Recently, a study, conducted by security firm Cybereason, revealed that cybercriminals are now using automation to do their crime.
A fake server known as a honeypot was used to log everything done to it by hackers. When it was put online, it was quickly found and hijacked in a matter of seconds by a bot that was able to break through its digital defenses.
According to Ross Rustici, Cybereason’s head of intelligence services, “The bot did all the hard work.” Rustici added, “It shows how lazy hackers have become.”
When people talk about hackers many years ago, they imagined a person or a group of individuals sitting in front of laptops typing malicious code. Attacks were perpetrated by humans with programming knowledge.
Today, as technology advances, going through day-to-day activities has become easier for ordinary individuals. It follows, therefore, that even cybercriminals will come up with methods that will make it easier for them to obtain sensitive data that they can use or sell.
In Cybereason’s study, the bot found the server after being online for only two hours. It then started taking over the server aggressively. Passwords created for protecting some of the server’s functions were intentionally weak. As expected, the bot cracked the passwords and stole the fake information on the server. It took only up to 15 seconds for the bot to completely own the network, siphoning 3GB of data.
Cybercriminals have been using bots to perpetrate crimes for a number of years. Typically, bots are used to seek out vulnerable servers and a full-blown breach is done by a human. This particular bot was able to carry out 80% of the work a human would have to perform thus, proving that hacking into systems has become easier and faster.
According to Cybereason’s report, “If exploit automation wasn’t enough of a concern for security teams, this technique has grown even more potent with attackers using bots that can automatically exploit vulnerabilities, create backdoors, dump passwords, conduct network reconnaissance and laterally move in seconds.”
For this reason, organizations, regardless of size, should be prepared to take a proactive approach to protecting network systems. It is time to use “threat intelligence” as a tool to stop cybercriminals in their tracks when attempting to attack – not just use it for forensics when breaches have already taken place.
Since 2017, Netswitch has partnered with ThreatSTOP in providing advanced threat detection through security analytics, with 24/7 monitoring and alerting, and remote incident investigation and response included in the end-to-end service. This service comes at a price that is affordable to small and medium businesses.
ThreatSTOP describes itself as “a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies, and automatically updates your firewalls, routers, DNS servers, and endpoints to stop attacks before they become breaches.”
ThreatSTOP emphasizes the importance of a DNS Firewall to a company’s network security. According to ThreatSTOP, it has more than 50 threat intelligence sources integrated into its platform and threats are continuously discovered by their security researchers. These threats are automatically shared as policy updates direct to the DNS Firewall.
The DNS Firewall prevents attacks by neutralizing malware’s ability to contact its command and control center thereby eliminating destruction of data or exfiltration that has bypassed existing network security layers.
All connections with the internet start with a DNS query. Users rely on DNS to connect to apps, websites, and other resources on company networks. In the same way, malware needs DNS to communicate back to their command and control servers to steal data, deliver ransomware, or turn networks into botnets to be used for criminal activities.
The DNS Firewall also performs advanced reporting which provides full visibility into DNS queries that have been blocked and identifies impacted machines. This makes remediation more accurate and efficient.
According to Netswitch CEO, Stanley Li, “The integration of ThreatSTOP’s next-generation IP and DNS Firewall Services provide Securli® with the ability to stop all inbound malicious IP addresses, along with outbound communications with threat actors. This now enables the same world-class threat detection capability as the Fortune 100 enjoys, but with pricing affordable to the mid-market. Our unique offering is now accessible to everyone seeking the best cyber-threat defense available anywhere.”
Founder and CEO of ThreatSTOP, Tom Byrnes, said, “The combination of ThreatSTOP and the Securli® MDR platform is a one of a kind offering, bringing the middle market access to the best end-to-end cyber-threat defense on the market.”
For more details on how your organization can have a DNS Firewall can protect your network, contact Netswitch today and our cyber experts will assist you.
Tip of the Week
Cyber risk is a different category of risk in an organization
Many make the mistake of separating cyber risk from other types of risks in a business or company. It is the same risk that encompasses everything from protecting intellectual property to productivity and safety of company staff. Cyber risk needs to have the same level of attention from the executives down to the rank and file employees. Everyone should be educated about cyber risk and trained on how cyberattacks can be prevented.