Understanding the behaviour of hackers and keeping businesses at the forefront of technology is crucial to mitigate cybercrime, says Martin Walshaw, senior engineer at F5 Networks.
Things in life are getting more complex. With the growth of smart devices and the increasing reliance on applications, cybercriminals continue to target online vulnerabilities.
A recent Threat Analysis Report by F5 Labs, in conjunction with Loryka, reveals how the latest cyber weaponry exposes weaknesses in the use of the internet and where intelligent data science is keeping online enemies close and helping businesses to outsmart cybercrime.
The Internet of Things (IoT) provides an environment where systems and equipment are becoming seamlessly integrated. Manufacturing is getting smarter, our homes now incorporate sophisticated consumer goods to help manage our everyday lives. There are many areas vulnerable to online fraud.
Exploiting weaknesses
The Threat Analysis report highlights that any device connected online is subject to weaknesses and exploitation. Worryingly, the findings show that IoT includes devices and software that were never designed with security in mind. As IoT vendors scramble to take a lead to market, security is often an afterthought. Internet-connected devices are the latest minions for hackers to instigate cyber-attacks.
It is not surprising that global leaders like the US, Canada and members of the EU continue to be top monetary targets due to their strong financial sectors. As a result, today’s malware targets the financial industry primarily and has increased since the release of Zeus, a Trojan horse malware package that runs on versions of Microsoft, in 2011.
Another trend is the use of Telnet-based attacks, which are becoming increasingly popular with hackers. Telnet, a TCP/IP protocol for accessing remote computers, allows an administrator or another user to access someone else’s computer remotely. The Data Scientists collected 2,174,216 Telnet brute force attacks in a six-month period that were sourced from a broad range of IP addresses. Telnet scans are a rising attack vector and have increased 140% year over year from July 2015.
Keeping up with the hackers
The stereotypical image of a hooded cybercriminal is perhaps just a myth. The most commonly known hacker profile ranges from lone wolf individuals to small groups whose motives include financial fraud, identity theft, phishing and ransom attacks. Understanding the behaviour of hackers and keeping businesses at the forefront of technology is crucial to mitigate cybercrime.
F5 Lab’s Data Scientists report includes minute-by-minute results as their efforts optimally unveil the virtual villains and unmask the malware to mitigate attacks that threaten organisations. The specialists are like data doctors who can diagnose problems quickly through rigorous threat and event monitoring, conduct comprehensive vulnerability and malware research, as well as alert teams to new findings.
Data is the crown jewel in the application-driven economy and is the prime target for hackers. Interestingly, the Threat Analysis Report highlighted that IoT botnets recently attacked multiple US state agencies leveraging 52,000 unique IP addresses.
Commerce is getting smarter with the influence of the IoT. The virtual world is becoming an important factor in optimally managing business assets. For cybercriminals, however, big data is a major incentive to exploit weaknesses in IoT device security and in an organisation’s security infrastructure. Therefore, data scientists are keeping their threats close and staying ahead of the game to develop products that strengthen the security, performance and availability of applications, so businesses can safely access the cloud anytime, on any device and from any location.
One more thing to remember – IoT and application security is changing the risk landscape. Online business security today relies on the combination of smart people and smart technologies. Getting under the hood of the hacker needs specialist intelligent solutions and data scientists are helping users and institutions to avoid being hoodwinked.