<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

close

The Rise of Automated Hacking

by Cybersprint 12 Jun 2019

There is a shift in the way cyber criminals are targeting organisations. The methods of mass phishing and hacking are making way for more directed and personalised attacks. They carefully select their targets and craft convincing messages. However, that takes much more time and preparation. To make up for that, they now use automated techniques to carry out attacks. How can you protect your organisation from this emerging threat? 

The new kind of hacker 

The age of automation has started over a century ago, offering many business opportunities for organisations. Unfortunately, the cyber crime world has now followed suit. In the past, hackers were highly skilled enthusiasts, making for a small community. They did their own extensive research and wrote their own tools and code, taking days to implement a successful attack.

Nowadays, the entry barrier is lower, making the cyber criminal community larger. Instead of each hacker creating their own tools, software and frameworks are now shared and (ab)used by more hackers.

“The days of the Nigerian prince scams are coming to an end”

The new kind of hacker uses publicly available information (also known as OSINT = Open Source Intelligence) to create a profile of their target. Examples are information taken from the company website, third party websites, social media, news platforms, powerful search engines, publicly available presentations such as Prezi, etc. This is used during the reconnaissance phase of an attack, or to impersonate an organisation’s VIP, for example. The tools used to collect (scrape) the necessary intel have become more powerful and efficient, and many more are available.

Automating these processes delivers structured overviews of an organisation’s vulnerabilities. All steps of the cyber kill chain can be automated, letting scripts hack by themselves. Collected information can also be used to create highly convincing profiles of organisations’ VIPs. The more convincing a profile is, the more likely victims are to fall for it. The days of the Nigerian prince scams are coming to an end.

How can it affect you?

What are the practical uses of automated hacking, and how can it affect your organisation? Using tools such as Shodan, hackers generate an extensive overview of internet-connected devices such as your webservers, but also security cameras, webcams or printers.

For example, In Sweden, someone used automated hacking tools to discover public webcams near a harbour. With that footage, they could monitor and identify submarines going in and out of the port. They could calculate how long the submarines had been deployed, what their range would be, and where they could have gone. This doesn’t take a team of IT specialists but can be done by anyone.


Photo submarine webcam

Though your organisation probably doesn’t lease submarines, it is likely to have security cameras at the entrance and wireless printers. These devices can be mapped and potentially accessed remotely. It’s not anyone’s business who enters your office or meet with; that information belongs to you.  

“Cyber criminals are trying their best to convince their target” 

Phishing, spear phishing & whaling 

As mentioned above, cyber-attacks are increasingly targeting specific individuals. This is called spear phishing. Instead of solely hoping unobservant people click on the phishing message, cyber criminals are now trying their best to convince their targets that they should transfer sums of money. Fake profiles, email addresses, web sites, and brand and communication styles are developed to impersonate a third party or company executive. When a high-level CxO is targeted, it’s also known as ‘whaling’.  

To build a compelling message, cyber criminals’ first step is reconnaissance. Which customers does the target organisation have, how many employees, do they use a specific email template; what are their vulnerabilities? But rather than going through publicly available information manually, they use automated resources. This makes their method more detailed and faster, with higher success rates.  

Using automated hacking as a security measure 

Know that repairing an incident is much more expensive than investing in proper counter measures. An average data breach costs a US company up to $7.9 million, next to the reputational damage. On the other hand, treating every incoming incident as a severe threat can result in false positives and incorrect assessments, hindering productivity. 

picture prevention vs resolving

You need to know what you must protect and how you should protect it. What is the scale of your digital attack surface? Which vulnerabilities appear? You can prevent attacks using automated tools that detect and assess your digital footprint - not only your own websites and digital assets, also those belonging to third-party vendors. All are related to your brand and could seriously harm your reputation when hacked by cyber attackers.  

You can’t prevent everything, but proactive detection and mitigation of your risks goes a long way. Make your invisible vulnerabilities visible - before hackers exploit them. 

 

Hâck The Hague: From council questions to a unique hacking competition

The Hague Municipality’s Council, Monday 30th of September 2019 at 10:25 AM. On this location 3 years ago, the idea for the first edition of this event was established. Today, as chairman I have the pleasure to initiate its third edition, Hâck The Hague 2019. For the third year in a row, the municipality of The Hague and Cybersprint are working together to test the digital security of the city along with its inhabitants.

read more

Use case: Provincie Overijssel

For governmental organisations, it is important to have a clear overview of their digital footprint and risks. They need to ensure the right policies are in place when it comes to cybersecurity. To illustrate their challenges, and the benefits of digital footprint management, we've interviewed one of our customers from the governmental sector. Rick Verkade, Security and Privacy Specialist at Provincie Overijssel shares his experiences in this interview.

read more

How to prevent CEO-fraud with your digital footprint

CEO-fraud is the most common form of cyber-crime to target businesses worldwide. It’s now a 26-billion-dollar scam and continues to grow rapidly, with a 100% increase between 2018 and 2019. Creating awareness among employees is critical, but doesn’t offer full protection. What technical measures should you take to prevent a CEO-fraud attack at your organisation?

read more

Do you have a question?

Our experts have the answers

Contact us