Hackers are not warriors in hoodies, but entrepreneurs

21. 6. 2023

 

When experts from Aricoma, a leading Czech cybersecurity firm among others, issued their industry outlook for this year, the message was clear: the number of hacktivist and politically-oriented cyberattacks will continue to rise. Why is this happening? Who are the people behind the attacks? And most importantly, how to resist their efforts? Maroš Barabas (MB) and Filip Zvařič (FZ) answer all this in our interview. And they point out that we often misunderstand what motivates attackers

The first question is obvious, why are the number of attacks increasing?

FZ: Basically, because it pays. A mix of political, social and environmental challenges and changes in technology are playing into this.

MB: It is important to understand who the attackers are. They are first and foremost entrepreneurs. Don't imagine young lads in hoodies sitting in a basement somewhere. In short, these are mostly people trying to make a quick buck, often in conditions where it is otherwise not easy - which is why so many risks are associated with countries such as the current Ukraine. Today's young people who have stayed behind there will have a very hard time in a country destroyed by war, with no infrastructure and a lack of job opportunities, which creates a breeding ground for problems.

In general, think of a young person who is trying to make more money, has few job opportunities and high expectations. It is people like this who may be drawn to faster, albeit illegal, ways of making money. And this is where what many people don't realise comes into play. If an attacker like this discovers that the masses are susceptible to some issue that divides society, from Covid or the war in Ukraine to the presidential election, that attacker feeds on that fear and negative emotion just to catch people out and make money off of them. To get them to click on something, open something, send their data somewhere, or simply collaborate.

FZ: Time pressure plays a big role in this; users are asked to download or click something quickly, otherwise supposedly important information will disappear. But this is artificial pressure, to reduce the time people have to think about whether it's even valid information.

Are you saying that when someone pulls the social issues card in a cyber fight, it's not because they're fighting for any of those causes?

MB: I don't want to dehumanize the groups that are really fighting for a cause because it is something they feel very strongly about, but I think they really are the minority.

FZ: There are groups like Anonymous, for example, who were very involved in the first weeks of the conflict in Ukraine, fighting against human rights violations, censorship, corruption and various ideologies.

MB: Anonymous is essentially a philosophical movement that launched its first attack against a site that was strongly anti-gay. It has grown to massive proportions, but today the Anonymous name is also being abused a lot. 

However, it is not easy to give a general answer your question, as it also depends on the topic. In the context of the Russia-Ukraine conflict, we know that before the Russians physically attacked, the number of cyber-attacks on Ukrainian infrastructure increased and a disinformation campaign was launched. This is asymmetric warfare; as an aggressor you need to instil fear in the population, destabilise the structure and the political situation. Within this conflict, I'm sure most of the incidents are politically motivated, but otherwise I think attacks made in support of a particular opinion really are in the minority. In the past, several groups of spammers who made a living by sending unsolicited mail, mostly to promote counterfeit goods, have been broken up. After the successful take-down of one such group, email traffic on the Internet dropped by tens of percent! And we're talking about the recent past. No one can measure what proportion of the total traffic is made up of spam today. There is talk of Internet noise, which is generated to a large extent by mass campaigns and the scanning of publicly accessible systems precisely to identify and exploit vulnerabilities.

Let's go back to the beginning, what should I actually imagine the word "attack” to mean?

FZ: They can be DDoS attacks that are used to overwhelm or shut down websites or services, and yes, sometimes they can be associated with a government or political party and therefore an opinion. Phishing and other attacks using social engineering to obtain access credentials to any accounts, extract information that would help the attacker, and ultimately force the victim to download and install malware, most commonly ransomware. Furthermore, it can be a direct network attack, aimed at getting access to the network and causing a breach without user interaction, running ransomware and obtaining sensitive data. These attacks then lead to data leaks, which are not attacks in themselves, but the tangible result of a previous intrusion into the system. Moreover, all this can happen through emails, social networks, SMS and phone calls.

MB: What we're dealing with most often with clients now is ransomware, where an attacker encrypts your data so you as the owner can't access it. This is a form of extortion; the attacker either wants you to pay up with the promise that they will release your data, which usually doesn't happen, or they threaten to release your data. Alternatively, the attackers go so far as to threaten to contact the authorities under threat of a huge fine. But these are primitive techniques; no hacker is going to check your books to see if you are accidentally skimping on your tax payments. Another option is to launch a DDoS, as mentioned earlier, and shut down your business, for example your e-shop. We have also experienced this with a number of customers. When you consider that such an attack costs the perpetrator an average of 100 euros per day, the cost is extremely low compared to the potential profit, and attackers are seeking a means of coercion that could increase the likelihood of getting a ransom.

This is an interesting topic, given how not only Czechs have learned to do so much of their shopping online. Is keeping these services secure a big issue now?

MB: Yes, it is. And in general, we will see a huge increase in the inflection and importance of the term cyber resilience in the future. This is because you’ll no longer just think about whether you're going to come under attack. It’ll happen, that's for sure. Every company has to prepare for being attacked. It must be able to resume its activities within a few hours, otherwise millions of crowns are lost in the case of the biggest companies. It compares nicely to the story of the well. Imagine you’ve got a well in your village as your only source of drinking water, but some jerk takes fertilizer and poisons it. You have to have a mechanism set up to find out it happened in the first place, or a lot of people are going to die. In our case, this means having effective detection technologies in place. If you know about it, then you also have to effectively inform citizens not to drink the water. You also need to ensure that a tanker truck with fresh water will turn up within a few hours or have a back-up water source that you can tap into. Or imagine someone blackmailing you because they already have a bomb ready in the well and will detonate it if you don't pay. Alternatively, if you make excuses and wait, they’ll post about your inaction in the newspaper as a threat to public health. You’re only resistant to attack if you know what to do and are prepared for the situation. Not that you believe you're of no interest to an attacker.

As experts, you know about risks that the average person has no idea about. Doesn't this sometimes make you anxious?

FZ: I can say from my own experience that before I became a security specialist, I used to happily click on links on the Internet without thinking about security. That was also a different time and malware was much less complex back then. When I started getting involved in IT security, I was wary, even paranoid, of any links and attachments. But now I know that there are different solutions and I can click on everything as long as I use the right technological security measures. That's one view. The second is that for a sophisticated attack, you have to interest the attacker, there has to be a reason why they’d try it on you. People are already largely aware of attempts like "You've won an iPhone, click here". 

MB: I'm worried about something else. Consider that we are the first generation of people who spend most of our time on the Internet, but we were not raised to do so. We didn't have parents to tell us how to do it; the time back then threw us in the water and forced us to learn how to swim. The majority of people today live in a naive world and feel that nothing can happen to them on the Internet. When in reality, it's the Wild West and you can take a bullet at any time. Now it is our role to raise the next generation, but I fear we are still not doing enough. Social responsibility is very low and the community of people who possess information is small and more likely to use it for business. Parents pay attention to where their children go to school, who they hang out with, who is involved in their upbringing outside the safe circle of the family. Yet they can be sitting next to you and there and then struggling with cyberbullying, blackmail, influences on their opinions, being active in extremist online groups, but you won't even notice. And we have very few experts for all this. As a society, we are producing increasingly vulnerable individuals, which is even more of a problem in politically unstable and economically less developed countries where life situations encourage enterprising individuals to pursue dubious career paths.

"In the future, we will see a huge increase in the inflection and importance of the term cyber resilience. This is because you’ll no longer just think about whether you're going to come under attack. It’ll happen, that's for sure."

The future of AI? ChatGPT-based language models for businesses

22. 11. 2024

Chances are, you're already familiar with it and are no stranger to the word "prompt". The use of generative AI tools has massively increased in recent months, but they can't be used everywhere. Sensitive corporate data doesn't belong in the public domain. So people are looking for ways to create protected systems that allow analysis and generation of information without data leaks. Aricoma's specialised team is working on this and has therefore also teamed up with the mathematics institute of the Brno University of Technology.

We kept getting rid of chip production in Europe, now we struggle to get it back. But it is worth it

17. 9. 2024

"We've been carrying chip debt since the 1970s, Europe was happy to get rid of chip production because it's water and electricity-intensive. And now we're slowly and painfully catching up. At the same time, we will need more and more chips, and even more sophisticated ones than today," says Tomáš Pitner, professor at the Faculty of Informatics of Masaryk University and head of the research centre, about the situation in which the Czech Republic and Europe find themselves. But in exactly which way?

Paula Januskiewicz: Understanding infrastructure is not the same as knowing how to attack it

31. 7. 2024

The number of cyberattacks will not decrease. Let's face it and defend ourselves. This is how one could sum up the words of Paula Januszkiewicz, a Polish cybersecurity expert who spoke this spring at Security 2024, Aricoma's annual conference about IT security trends. Januszkiewicz, whose company CQURE has four offices around the world, spoke about why companies and institutions can't resist attacks, how to get more experts, and where the industry is headed.