The laziness of hackers is making them smarter. Technological advance is offering new techniques to malign actors and honeypots provide the opportunity to observe how hackers operate. In new types of attack the “dirty work” is carried out by the machine drastically cutting human involvement and time. What it is worrying is not only that automation is taking over but who the ultimate beneficiary of it is and about how the automation of crime could see it rise to a level as yet unheralded.
‘Honeypot’ was a term used in Cold War time espionage to define the technique of extracting information through seduction, more commonly known as the trap. In modern days the cyber world has expropriated the vocabulary to refer to the trap that business can employ to stop hackers. Like a bear is lured to the honey, similarly an attacker is lured to a fictitious entity or a specific section of the system to prevent damage and losses or study his moves.
Although times have changed and now a great portion of our lives has moved to the cyberspace, the ideological concept behind honeypot of “seducing” and attracting the target subject to obtain information has not. The technique is very straight forward, and businesses could look upon this as an added measure of protection: divert the hacker or the criminal element to look elsewhere while your real secrets remain unspoiled. However, criminal elements can also employ this method, turning it into a double-edged sword.
A recent study by Cybereason set up a fake network, a specifically designed honeypot, to observe hackers’ patterns of behavior. What emerged is that the human element has drastically decreased leaving more room to the automated agents. Attackers, in fact, utilized a bot to do their “dirty work”: conducting reconnaissance, identifying the vulnerabilities to exploit and access the server. Once the bot obtained access it was left to the human actor to select the preferred data to steal.
The experiment shed a new light and reveal how much nowadays society relies on automation and machines and how these can be useful and deleterious at the same time. Hackers find the best way to take advantage of what the current technology offers. Employing bots to conduct early reconnaissance and exploitation is becoming more and more popular as it saves time and efforts to the attacker and can conduct in few seconds what to a human would have taken minutes or possibly hours.
Malicious attackers will have the leverage unless businesses as well as private individuals take suitable and appropriate precautions. Given the feasibility of hacking, the game is changing, and attacks will increase in complexity and sophistication along with serious damages. It also raises the spectre of IT staff getting distracted by focusing on ‘the wrong threat’. Are we prepared for an environment of chasing down the obvious threat while letting another slip by unnoticed?
In the global scene Russia is the actor to watch out for. According to the experiment mentioned above, the IP addresses of the hackers that fell in the trap were mainly originating from Russia. Russia’s cyber capabilities are a stated fact, widely recognized and feared, representing the biggest threat to the UK at the moment.
Russia has been incriminated for having interfered in the US election – and potentially various others – using trolls and botnets that created fake twitter accounts directing and influencing opinions of the voting majority. Again, after the Salisbury poisoning there has been a 4,000% increase in the disinformation tactic employed by Russia, and automated bots are the means behind it. But as damaging as these can be to political relationships and global security, they may themselves be the distraction. It is suspected that beneath all its ‘fake news’ rhetoric Russia is looking to link together a gigantic botnet that could potentially cause serious damage to UK infrastructure and amenities.
Routers are the key. Routers are prime targets for automated attacks. It is believed that Russia will go after routers, they are an easy way to get access to the entire network and steal the wanted information or even remain dormant conducting background espionage, without the hacked entity noticing. Having control of the router allows spaces for imagination; the router is the node from which everything can be controlled, such as data or traffic as well as a DDoS attack launched.
Nobody is too unimportant to be a target and the threat itself may not even be where you think. Our attitude to cyber-security needs another paradigm shift.
