‘Digital Transformation’ has been a buzzword for businesses for many years, but in the last six months it has been fast-tracked in a way none of us expected, thanks to the COVID-19 pandemic. Organisations of every size and shape have had to rethink the way they do business, whether it’s pivoting to launch a digital business model or managing a remote workforce. This sudden and unexpected situation has been a huge undertaking for IT teams.
Unfortunately, along with the changing landscape have come cyber attackers, looking to benefit from the challenging circumstance. According to VMWare Carbon Black, 53 per cent of incident response professionals experienced an increase in cyberattacks exploiting COVID-19 in 2020.
The type of cyber attacks are growing in both variety and scale every day but we’re seeing a particular rise in the use of botnets. During a botnet attack, cyber attacks use the interconnectivity of smart devices to perform distributed denial-of-service (DDoS) attacks, send spam, steal data, or even take over access of a device and its connections.
How are bots used in cyber attacks
Cyber attacks use bots for a variety of different attacks, making it hard for businesses to understand which security investments to prioritise. Some of the most common way bots and automated attacks are used by cyber criminals is in low-cost attacks such as DDoS, phishing and credential stuffing.
- DDoS: DDoS attacks work by flooding the network with traffic in an attempt to overwhelm the processing power of the site, causing weaknesses that can help the cyber attacker again access to important files, data and confidential information.
- Phishing: Phishing is the most widely-known form of cyber attack and is a social engineering attack used to steal data. Criminals use phishing attacks to trick a victim into opening a message which appears to be from a trusted entity or to contain important information. Botnets are used by attackers to easily change email addresses, so if one address gets blacklisted they can quickly switch to another to continue hacking.
- Credential stuffing: Credential stuffing attacks are on the rise post-COVID and companies lose an average of $4 million per year to credential stuffing attacks according to The Ponemon Institute. These attacks use stolen user credentials, usually sourced from the dark web. The famous Collection #1 included 2.7 billion password/email pairs and was originally available at no cost. These credentials are used to gain access to a multitude of accounts owned by the user who may have used the same password or username. While the user may have managed to change the password on one account, the cybercriminal has already tried five other accounts.
Protecting user credentials is key
While bots are used in many different types of attacks, they are almost always used in conjunction with stolen usernames and passwords. In fact, the vast majority (80 per cent) of data breaches involve the use of stolen credentials available freely on the internet. So, for organisations, prioritising identity and access management is a great first step to a robust security strategy.
When it comes to security, there is no quick fix. Hackers are always changing their approach in order to avoid detection. In order to overcome this, security experts recommend a layered approach to security that both prevents attacks from occurring as well as raises the cost to the attacker to incentivise them to move on to a different target. Here are some basic steps you can take to layer your security:
- Protect your passwords: As a first step, you should test for known, breached passwords among your users as this could signal suspicious activity. If you find one, ensure the user changes their password. Even better, encourage users to login with a Google or Apple account as they have existing security and privacy features and users will never have to create a password at all.
- Block suspicious logins: The next step is to ensure you have the correct tools to fight an attack when it comes. Invest in technologies that will protect you from brute force attacks and monitor for any increase in failed logins that highlight a credential stuffing attempt. If you are getting traffic from IP addresses you know are associated with cyber attackers, block them or establish a CAPTCHA to mitigate bot activity.
- Multi-factor authentication (MFA): MFA will add a layer of security to your strategy but only when it is needed to prove the identify of a user, for example if you see a login attempt from a different device, location or outside of normal hours. This approach is effective in stopping attacks while also not hampering the user experience.
- Training: Education and training are critical in protecting your organisation from cyber attacks. Regular training sessions will keep you one step ahead of any new styles of attack and ensure users understand the importance of good cyber hygiene.
There’s no doubt our increased reliance on technology and the rapid adoption of flexible working has increased the risk of cyber attack. But, there are strategies and technologies you can put in place quickly and easily to provide robust protection. In simple terms, security about letting the good guys in and keeping the bad guys out. So, with the majority of attacks involving compromised credentials, identity and access management is a great place to start.
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.
