It Takes Hackers About an Hour to Hit a New Online Business

By:  |  Category: Blog, Security Wednesday, February 28th, 2018  |  No Comments
New Business

How fast do Hackers start Attacking a New Business?

According to new research, cyber-criminals start attacking newly set up online servers about an hour after they are turned on.

Recently, the BBC asked a security company to run an experiment to judge the scale and breadth of cyber-attacks that businesses face on a daily basis. Only 71 minutes after the servers were set up online they were trolled by automated attack tools that scanned them for vulnerabilities they could exploit, discovered security firm Cybereason.

Once the bots discovered the machines, they were subjected to a “constant” assault by the attack tools.

The servers were accessible online for about 170 hours to form a cyber-attack sampling tool known as a honeypot, said Israel Barak, chief information security officer at Cybereason. The servers were given real, public IP addresses and other identifying information that announced their presence online.

“We set out to map the automatic attack activity,” said Mr Barak.

To make them even more realistic, he said, each one was also configured to superficially resemble a legitimate server. Each one could accept requests for webpages, file transfers and secure networking.

Although the servers were not capable of doing anything more than providing a very basic response to a query about these basic net services and protocols, it did not deter the automated attack tools, or bots, that many cyber-thieves use to find potential targets, he said. A wide variety of attack bots probed the servers seeking weaknesses that could be exploited had they been full-blown, production machines.

It should ne noted that many of the code vulnerabilities and  loopholes they looked for are known issues, however, added Mr Barak, many organizations struggle to keep servers up-to-date with the patches that would thwart these bots potentially giving attackers a way to get at the server.

During the experiment:

  • 17% of the attack bots were scrapers that sought to suck up all the web content they found
  • 37% looked for vulnerabilities in web apps or tried well-known admin passwords
  • 10% checked for bugs in web applications the servers might have been running
  • 29% tried to get at user accounts using brute force techniques that tried commonly used passwords
  • 7% sought loopholes in the operating system software the servers were supposedly running

“This was a very typical pattern for these automatic bots,” said Mr Barak. “They used similar techniques to those we’ve seen before. There’s nothing particularly new.”

As well as running a bank of servers for the BBC, Cybereason also tried to find out how quickly phishing gangs start to target new employees. It seeded 100 legitimate marketing email lists with spoof addresses and then waited to see what would turn up.

After 21 hours, the first booby-trapped phishing email landed in the email inbox for the fake employees, said Mr Barak. It was followed by a steady trickle of messages that sought, in many different ways, to trick people into opening malicious attachments.

About 15% of the emails contained a link to a compromised webpage that, if visited, would launch an attack that would compromise the visitor’s PC. The other 85% of the phishing messages had malicious attachments. The account received booby-trapped Microsoft Office documents, Adobe PDFs and executable files.

According to Brian Witten, senior director at Symantec research–We use a lots of honeypots in a lot of different ways. The concept really scales to almost any kind of thing where you can create a believable fake or even a real version of something. You put it out and see who turns up to hit it or break it.

There are honeypots, honey-nets, honey-tokens, honey anything.

When a customer sees a threat that’s hit hundreds of honeypots that’s different to when they see one that no-one else has. That context in terms of attack is very useful.

Some are thin but some have a lot more depth and are scaled very broadly. Sometimes you put up the equivalent of a fake shop-front to see who turns up to attack it.

If you see an approach that you’ve never seen before then you might let that in and see what you can learn from it. The most sophisticated adversaries are often very targeted when they go after specific companies or individuals.

If you need assistance with your cybersecurity solution give EnhnacedTECH a call at 714-970-9330 or contact us at [email protected]

Source: BBC

Source Image: https://pixabay.com/photos/technology-computer-internet-3190200/

Leave a Comment
Read previous post:
Credit Cards
Identity Theft at All Time High

More Social Security Numbers Stolen than Credit Cards According to 2018 Identity Fraud Study from Javelin Strategy & Research, identity...