• Subscribe

At Science Node, we need your help. Science Node is serving more people than ever before. Because of the economics of support for scientific research organizations, our sponsorship dollars are running behind our expenditure rate. We'd like to raise $20k from readers to balance the books for the first 6 months of the year. Donate now to Science Node through the IU Foundation.

3 frightening trends in cybersecurity

Speed read
  • As internet-connected technology booms, so does the opportunity for cyber-attacks
  • Our daily lives are vulnerable at multiple points – from personal vehicles to the power grid
  • Cybersecurity is a constantly changing landscape that requires vigilance and anticipation

Cybersecurity is one of the most important topics in computing today, mainly due to how widespread hacking is. According to a study from Duke University and CFO Magazine, more than 80% of companies in the US have been successfully breached.

There’s clearly a lot on the line here, and experts in the field are working hard to figure out the next steps in cybersecurity. Although hacking can take many forms, there are some specific cybercriminal techniques that are important to know for the years to come.

1. Physical infrastructure hacks

Physical infrastructure hacks aren’t theoretical anymore. The most frightening real-world example of this is the attack that crippled the Kyivoblenergo power company in Ukraine.

A report by the Electricity Information Sharing and Analysis Center and SANS Industrial Control Systems found that hackers attacked seven 110 kV and twenty three 35 kV substations operated by Kyivoblenergo on December 23, 2015. The attack was so well orchestrated that around 225,000 people were without power for three hours. While the research paper declines to attribute the hack to any group, the general consensus in the security community is that Russian hackers were behind it.

<strong>Infrastructure hacks.</strong> As proved by an attack in Ukraine in 2015, hackers can now shut down power stations, leaving hundreds of thousands of people without electricity.What’s really interesting about this attack is that while it did involve some creative problem solving, the techniques used to crack Kyivoblenergo’s system weren’t uncommon. Three distribution companies associated with Kyivoblenergo received coordinated attacks within 30 minutes of each other, demonstrating a high level of collaboration. Hackers then gained access to the network running the power grid through a combination of malware, spear phishing and manipulation of Microsoft Office documents.

While Ukraine was eventually able to restore power, this incident serves as a reminder of the fragility of modern physical infrastructure. Shutting down a power grid is an excellent way to disable an enemy, and this attack won’t be the last of its kind.

2. IoT vulnerability

The Internet of Things (IoT) is quickly becoming a major security problem. Referring to any device that has an internet connection, IoT includes household objects such as a thermostat or refrigerator. Connectivity has many benefits, but consumers frequently fail to prioritize security and therefore open themselves to attack.

You may have read about IoT botnets created by hackers, but a scenario that hits closer to home is how cybercriminals disrupt internet-connected cars. In July 2015, Wired wrote about hackers remotely killing the transmission of a writer’s Jeep through the car’s entertainment system.

<strong>Remote control.</strong> A vulnerability discovered in the electronic control units of most modern cars would let hackers remotely control throttle, steering, and brakes. Courtesy Anthony Quintano (<a href="https://creativecommons.org/licenses/by/2.0/">CC BY 2.0</a>)Many automotive companies are now securing Controller Area Network (CAN) bus systems, as they often give hackers control over electronic control units (ECU) that handle throttle, steering and brakes. However, researchers also uncovered a selective denial-of-service attack that exploits a weakness found in the CAN bus implementation in every manufacturer’s car. To make matters worse, the attack is completely invisible to current state-of-the-art security systems.

Thankfully, car companies are aware of these kinds of issues and work hard to fix them as they appear. That said, there’s a chance that carjackers of the future will rely on a computer rather than a screwdriver.

3. Artificial Intelligence

Artificial intelligence and machine learning enable computers to solve problems independently rather than rely on direction from humans. This ability is revolutionizing computer science, but it also opens new frontiers for hackers.

For example, existing password tools like HashCat and John the Ripper let hackers guess billions of phrases, but they often require the user to enforce certain guessing guidelines. Setting up these rules takes time and effort, which is why researchers looked to deep learning tools to automatically find the best rules to break the most passwords.

<strong>Guessing game.</strong> Cracking a password is getting easier all the time thanks to deep-learning algorithms that can guess billions of phrases in a short amount of time. Courtesy Maliha Manna/Unsplash.The research resulted in PassGAN, a system that uses Generative Adversarial Networks (GANs.) GANs are artificial intelligence algorithms that rely on two nets (i.e., adversaries) to complete a task. One network creates solutions to a problem while the other evaluates their effectiveness.

By using advanced deep learning algorithms such as this, the research team was able to create a system that could crack passwords without assistance from a human. This would be huge for a hacker, as it would allow him or her to cast a wide net without having to worry about manually creating rules.

Cybersecurity is constantly changing, but that doesn’t mean experts can’t stay on top of its evolution. Looking to the future and anticipating attacks such as those expressed here will help industry professionals ensure the safety of consumers and businesses alike.

Join the conversation

Do you have story ideas or something to contribute? Let us know!

Copyright © 2018 Science Node ™  |  Privacy Notice  |  Sitemap

Disclaimer: While Science Node ™ does its best to provide complete and up-to-date information, it does not warrant that the information is error-free and disclaims all liability with respect to results from the use of the information.

Republish

We encourage you to republish this article online and in print, it’s free under our creative commons attribution license, but please follow some simple guidelines:
  1. You have to credit our authors.
  2. You have to credit ScienceNode.org — where possible include our logo with a link back to the original article.
  3. You can simply run the first few lines of the article and then add: “Read the full article on ScienceNode.org” containing a link back to the original article.
  4. The easiest way to get the article on your site is to embed the code below.