Thanks to the development in the field of technology, several companies and countries are currently ruling the world, transforming the way humans live. But, it doesn't mean that it is always a hunky-dory because along with the technology, cases of cyber attacks and data theft are also booming in the 21st century.
Almost every day, at least one company or organisation becomes the target of cybercriminals. This issue is so alarming that IBTimes Singapore reached out to one of the well-known cybersecurity company, Malwarebytes to know more details about how such attacks happen and what is the real situation.
When we contacted Adam Kujawa, the Security Evangelist / Director Malwarebytes Labs and asked to describe the current surge of cyber-attack he clearly said that of late, attacks "are primarily focused on organizational networks, like businesses, cities, schools and hospitals, as they are fantastic targets for launching ransomware malware attacks, providing a higher profits compared to the same attacks against consumers."
In this case, it should be noted that recently UK's Eurofins Forensic Services, which is the country's biggest private forensic company faced a ransomware attack and police halted all the work with the company.
However, Kujawa said that "on the consumer side, most users today have to deal with a flood of adware and malware that utilizes the user's system as a way of spreading advertising or inflating advertisement clicks owned by the criminals.
"When one group creates an attack method that is difficult for users to defend, the entire cybercrime industry will take notice and soon copy the original group."
As per Kujawa, the attacks on private or government organizations involve the use of spear-phishing campaigns or a manual attack of unsecured, internet-facing ports, like RDP (remote desktop protocol).
Explaining further, he said that after the execution of the malicious code, targeting an endpoint within the network, the attackers can install backdoor malware to get into the network whenever they need to.
Recent findings by IT security company Check Point have revealed that a malware called Agent Smith is also capable of targeting installed applications on android phones to ensure that the malware infection stays the same. When this malware attack incident was reported, Google deleted 16 vulnerable apps from Play Store.
However, the pertinent question remains: Though many companies spend a huge chunk of money to secure the networks, how can the hackers easily gain access to their networks and steal information. Is it a sign that these cybercriminals are well trained and know how to launch such attacks to gain success?
In this case, the official from Malwarebytes explained that attackers not only get inside a network but now they also "utilize spear-phishing attacks, which are specially created phishing e-mails that focus on a particular organization or user at that organization."
"In some cases, these e-mails will appear to come from a higher authority or co-worker within the organization and have a subject that is relevant and interesting to the user. Once the user clicks a link or opens a file attached to the e-mail, it either infects the systems or compromises their login details," he further added.
Another cybersecurity firm McAfee recently stated that more than 25 million voice assistants, which are connected to the Internet of Things (IoT) devices are at an increased hacking risk.
But as per Kujawa if Alexa or Google Home become vulnerable to data theft then "that makes it easy for attackers to utilize these devices for nefarious purposes."
Since the AI is considered the future ruler, IBTimes Singapore asked him whether it is possible that the hackers could use these functions to conduct several high-profile attacks in future. The Security Evangelist, Kujawa said, even though as of now no case has been reported that showed any evidence, "the best use of AI for cybercrime would be in identifying and organizing breached user data, social media details, etc."
"This would allow them to create targeted profiles based on the kind of user or organization they want to hit. While the bad guys haven't started doing this yet, it is likely on the horizon as we have seen a lot of development over the last couple of years in the realm of machine learning and other AI-based technologies."
On the other hand, Machine Learning is already in use to identify anomalous behaviour and unknown threats but the companies don't have AI that can completely protect a network on its own, "even though the technologies that are being developed to explore the use and viability of artificial intelligence is being heavily considered by the cybersecurity community," added Kujawa.
Currently, Malwarebytes utilizes machine learning algorithms that have been taught how to identify unusual activities and detect or defeat these threats on the fly. In the future, the company is expected to see AI technology used to provide security administrators with greater visuals into what happens on their network and make it easier to identify potential security threats.
In terms of prevention from the cyber-attacks, Kujawa said there are two main areas that the cybercriminals focus on when it comes to infiltrating networks or infecting single users: social engineering of the users and/or misconfigurations and unpatched systems.
"Phishing attacks, which send malicious files and links to users under the guise of legitimate e-mails are still the primary method of spreading malware today. Other vulnerabilities also exist because of outdated systems, which cyber criminals focus on.
"Misconfiguration of internet-facing applications (for example if you run your own WordPress server) are frequently identified by cybercriminals using scanning tools that look at all connected systems and identifies vulnerabilities. By doing this, they can take over the server for the purposes of hosting other attacks and malware, or use it as a springboard into the rest of the network."
When it comes to tracking down the hackers, it always depends on what kind of mistakes they have made, as it is very easy to hide the tracks online. But, Kujawa said, "If an attacker was to brag on a darknet forum or leave some identifying information inside custom-built malware, law enforcement can use this to help track down the criminal, but more often than not, this is not possible."