The Hacker Shift

The Hacker Shift

Hackers are still sticking to the tried-and-true methods

BY JENNA SARGENT

Despite evolutions in technology, hackers are still using the same old tricks, though sometimes in a more evolved form.

The hacker mentality is to want to grab the low-hanging fruit, or go after the easiest target, explained Sivan Rauscher, co-founder and CEO of SAM, a network security company.

For attackers trying to find those low-hanging fruits, the explosion of IoT devices is providing a large attack surface. “With the fact that your life becomes more and more connected and there are so many devices and so many endpoints in your home, statistically, some of the attacks will get to you,” said Rauscher. “And because those IoT devices are lacking a security layer like authentication, encryption, all of those classic, basic security layers, it’s so easy to hack them. They are the low-hanging fruit and that’s why it’s so easy to target IoT.”

In the past few years, Rauscher has seen a lot of repeating attack methods, such as phishing and ransomware. According to F5 Labs’ December 2017 report, “Lessons Learned from a Decade of Data Breaches,” the root cause of 48 percent of the data breach cases it looked at was phishing.

Every year cyberattack monitoring platform SAM sees more attacks of those types because they’re easy and can be pushed out to a large number of people all at once, Rauscher said.

For example, the WannaCry ransomware attack in 2017

affected thousands of computers in a short period of time and spread incredibly fast because of specific vulnerabilities in Windows computers, anti-virus provider Symantec explained. Another example of a widespread attack that same year is the Mirai botnet, which used hundreds of thousands of IoT devices to conduct DDoS attacks that brought down major websites, Cloudflare explained.

These attacks happen so frequently because attackers know that it is easier to send something to thousands of people than to go after specific targets.

“That’s how attackers think, that’s how they manipulate inside a network and infect the other devices to gain more access and gain more data,” said Rauscher. “And phishing and ransomware is a way to lure the end user to press on something and just extract data and extract your bank account, extract your social security number, and that’s how they do it.”

The bottom line is that phishing still is a very common attack method, not just for enterprise, but for end users, Rauscher explained.

Attackers can use social media to create more specialized attacks

On the other hand, many attackers are getting more and more specialized. According to Sash Sunkara, co-founder and CEO of cloud management platform provider RackWare, the emergence of social media has led to more sophisticated attacks. Hackers can look at a person’s social media and create targeted phishing emails that will look believable. They can look at your social media profiles and determine who you are connected to at work, and use that to create highly specialized attacks.

“Maybe your assistant opens something and all of a sudden the attacker has access to your network and they have access to your data,” said Sunkara, who explained that often, these phishing emails do look very real, even to smart users.

“They’re going to use methods that we were thinking were non-threatening that now are going to become threatening,” said Sunkara. “Before, you could really tell when a fake request was coming in. But nowadays it’s so well-disguised that it’s hard

to tell even for the sophisticated user. And I think that’s going to continue to escalate as far as the next year.”

Sunkara explained that at RackWare, the company sends alerts on almost a daily basis warning employees not to click on specific emails, and she estimated that they’ve seen triple the number of fake emails than usual in the last few months.

The emergence of these more sophisticated attacks has led to more of a need for education within companies. First, employees need to be educated on how requests should come through and things to watch out for. They should know what the red flags are for fake emails.

And in addition, securing your network can ensure that if an attack does get through, your data is protected.

“There has to be education, protection, and warnings on the front end, but there has to be protection on the back end in case any of these things get through and they get access to critical information,” said Sunkara.

Protecting the network ensures that having access to an IoT device doesn’t compromise your network, Rauscher explained.

DevOps created a much broader attack surface

According to Chris Wallace, security liaison engineer at telecommunications company Vonage, the emergence of DevOps has also significantly increased the available attack surface. “Hackers no longer just target the deployed software but also the tools used to automate our deployment pipeline,” Wallace said. “New attack surfaces including GitHub repositories, containers, as well as automation and orchestration tools, provide new opportunities to infiltrate a system and maintain a persistent presence while eluding detection.”

Wallace warned that a misdirected DevOps team can be vulnerable, just as an improperly configured server could be. Often, shortcuts are taken when implementing DevOps, resulting in “misconfigured environments, vulnerable servers open to the internet, a lack of appropriate separation of duties and no access control or segmentation of the network environment,” Wallace said. z