- As internet-connected technology booms, so does the opportunity for cyber-attacks
- Our daily lives are vulnerable at multiple points – from personal vehicles to the power grid
- Cybersecurity is a constantly changing landscape that requires vigilance and anticipation
Cybersecurity is one of the most important topics in computing today, mainly due to how widespread hacking is. According to a study from Duke University and CFO Magazine, more than 80% of companies in the US have been successfully breached.
There’s clearly a lot on the line here, and experts in the field are working hard to figure out the next steps in cybersecurity. Although hacking can take many forms, there are some specific cybercriminal techniques that are important to know for the years to come.
1. Physical infrastructure hacks
Physical infrastructure hacks aren’t theoretical anymore. The most frightening real-world example of this is the attack that crippled the Kyivoblenergo power company in Ukraine.
A report by the Electricity Information Sharing and Analysis Center and SANS Industrial Control Systems found that hackers attacked seven 110 kV and twenty three 35 kV substations operated by Kyivoblenergo on December 23, 2015. The attack was so well orchestrated that around 225,000 people were without power for three hours. While the research paper declines to attribute the hack to any group, the general consensus in the security community is that Russian hackers were behind it.
What’s really interesting about this attack is that while it did involve some creative problem solving, the techniques used to crack Kyivoblenergo’s system weren’t uncommon. Three distribution companies associated with Kyivoblenergo received coordinated attacks within 30 minutes of each other, demonstrating a high level of collaboration. Hackers then gained access to the network running the power grid through a combination of malware, spear phishing and manipulation of Microsoft Office documents.
While Ukraine was eventually able to restore power, this incident serves as a reminder of the fragility of modern physical infrastructure. Shutting down a power grid is an excellent way to disable an enemy, and this attack won’t be the last of its kind.
2. IoT vulnerability
The Internet of Things (IoT) is quickly becoming a major security problem. Referring to any device that has an internet connection, IoT includes household objects such as a thermostat or refrigerator. Connectivity has many benefits, but consumers frequently fail to prioritize security and therefore open themselves to attack.
You may have read about IoT botnets created by hackers, but a scenario that hits closer to home is how cybercriminals disrupt internet-connected cars. In July 2015, Wired wrote about hackers remotely killing the transmission of a writer’s Jeep through the car’s entertainment system.
Many automotive companies are now securing Controller Area Network (CAN) bus systems, as they often give hackers control over electronic control units (ECU) that handle throttle, steering and brakes. However, researchers also uncovered a selective denial-of-service attack that exploits a weakness found in the CAN bus implementation in every manufacturer’s car. To make matters worse, the attack is completely invisible to current state-of-the-art security systems.
Thankfully, car companies are aware of these kinds of issues and work hard to fix them as they appear. That said, there’s a chance that carjackers of the future will rely on a computer rather than a screwdriver.
3. Artificial Intelligence
Artificial intelligence and machine learning enable computers to solve problems independently rather than rely on direction from humans. This ability is revolutionizing computer science, but it also opens new frontiers for hackers.
For example, existing password tools like HashCat and John the Ripper let hackers guess billions of phrases, but they often require the user to enforce certain guessing guidelines. Setting up these rules takes time and effort, which is why researchers looked to deep learning tools to automatically find the best rules to break the most passwords.
The research resulted in PassGAN, a system that uses Generative Adversarial Networks (GANs.) GANs are artificial intelligence algorithms that rely on two nets (i.e., adversaries) to complete a task. One network creates solutions to a problem while the other evaluates their effectiveness.
By using advanced deep learning algorithms such as this, the research team was able to create a system that could crack passwords without assistance from a human. This would be huge for a hacker, as it would allow him or her to cast a wide net without having to worry about manually creating rules.
Cybersecurity is constantly changing, but that doesn’t mean experts can’t stay on top of its evolution. Looking to the future and anticipating attacks such as those expressed here will help industry professionals ensure the safety of consumers and businesses alike.