked it at will. It took 2 hours for the first attack to surface which sought to aggressively take over the server.
Fake passwords which in real-life would be used to protect the server’s functions were made intentionally weak to tempt the bot further, a piece of bait which it easily bit at figuring them out with ease and then proceeding to dig up as much information from the machine as it possibly could.
Within 15 seconds of getting access, the bot:
- sought out and exploited several known vulnerabilities
- scanned the network to which the server was connected
- stole and dumped credentials for other vulnerable machines
- created new user accounts for its creators to use
This was done in a completely automated fashion with the end hacker just sitting back and relaxing as the bot completed 80% of his/her work. Bots are often used to seek out vulnerable machines and servers but usually from the initial discovery of the vulnerable machine to the breaching of its systems is largely carried out by a person and not a bot.
However, this case clearly shows this is no longer necessary with the majority of the work carried out by the bot making the hackers life so much easier and worryingly for businesses allowing a potential new stream of attacks to target your vital information.
“We have never seen this first-hand before,” said Mr Rustici, Head of Intelligence Services at Cybereason.
Once the bot had completed its mission the attack went quiet for two days with no activity whatsoever recorded. However, after the second day, the human hackers returned and the compromised server allowed them access. Altogether the attackers took around 4 Gigabytes of data that was completely fake, but if this was a real server you could see how much potential damage could have been done with the information they managed to take in such a short amount of time. This highlights how important it is in the modern day that business owners make sure their cybersecurity is a priority as bots are constantly seeking out vulnerable machines in order to exploit them and get hold of your vital information that could cause unrepairable damage to your business.
To create an effective Anti-Virus system, PC Comms has identified the following as mandatory:
- Anti-Virus / Anti-malware software: ESET is the antivirus software which we advise all of our customers to be using. It is the most effective and fastest anti-virus solution on the market. We also recommend Malwarebytes to enhance your malware protection.
- Passwords: It is each user’s responsibility to ensure that they are using secure passwords which are changed regularly. A system is only as safe as the password which guards it! Consider using a password management tool such as RoboForm or LastPass to ensure password security is at its maximum.
- Common Sense: Never open an email attachment from a contact who you don’t know. Be aware of phishing emails asking you to login to banking websites, access the HMRC portal etc. Check out the Microsoft phishing examples Website. HMRC Website. FFA UK Website.
- Backups: Take an offsite backup of your data (ie, back up to a USB drive) – start with the most critical and valuable data first. If you’re using a USB drive, once your backup has finished, unplug the drive otherwise in the event of a Ransomware outbreak this could become encrypted.
We also recommend Office 365 for your email system, this has exceptional spam filtering capabilities and when combined with MS Advanced Threat Protection this further enhances your protection from the biggest source of Malware infections.
If you need any further information regarding any of the products we recommend, just speak to a member of our sales team who will be more than happy to help you.
If you are concerned about your businesses Cyber Security or any other ICT issues, contact our helpdesk – open Monday to Friday 9 am – 5 pm for ad-hoc support on 01278 458558
We also offer a Free Security Review of your IT systems, call us today to book yours on 01278 458558 or email email@example.com
Sources – http://www.bbc.co.uk/news/technology-43788337