Hacking used to be hard work, nights of finger drumming on the laptop, writing lines of code, churning through data mazes to look for loopholes. However, nowadays the hackers have simply turned lazy.
According to a recent study, cyber-attackers are now making use of tools that will automate the entire process of finding and hijacking vulnerable servers. Cybereason, a security firm set up a “fake server” or a “honeypot” to log everything that is done to hack it by digital pirates. What they discovered, was that although their server was found in seconds, it was not a hacker who broke down their digital walls. It was the work of a bot.
Cybereason’s intelligence services head, Ross Rustici, ruefully stated “The bot did all the hard work” and the obvious conclusion “It shows how lazy hackers have become.”
Now before you chuck this entire thing out of your head, this report is also a testimony of how potent bots have become now. The security form had cooked up a company name, generated stuff IDs and created false network traffic, i.e., all the bells and whistles needed for the fake server to pass the “sniff test” and to make the hackers/bots believe that this was a target which demanded their attention. After two hours of being online, the fake server was detected by a bot which immediately started to do all it can to take it over.
Some of the passwords created to protect the fake server’s functions were left weak to entice the bot, and as expected it went on a rampage after cracking the defenses. Within 15 seconds of getting in, the bot set up to find and exploit possible vulnerabilities, ran a scan of the network to which the server was connected, siphoned and dumped credentials for other prone machines and finally formed new user accounts for the bot makers to use.
Ross Rustici said, “It completely owned the network in an automated fashion.”