Hackers: The Vampires of the 21st Century
In every classic vampire movie, there’s a moment when the soon-to-be victim lingers on the threshold of his or her abode and an attractive vampire leans in and innocently asks, “Aren’t you going to invite me in?” The hapless soon-to-be victim, having never seen a vampire film before, says those fateful words, “How rude of me. Please, do come in,” and his or her fate is sealed.
Vampires know all too well that they must follow a strict set of guidelines and rules; entering a residence without permission is forbidden in the rather strict and sometimes nonsensical vampire playbook. So, they play the game, even resorting to overt sexual flirtation to get what they want — in this case, entry into a person’s private residence. Once inside, all hell breaks loose. The soon-to-be-dead victim realizes a massive error in judgment has been made, one he or she might not live long enough to regret while the vampire gets a needed feeding.
I find this bloodsucker characterization perfectly depicts the persona of today’s hacker, a saboteur who would be stuck outside a system if the innocent victim didn’t hand over the keys to the palace and basically say, “Have at it.”
The hackers of today are the vampires of the 21st century, and they feed not on the blood of their victims but on their ignorance and naivete, using tools and methodologies that sound like something from a techno-thriller — email worms, trojan horses, SQL injections, Malware, Man-in-the-middle attacks, and crypto-jacking, amongst others.
A False Sense of Security
According to Cybersecurity Ventures, global cybercrime costs will grow to U.S. $10.5 trillion annually by 2025 — more than tripling in ten years. The company claims this “represents the greatest transfer of economic wealth in history, [and] risks the incentives for innovation and investment.” This figure surpasses the yearly damage inflicted by worldwide natural disasters and will be more profitable than the combined global trade of all major drugs combined.
Caleb Barlow, IBM Security Vice President, warns “An average security operations center at a mid-sized company receives about 200,000 security events a day. Now, that’s everything from Sally forgetting her password 10 times and then remembering it, to minor security issues, to a company mobile phone moved from New York to India in two hours, says Barlow. All of these breaches and potential hacks must be investigated as it’s not always clear which is a real threat and which amounts to nothing, contends Barlow.
Cyberattacks come in all shapes and sizes, including:
- A Man-in-the-Middle attack (MITM)
- A Distributed Denial-of-Service (DDoS) attack
- SQL injection
- Zero-day exploit
- DNS Tunnelling
- Business Email Compromise (BEC)
- Drive-by Attack
- Cross-site scripting (XSS) attacks
- Password Attack
- Eavesdropping attack
- AI-Powered Attacks
- IoT-Based Attacks
- Server-Side Request Forgery (SSRF)
Certainly, the situation seems daunting. However, AI might be here to help. As Gaurav Belani explains in his article, The Use of Artificial Intelligence in Cybersecurity: A Review, “AI and machine learning are now becoming essential to information security, as these technologies are capable of swiftly analyzing millions of data sets and tracking down a wide variety of cyber threats — from malware menaces to shady behavior that might result in a phishing attack.” These technologies continuously evolve, drawing data from past experiences while helping pinpoint new varieties of attacks gathering on the horizon.
Advantages of AI in Cybersecurity
AI can evolve almost as fast as a hacker can attack. AI and machine learning can automate threat detection and respond more proactively to potential threats. “Traditional software systems just can‘t keep up with the sheer volume of new malware being created every week, so this is an area where AI can really help,” Belani adds.
By using sophisticated algorithms, AI systems are being trained to detect malware, run pattern recognition, and detect even the smallest behaviors that reveal malware or ransomware attacks are imminent.
“AI allows for superior predictive intelligence with natural language processing which curates data on its own by scraping through articles, news, and studies on cyber threats,” says Belani. He also noted that this provides intelligence on new anomalies, pending cyberattacks, which helps with prevention strategies. AI-based cybersecurity systems can use their forecasting capabilities to “formulate vital prioritization decisions based not merely on what could be used to attack your systems but based on what is most likely to be used to attack your systems,” contends Belani.
Many cyberattacks utilize automated bots, and AI can combat these. Machine learning can be used to discern between website traffic that is threatening and that which is not. “By looking at behavioral patterns, businesses will get answers to the questions ‘what does an average user journey look like’ and ‘what does a risky unusual journey look like.’ From here, we can unpick the intent of their website traffic, getting and staying ahead of the bad bots,” says Mark Greenwood, Chief Technical Architect & Head of Data Science at Netacea.
Today, potential cyberattack surfaces are growing exponentially. AI systems can inventory IT assets as well as provide an accurate record of a company’s devices, their users, the applications employed, along with an assessment of all of the different levels of access needed for the company’s various systems, says Belani. With AI, alerts can be set up to report on users who might be trying to access files they shouldn’t be running. AI-based systems can even proactively anticipate how and where a system is most likely to be compromised as well as provide a plan to allocate resources towards areas of high vulnerability, says Belani. In some cases, the AI system can even enact the plan.
Today, the number of devices used for remote work is growing and set to increase exponentially with the expansion of the IoT and the telcom revolution occurring through 5G. AI has a big role to play in securing all these devices and endpoints as this all falls under the domain that KMPG has coined the “AIoT.”
Tools like “AIOps” (AI for Operations) utilize machine learning’s pattern matching capabilities to isolate IT problems and then proactively develop processes that both solve these issues and ensure there is no reoccurrence. This can all be done automatically and at a speed impossible for humans.
AIOps provides dynamic baselining in both slow and busy times that can help reduce false or unimportant alerts that might clutter IT inboxes. Obviously, this has great security implications as AIOps can spot important correlations that drive application and security constraints. Any behavior that falls outside of a set of security parameters will instigate red flags that can inform IT there’s an immediate problem.
“AI-driven endpoint protection takes a different tack, by establishing a baseline of behavior for the endpoint through a repeated training process. If something out of the ordinary occurs, AI can flag it and take action — whether that’s sending a notification to a technician or even reverting to a safe state after a ransomware attack. This provides proactive protection against threats, rather than waiting for signature updates,” explains Tim Brown, VP of Security Architecture at SolarWinds.
Don’t let the Vampires (w)in
“It takes 20 years to build a reputation and a few minutes of cyber-incident [sic] to ruin it,” says Stephane Nappo, Chief Information Security Officer of Société Générale. This is a hard fact so many chief technology officers discover after it’s too late.
According to CNN, top executives at SolarWinds blamed “a company intern for a critical lapse in password security that apparently went undiagnosed for years.” The password, “solarwinds123,” was found by an independent security researcher on GitHub, an open-source community “where 65 million developers shape the future of software, together.” Not exactly the kind of place to be sharing important passwords. The researcher warned the company that he had found a password for their upload and download server, but his warnings were ignored and one of the most embarrassing hacks to ever hit the corporate world unfolded rapidly.
The software contained a backdoor that communicated to third-party servers. FireEye, an American cybersecurity company, started tracking the trojanized version of the SolarWinds Orion plug-in and dubbed it “SUNBURST”, which was a nice tip of the thematic vampire hat to the hackers. Apparently, there are six ways to stop a vampire according to National Geographic — yes, that National Geographic. These include garlic, a crucifix and holy water, a stake through the heart, decapitation and burning, a brick, stone, or vine between the teeth, as well as mirrors and sunlight.
That last recommendation — sunlight — is a great metaphor for how cybersecurity should operate. The more transparent an operation, the more secure it will be. Hackers prefer to work in darkness, constantly searching for weaknesses at the edge of a company’s system, continually testing the uninitiated or naive who will provide them with access to the targeted system. Keeping a company’s teams enlightened on the latest cyberattack methods, techniques, and practices will go a long way to building a secure company while keeping hackers at bay.
In most classic vampire movies, the hero stares down a horde of vampires, engages in a life-and-death struggle, and ultimately triumphs in a final battle between good and evil. These films usually follow the standard Aristotelian three-act structure, with a little Joseph Campbell Heroes Journey, and vampiric lore thrown in for good measure. Unfortunately, for most CTOs, it won’t be as simple for them to write away their cybersecurity problems, so vigilant, they must be.
It’s not always the multi-million dollar cyberhacking group that threatens us, sometimes it’s the naive intern inputting a dumb password like ‘solarwinds123’ into a system the causes the gates of cybersecurity hell to be thrown wide open. This landscape might not be quite as horrific as Dante’s or Rodin’s depictions of hell, but tell that to the harried CTO trying to explain to an angry board that the Russia-linked cybercrime group known as DarkSide has just hacked into the company’s system and locked everyone out and will only return everything to normal after a $10 million Bitcoin ransom is paid.
The battle between cybersecurity good and evil is one destined to play out over the next few decades and the stakes will be in the tens of millions of dollars even for midsize companies and we will all be engaged in the fight whether we like it or not. The German philosopher Nietzsche once said, “Beware that, when fighting monsters, you yourself do not become a monster,” but in this case, none of us can become vampires because they don’t exist. However, understanding the habits, practices, techniques, and methodologies of those who wish to do us harm should go a long way to help us keep the virtual cyber vampires at bay as well as help us remain as cyber secure as possible.