Automated Cyber Attacks Are the Next Big Threat. Ever Hear of 'Review Bombing'?




Nonhuman, automatic attacks on their own are able to realize and breach even well-protected corporations. Nervous?
You should be.
December 21, 2018 8 min read
Opinions expressed by Entrepreneur contributors are their own.
If you think hacks are bad now, just wait a few more years-- because "the machines" are coming.
Related: three ways that to shield Your Company's web site From Cyber Threats

In the next few years, artificial intelligence, machine learning and advanced software processes will enable cyber attacks to reach an unprecedented new scale, wreaking untold damage on companies, critical systems and individuals. As dramatic as Atlanta’s March 2018 cyber “hijacking” by ransomware was, this was nothing compared to what is coming down the pike once ransomware and other malware can essentially "think" on their own.
This is not a theoretical risk, either. It is already happening.
Recent incidents involving Dunkin Donuts' doctorate Perks program, CheapAir and even the safety firm CyberReason's king protea take a look at showed simply many of the ways that automatic attacks ar rising “in
the wild” and affecting businesses. (A honeypot experiment, according to Wikipedia, is a security mechanism designedto detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.)
In Nov, 3 prime antivirus corporations conjointly plumbed similar alarms.
Malwarebytes, Symantec and McAfee all foretold that AI-based cyber attacks would emerge in 2019, and become more and more of a significant threat in the next few years.

What this implies is that we have a tendency to ar on the verge of a brand new age in cybersecurity, wherever hackers are in a position unleash formidable new attacks victimization self-reliant software system tools and processes.
These automatic attacks on their own are able to realize and breach even well-protected corporations, aand in immensely shorter time frames than will human hackers.
Automated attacks will reproduce, multiply and unfold so as to massively elevate the harm potential of any single breach.

Feeling nervous? You should be.
Here ar many ways in which automatic attacks ar evolving:

Password guessing
Crack a password, and you own the account.
For years, hackers are developing higher tools to try to to simply that.

One new innovation is an automatic cyber attack known as “credential stuffing,” that uses antecedently purloined passwords to interrupt into on-line accounts.
This attack is very effective -- and dangerous -- as a result of numerous individuals utilize their passwords across multiple accounts.
This creates a significant blindspot for businesses, because even if their security is up to par, all it takes is one sloppy employee, and the whole company can unravel.

Expect these attacks to extend considerably next year, especially since there is now a glut of stolen password databases for sale in the Dark Web.
Hackers recently used certificate stuffing to focus on Dunkin Donuts’ doctorate Perks rewards program.
More businesses can fall victim thereto in 2019.

Related: The Growing Menace of Cyber Attacks within the Asia-Pacific region

However, certificate stuffing is simply the tip of the iceberg.

Researchers have discovered that machine learning programs can be used to predict the passwords a person will create in the future based on what he or she has used in the past. Think about that for a second.
This means that if someone loses one or two of passwords to information breaches over the years (and we have a tendency to all acumen simply which will happen), that person could
-- within theory a minimum of -- be forever susceptible to word attacks in the future by malicious AI systems scanning the online.
This could cause continual word breaches, which is able to be terribly exhausting to prevent.

Hacker bots
New analysis shows that hackers ar setting out to use totally automatic “bots” which may perform intensive cyber attacks all on their own.

Bots ar nothing knew: Hackers are victimization rudimentary versions of them for years to send spam and scan the online.
However, a recent king protea experiment shows simply however so much this technology has evolved: once security researchers originated a faux on-line money firm, they were shocked to see what
a single bot could do. In just 15 seconds, the bot was able to hack into the fake company, gain complete control of its network, scan for employee workstations and steal all the data it could. Again: This all took only 15 seconds.
At that rate of speed, it would be exceedingly difficult for an IT team to respond.
And these attacks can become more and more common over following few years.

Malicious chatbots
Commercial chatbots are widely used, and they are expected to save companies up to $11 billion by 2023, according to a Juniper estimate. But what happens when a chatbot goes rogue?
We’ve already seen however simply a benign chatbot is corrupted by “input manipulation” on the online, as in the case of Microsoft’s Tay.

But cybercriminals can go much further, by hacking the bot or infecting it with malware in order to turn it into an information stealer.
Ticketmaster’s Inbenta chatbot fell victim to the present form of attack.
Hackers may conjointly target the back-end network supporting the chatbot, like the [24]7.ai breach which affected Delta and Sears.

It is conjointly potential for hackers to make and launch their own chatbots, designed for the sole purpose of tricking people into sharing sensitive information or clicking on malicious links.
This is happening already in some qualitative analysis websites and apps, but it’s likely to spread to other businesses in the next few years.
Such malicious chatbots might be accustomed impersonate the legitimate chatbots utilized by real businesses so as to focus on those customers.

Bot extortion
A few bad posts on the web can undermine a company’s reputation, and cybercriminals are realizing that this is a huge market opportunity for them.
With bots, such “brand extortion” is very simple -- and low-cost -- to accomplish.
The recent attack on CheapAir, a flight value comparison web site, is that the good example: Cybercriminals vulnerable to launch AN SEO attack on the corporate unless it paid them off.
When CheapAir refused, the criminals followed through on their threat -- unleashing a torrent of negative reviews via bots.

“Review bombing” by bots can gain momentum next year and into the long run, since this capability already exists and also the attack is straightforward to hold out.
Hackers are extorting businesses for several years with denial-of-service and ransomware, thus complete extortion could be a logical next step.

Shapeshifter malware
AI is on the verge of reworking malware and attack toolkits into one thing way more dangerous than what we've ever seen, and plenty of businesses are going to be caught off-guard.

Hackers are already tweaking traditional malware to make them stealthier and harder to root out of a network, but in the next few years we will see a new evolution
in which AI “nerve centers” management and direct malware, turning them into deadly weapons with Brobdingnagian capabilities.

This isn’t the start of Skynet, however it'll have serious repercussions for businesses.
Because of its advanced capabilities, intelligence assets, mutability, increased speed, etc., AI-based malware will be better able to hunt down specific targets inside a company, hide from detection tools
like antivirus ones and unfold speedily and uncontrollably across a network.
It can additionally change itself at will so as to unleash multiple attacks at identical time.
These attacks could be crippling to business networks that aren’t prepared -- especially smaller companies.
For a higher plan of the alarming potential with AI-based malware, simply explore IBM’s DeepLocker.
This proof-of-concept malware uses facial and voice-recognition inputs to seek out a particular human target.
Almost like a guided missile.
What smaller businesses can do.
The bottom line for businesses, especially smaller businesses, is that AI will dramatically increase the potential costs of a cyber attack.

Businesses nowadays still struggle with basic attacks like phishing, however within the years ahead, firms are going to be way outmatched by intelligent, organized, high-speed machine-driven attacks that take no prisoners.

Related: Is Your Business ready for a Cyber Attack?
(Infographic)
For this reason, it is imperative that companies, and smaller ones in particular, begin to take steps now to limit their risk exposure to AI attacks:

The first step is to begin migrating critical assets to more secure cloud platforms, like AWS, Microsoft Azure and Google Cloud, as these are better able to manage the threat.
Second, consider signing up for a managed security service provider (MSSP) to safeguard the rest of the local network.
Next, make certain to implement a powerful watchword policy, two-factor authentication, employee access control and network segmentation to limit potential damage.
Consider casting off a cyber insurance, as well.

Finally, have a plan in place for when disaster strikes.
Know whom to contact in AN emergency and what steps to require to limit the harm of a breach, like disconnecting computers and safeguarding backups.