How Hackers Use Automation to Enhance Attacks
In the Midst of the Covid-19 Pandemic Hackers are using Automation to Enhance Their Attacks
As Covid-19 infects populations around the world, online hackers are taking its lead and upping their attacks on the cybersecurity infrastructures surrounding our digital lives.
While staying at home and self-isolating may slow the rate of infection from the virus, we’re spending increasing amounts of time online. Have any of us ever binge watched so much Netflix? And forget the coolest restaurants or bars. Uber Eats drivers are beginning to know our address intimately while virtual parties on Zoom or Google Hangouts are the new Saturday nights.
Staying in really is the new going out.
While we look to fill the endless days in lockdown by leaning on our broadband connections (what would we have done in this situation without the internet?), our now almost constant online use leaves us more open to threats from cybercriminals than ever. The global pandemic has created plenty of opportunities for hackers to prey on our anxieties surrounding the disease as we all struggle to come to terms with the changes it has wrought on our everyday lives.
It’s not all bad news. An international group of almost 400 cybersecurity experts has come together to form the Covid-19 CTI League to fight hacks related to the coronavirus. The group spans more than 40 countries and features leading professionals from Microsoft and Amazon. But according to the body, there has been a huge increase in phishing attacks using the fear of Covid-19 to target internet users.
This rise in cybercrime is in part thanks to the adoption of new techniques from the hackers (who are obviously as bored as we are while in self isolation).
Automation is a process many businesses use to increase the efficiency of systems. While the cybersecurity industry is utilising automated data collection and processing to protect against data breaches, hackers are copying this behaviour and using these techniques to scale up their malicious campaigns. Why? Well automation is believed to generate more success and greater profits from data breaches. Here’s where hackers are using automated tools the most.
Phishing and spam
Phishing emails are one of the most common scams used by hackers to try and steal our personal data. Cybercriminals use automated software to generate email addresses, then send out scams around coronavirus cures or financial relief. Automating this process means millions of consumers can be targeted at once.
Hackers recently targeted Premier League soccer clubs in an attempt to commit a cyberattack against Britain’s sports sector. There’s plenty at stake as the industry contributes a whopping £23.8 billion annually to the economy.
How can institutions such as the top soccer clubs ever get hacked? Well, it all boils down to human factor and the advanced intervention methods hackers use. On the threshold of a serious transfer negotiation, the managing director of a Premier League club was involved in an email hack. As a result, £1 million was stolen by cybercriminals.
Though there’s no evidence to show where these attacks come from, the impact on the industry is very real. In fact, 70% of major sports organizations fall victim to a cyberattack at least once every 12 months, with 30% suffering a financial loss of £10,000 per incident. It’s a wake up call for organizations worldwide to treat cybersecurity with higher levels of awareness – and care.
Keyloggers record your actions on your keyboard and can be an effective way for hackers to access personal information such as passwords around banking or online shopping profiles. An automated keylogger can monitor an infected user’s online behaviour to expose this sensitive data.
Loaders and cryptors
Loaders and cryptors allow threat actors to deliver scams that go unnoticed by antivirus programs. Malicious software can be automated in advance, meaning even the most technically inexperienced attacker can install the malware.
Brute force attacks
These attacks are one of the well known ways threat actors automate cyberattacks. Attackers often use lists of commonly used passwords and an automated password hacking tool to gain access to online accounts.
Credit card sniffers
Cybercriminals download a plug-in, then follow instructions to set what they want to buy or sell on dark-web forums. They can automate this process to help them beat the competition to access illegally acquired personal data or information.
These kits automate the exploitation of any browser vulnerabilities to enable successful virus infections to deliver other types of malware.
Bulletproof hosting services
Bulletproof hosting services (BHS) offer protection to cybercriminals by hiding any of their malicious online activity. They use automated techniques such as geo-spoofing to prevent the authorities discovering where an illicit service is hosted or by whom.
Data breaches and sale of databases
Databases featuring personal information are always being traded between cybercriminals. In many cases, automation will be used to pick out the most relevant information from this data, whether that be a password or email address. This will then be sold for a tidy profit.
While this list makes the work of hackers look potentially terrifying, remember that you can stay one step ahead of them by becoming aware of what to look out for around any suspicious online behaviour.
* * *
By constantly refreshing your knowledge (the digital equivalent of washing your hands during this coronavirus pandemic), you give yourself the best chance to avoid becoming victim to one of these automated scams.
Visit our blog to stay updated on all the latest online threats and hacks as well as best practice on keeping your personal data from being exposed to cybercriminals.
Remember to look after your digital health in the same way as your physical and mental wellbeing. And stay safe out there.