Threats from the Net
By Raffaella Aghemo on The Capital
In a historical moment, in which every human and professional relationship, passes through a network system, you feel more and more often we talk about a plague, which is constantly spreading and evolving.
Behind the most incomprehensible acronyms are threats to the most well-known information systems.
- DDOS
One of these terms, of which I read more and more often, is DDos, whose acronym stands for Distributed Denial of Service, i.e. a distributed interruption of the service: in the field of IT security, it indicates a malfunction due to an attack, in which you deliberately exhaust the resources of a system computer that provides a service to clients, e.g. a website on a web server, to the extent that it does not more able to provide the service to requesting clients; when it is distributed, it is impossible to stop it, blocking only one source!
The “criminal” action of these attacks has the aim of making access to a website inaccessible, victim of the attack, exploiting, through a special program, a series of unaware computers, defined as “zombies”, on which that program is installed and which are activated at a given command.
This dense network of computers, infected with malware and Trojan horses, is called a botnet, remotely controlled by a single hacker or a gang of hackers.
Although in the latest Netscout Threat Intelligence Report, there has been a decrease in attacks since 2017 to 2018, at the same time, however, it was noted a greater breadth and spread of each individual attack, that far exceeds the defense capabilities of the most “fortified” servers. The proliferation is probably due to the increasing diffusion of open — source software, entered without any control safety quote!
The problem, already complicated in itself, can create a serious danger in the case of IoT, Internet of Things, all those systems, from appliances to cars and all kinds of devices, that have an “interview” through the net! It is no coincidence that in the dark web you can find botnet systems for sale, which increase the risk of real computer blocks! If before the most affected countries were the United States, Russia, and Japan, today you can see the spread of the phenomenon also in European countries, such as Italy, France, the United Kingdom and above all, the Netherlands!
- Future of the cybercrime
In times when security, privacy protection and the search for the “inviolability” of computer systems become the cornerstones to defend themselves against misinformation, fake news, and continuous data breaches, hackers are studying new and more powerful “weapons” to break down new protections and create new threats.
- GAN
According to a recent MIT study, new types of cyber-attacks will be developed in 2019, thanks to the development of new technologies in Industry 4.0. The GAN technique, from the acronym Generative Adversarial Networks, is a maneuver, which aims to put two neural networks against each other: you try to guess which models of Artificial Intelligence the network is using, to violate them and then reuse them against it.
One of the paradigms of the new technological system of the blockchain, is the non-attachability by hackers, but even here cybercriminals get smart, study, evaluate, investigate to find systems to tamper with smart contracts, which are still in the process of improvement and serve to automate operations and transactions between the parties.
Paradoxically, if the giants invest billions in cybersecurity, the smaller realities become more attractive targets; of recent news is the Cloudhopper case, in which the attack, according to the American Intelligence, of Chinese matrix, hit a small company that managed the servers of larger clients and companies.
Also in the Iot (Internet of things) area, according to a recent study, conducted in collaboration with the Milan Polytechnic Institute, a general “weakness” emerged in Operation Technology, especially in two systems, Mqtt and CoAp, widespread protocols in machine-to-machine technology, from which the data of more than 19 million users were stolen.
Also in the field of videogames, Blank Media Games, producer of the game “Town of Salem”, suffered a data breach that led to the theft of 7 million players’ data. One of the developers of the game apologized, from the parent company’s website, to its users for the late response, explaining that the breach occurred during the Christmas holidays, days when there was no one in the company, and reassured that no payment data and credit cards were held; this episode has turned the spotlight on the vulnerability of the system, revealing that some of the players were under 16 years of age, the minimum age for the processing of personal data under Article 8 of the GDPR, (except possible exceptions in some EU countries, which may bring this threshold, not below 13 years) and revealing an unsafe site, which still maintains the “http” protocol, now abandoned in favor of the more secure “https” (Hypertext Transfer Protocol over Secure Socket Layer).
At this point, the question is: will technological growth be faster or will the strategies designed to undermine it become faster?
All Rights Reserved
Raffaella Aghemo, Lawyer