Robots and ‘dark areas’ of IT structures aggravate risk environment

Among the main “persistent vectors”, which are related to the origin of risk incidents, one of the highlights is the vulnerability tied to the internal user’s – or the human factor’s – unpreparedness for the security issue. Banal mistakes like weak passwords, access and file downloads from unknown sources and overexposure on social networks are some of the gaps left by the user.

The alert appears in the report “Vectors of Cybernetic Risk” for the first half of 2017, by Aker N-Stalker, a cyber security technology company. According to the document, the menu of vulnerabilities increases and is becoming more complex from new targets of greed such as the valuable crypto-coins, the use of social engineering and data mining to create false avatars of people with power and money .

The document also places as rising ingredients the employment of artificial intelligence and robotics by the crime community and the exploitation of valuable business data from “dark zones” of IT structures, which increase with cloud and tangle expansion of the big data environment. This is an area unknown in the networks and is increasing rapidly from the migration of companies in the cloud and the large number of applications and IT devices that users add to the corporate network for day-to-day use, without greater control of the administrator and without being part of an inventory of system entities.

Cyber warfare firecrackers

Firecrackers of cyber warfare also generate some emerging vectors for possession of cybercrime technologies via cybercriminals, for example the recent waves of attacks coming from WannaCry and Petya ransomwares and also by variants of Stuxnet, all of which originated from US Secret Service appropriate by hackers.

Linked to this phenomenon, the Aker N-Stalker notes a greater effort of crime – or even cyberterrorism, cyber-intelligence or secret services of the countries – in achieving strategic national systems. In fact, the attacks that are more systematic in the scope of Scada management deserve special attention, a generally isolated system of the web that is inserted to industrial operations and also to large companies of energy infrastructure, water, transport, hospitals, etc.

Internet Risk of Things

According to the study, these aggregates are generally packaged with embedded software that makes it extremely difficult to perform security maintenance activities such as sending  patch patches  that can provide counter-attack resiliency. Thus, the proliferation of these devices helps to multiply the vulnerability points, making them the new target of malware like the Mirai botnet.

In the wake of cyber-attackers in a wave of cyber attacks in support of WikiLeaks in late 2016, Mirai was able to knock down almost half of US web servers after enslaving and using as zombies more than 100,000 IoT devices such as cell phones, IP cameras , home routers and even electronic gatekeepers.

Robots in charge of attacks

In the “Emerging Vectors” list, the Aker N-Stalker team also positions the rapid dissemination of artificial intelligence, translated into applications and services such as autoevolutionary games (backed up by machine learning) and interactive robotic attendance systems of chatbots), mainly used in e-commerce, digital advertising and data mining of Internet users.

It is not enough to increase the vulnerability brought by this new vector, through useful and lawful applications, cognitive computing has also been appropriated by crime to perpetrate strategies of refinement and increase the forcefulness of attacks.

In combination with such trends, criminals increasingly rely on sophisticated technologies such as social engineering, predictive analysis of standards (to circumvent defensive systems), and encryption techniques to appropriate control of third-party servers, and thus , perpetrate ransomware (data hijacking) or denial of service attacks.

Part of this new trend is the emergence of a new form of phishing, whaling, which selects, profiles and falsifies identities only of victims of high purchasing power or decision-making power in companies.

Password in enemy hands

One of the most persistent and old insecurity vectors is the use of weak passwords by users and even administrators who do not have strict control over admin-type access privileges, says the report.

According to Aker N-Stalker, there is a greater concern on this point by network managers, through the adoption of management and identity management systems, as well as devices known as “password vault” which create momentary, complex, non-customizable credentials.

But the proliferation of weak passwords unrelated to management models persists and becomes a more serious problem due to practices such as sharing service credentials between in-house or outsourced employees and creating temporary passwords that are not later deactivated. To compound the high-risk scenario, it is common for employees of a company to use the same passwords they use to access data or corporate applications on external sites, such as webmails or social networks.

Developing loopholes for crime

According to the study, cyber insecurity is aggravated by the growing practice of “agile development” by those responsible for creating business software. According to this philosophy, apps and fixed applications need to be designed and activated in extremely short time frames to respond to the digital “waves” of fleeting business opportunities and volatile trends of the crowd.

The problem is that by leveraging agility and collaborative development, such a delivery philosophy tends to abolish a number of secure engineering protocols that slow down the launch of applications but leave fewer gaps.

In order to protect this fragility, “agile” idealists propose “Bimodal IT”, which tries to reconcile the speed of the project with the formality of protocolary cautions, but the fact is that such a model is still in the process of maturation.

Stealing Crypto-Coins

Another emerging vector of the report, which had already been detected in 2016, is the popularization of virtual currency applications. This is the case of the famous Bitcoin and other lesser known crypto-coins like the Ethereum, which today holds 25{7e39d0cb4f0b034783fbf1625ad806fd9c4f1bb2ab10795a2417f588e8be1e47} of the business in this segment.

With the stabilization of encryption technologies and the failure of users to protect their account access keys in an absolutely secure way, attacks on these systems become common. In just three recent and near-simultaneous attacks on the Ethereum bookkeeping system, hackers have been able to roll out fraudulent virtual wallets and divert transactions from two cryptographic firms totaling more than $ 40 million.

You have to go to the attack

According to Thiago Zaninotti, chief technology officer of Aker N-Stalker, the combination of all these vectors points to a consistent increase in cyber risk and requires companies to adopt more explicit and comprehensive policies.

“Companies need to apply constant vulnerability scanning on local and cloud installations and set standards of conduct that can engage all employees in the risk mitigation and cyber surveillance, “says the expert.

Zaninotti cites, in this regard, how the managers of the Ethereum currency managed to avoid the worst in the above-mentioned attacks. As soon as they realized the invasion, the managers used offensive techniques (similar to those used by hackers) and “robbed” of the system itself about $ 73 million, which were diverted to a safe place until the hacker was neutralized, to be later returned to their owners.

According to Rodrigo Fragola, CEO of Aker N-Stalker, technology companies need to play a more proactive role in disseminating cyber security practices and insights not only to large users, but especially to SMEs, which are the weakest network. “It takes increasing effort to make technology more sophisticated and affordable to the budget and to the critical mass of small business assimilation and management,” says Fragola.