Brute Force: Understanding Automated Cyberattacks
One of the wonderful places described by Italo Calvino in his 1972 novel Invisible Cities is an otherwise normal city, but with one defining trait: Everything that happens there is mirrored in a parallel underworld. Calvino was not trying to create an extended metaphor for automated cyberattacks, but he’s done so anyway. Every innovation, be it the cloud or mobile computing, which makes the enterprise more efficient and more effective helps create more efficient and more effective security threats. Every new piece of technology that helps guard against cyberattacks forces hackers in the underworld to evolve in order to live up to their name.
And they have done just that. There are seven components of a multi-staged cyberattack:
- -Reconnaissance
- -Weaponization
- -Delivery
- -Exploitation
- -Installation
- -Command and control
- -Actions on objectives
Automated attacks are involved in each of these. They can crawl sites for potential vulnerabilities and attempt to exploit those weaknesses right then or store that information in order to test it later as reconnaissance. They can steal credit card information along with usernames and passwords and test them to see if they are valid (actions and objectives). They can even take it a step further by testing stolen login information for access to additional sites.
Then they go beyond the basics. Automated attacks are now capable of learning to use an application and carrying out its basic functions. For example, Wade Williamson, Director of Product Marketing at Vectra Networks, tells us there is banking malware that can transfer money belonging to a compromised account.
Imagine the time and effort it can take an individual to research a particular enterprise, learn the ins and outs of its system, and how to get passed its security mechanisms in order to gather vital information. Now any number of automated threats can do that at any given time. This means that today’s security threats are limitless in both volume and duration. And like their human counterparts, botnets learn about and adapt to security measures, only they do it faster.
And they do it for free. So while a dedicated human might target a high profile business or web site, any site with user facing applications should be prepared against automated attacks. An application that is available to users has web markup that is visible to anyone, or anything, making it equally available to scripts designed to find, test, and attack.
After reading this particular chapter in Invisible Cities, you’re left wondering if it is in fact the world below the ground that mirrors the world above and not vice versa. And after reading this article you might be wondering if criminal enterprise is finding more efficient ways to compromise sensitive information, or if the good guys are scrambling to keep the bad guys out. The truth is that whichever side is driving the change, traditional anti-malware software and IT personnel are no longer sufficient for preventing cyberattacks. There are too many threats and they are too easy to sustain.
Automation is the key to fighting automation. Automated cyber defenses can cut off automated security threats at every turn, and if they are particularly advanced, even be one step ahead. They are also more efficient, making fewer mistakes while costing less. But perhaps the greatest advantage of good automated cyber defenses is its ability, like that of its malicious counterparts, to gather data. The vast amount of information IT leaders will have at their disposal thanks to automation will help them make better and more informed decisions in regard to safety and security.