<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Free Quickscan →
Cybersprint Digital Risk Protection Platform

Digital Risk Protection

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

The Rise of Automated Hacking

by Cybersprint Jun 12, 2019

There is a shift in the way cyber criminals are targeting organisations. The methods of mass phishing and hacking are making way for more directed and personalised attacks. They carefully select their targets and craft convincing messages. However, that takes much more time and preparation. To make up for that, they now use automated techniques to carry out attacks. How can you protect your organisation from this emerging threat? 

The new kind of hacker 

The age of automation has started over a century ago, offering many business opportunities for organisations. Unfortunately, the cyber crime world has now followed suit. In the past, hackers were highly skilled enthusiasts, making for a small community. They did their own extensive research and wrote their own tools and code, taking days to implement a successful attack.

Nowadays, the entry barrier is lower, making the cyber criminal community larger. Instead of each hacker creating their own tools, software and frameworks are now shared and (ab)used by more hackers.

“The days of the Nigerian prince scams are coming to an end”

The new kind of hacker uses publicly available information (also known as OSINT = Open Source Intelligence) to create a profile of their target. Examples are information taken from the company website, third party websites, social media, news platforms, powerful search engines, publicly available presentations such as Prezi, etc. This is used during the reconnaissance phase of an attack, or to impersonate an organisation’s VIP, for example. The tools used to collect (scrape) the necessary intel have become more powerful and efficient, and many more are available.

Automating these processes delivers structured overviews of an organisation’s vulnerabilities. All steps of the cyber kill chain can be automated, letting scripts hack by themselves. Collected information can also be used to create highly convincing profiles of organisations’ VIPs. The more convincing a profile is, the more likely victims are to fall for it. The days of the Nigerian prince scams are coming to an end.

How can it affect you?

What are the practical uses of automated hacking, and how can it affect your organisation? Using tools such as Shodan, hackers generate an extensive overview of internet-connected devices such as your webservers, but also security cameras, webcams or printers.

For example, In Sweden, someone used automated hacking tools to discover public webcams near a harbour. With that footage, they could monitor and identify submarines going in and out of the port. They could calculate how long the submarines had been deployed, what their range would be, and where they could have gone. This doesn’t take a team of IT specialists but can be done by anyone.


Photo submarine webcam

Though your organisation probably doesn’t lease submarines, it is likely to have security cameras at the entrance and wireless printers. These devices can be mapped and potentially accessed remotely. It’s not anyone’s business who enters your office or meet with; that information belongs to you.  

“Cyber criminals are trying their best to convince their target” 

Phishing, spear phishing & whaling 

As mentioned above, cyber-attacks are increasingly targeting specific individuals. This is called spear phishing. Instead of solely hoping unobservant people click on the phishing message, cyber criminals are now trying their best to convince their targets that they should transfer sums of money. Fake profiles, email addresses, web sites, and brand and communication styles are developed to impersonate a third party or company executive. When a high-level CxO is targeted, it’s also known as ‘whaling’.  

To build a compelling message, cyber criminals’ first step is reconnaissance. Which customers does the target organisation have, how many employees, do they use a specific email template; what are their vulnerabilities? But rather than going through publicly available information manually, they use automated resources. This makes their method more detailed and faster, with higher success rates.  

Using automated hacking as a security measure 

Know that repairing an incident is much more expensive than investing in proper counter measures. An average data breach costs a US company up to $7.9 million, next to the reputational damage. On the other hand, treating every incoming incident as a severe threat can result in false positives and incorrect assessments, hindering productivity. 

picture prevention vs resolving

You need to know what you must protect and how you should protect it. What is the scale of your digital attack surface? Which vulnerabilities appear? You can prevent attacks using automated tools that detect and assess your digital footprint - not only your own websites and digital assets, also those belonging to third-party vendors. All are related to your brand and could seriously harm your reputation when hacked by cyber attackers.  

You can’t prevent everything, but proactive detection and mitigation of your risks goes a long way. Make your invisible vulnerabilities visible - before hackers exploit them. 

 

Why Digital Risk Protection is an investment, not a cost

The days of IT being a sunk cost are over – at least they are for organisations that want to leverage the full power of digital transformation, while minimising the risks. This new reality applies to many of the ways in which technology supports the realisation of business goals – both offensively and defensively. And as business becomes increasingly digital, both assume ever greater importance.

read more

Are you ready for Digital Risk Protection? 5 Key Questions to Ask

Within most organisations, digital security infrastructure grows organically, and it’s easy to lose clarity over exactly what capabilities are in place. So, although Digital Risk Protection (DRP) solutions are an increasingly important weapon in the fight against digital threats, it’s important to know what you need before you pull the trigger on an investment. Here are the questions we believe CISOs should be asking in the decision-making process.

read more

Invisible = undefendable: Why visibility is key to lowering digital risk

Trying to identify sources of digital risk for your organisation can feel like searching for a black cat in a dark room. And even if you have a torch, you need to be shining it in the right direction to spot the cat. And of course, it might not be sitting still…. But imagine you can simply turn on all the lights in the room – and when you do, you can see there are several black cats, as well as dozens of mice, spiders (and who knows what else) that you had no idea were there.

read more

Do you have a question?

Our experts have the answers

Contact us