search

Hackers promise sophistication, subterfuge — even sex, say experts

The New Year brings new techniques to an old art — and hackers are thriving as never before, say top cyber-security experts in Israel

A Jerusalem hacker at work attacking web sites (Photo credit: Sliman Khader/FLASH90)
A Jerusalem hacker at work attacking web sites (Photo credit: Sliman Khader/FLASH90)

2016 is going to be an exceptional year for hackers, according to Israeli cyber-security experts. From “standard” exploits like targeting bank accounts of individuals and businesses to more advanced attacks like hacking homes — via smart-home networking technology — cyber-security firms can expect plenty of opportunity for growth in the coming year.

And cyber-security is even going to get sexy in the coming year, the experts said. Among other social engineering exploits to gain access to valuable log-in information, “we’ll see more attacks like the ‘damsel in distress,’ a targeted attack aimed at male IT workers that used fake social profiles of attractive females who were posing as new hires and requesting ‘help,'”

Where are the threats coming from?

Among the colorful methods used by hackers to get the login and password information is social engineering, where hackers use personal appeals to beg, borrow or steal that data. In a “damsel in distress” attack, for example, hackers pretend to be a “spacey” new female employee who has “lost” her login information. The mark might get an email or even a phone call asking for help, using charm, wit, and perhaps even promises of more, to get the information.

An additional tactic being used much more frequently these days is the “headhunter scam,” in which hackers pretend to be recruiters seeking to steal away a worker from his current employer. In this scam, a hacker will send out emails directing a mark to a phony LinkedIn profile, inviting him or her to connect. And when they do, a Trojan that opens up a secret line of communications between the employee and a hacking server is opened up, recording all data entered on the computer – including data that allows access to servers.

Hacking is a big data business, and hackers collect a lot more information than they need — and develop tools that can be helpful to other hackers. Some hackers have enough information and tools to open their own online “cyber-crime-as-a-service” site. “The proliferation of hacking tools, combined with the preponderance of backdoors easily found on the internet like default passwords, will commoditize the hacking market,” said the experts. Much like the black market that exists for hackers, a black market will arise that enables anyone to hire and afford a hacker. The commoditization of hacking will drive an increase in attacks.” Featured in those markets will be privileged account log-in information,

Finally, they said, state-sponsored attacks will become more common. “The revelations of the spying programs by the NSA, GCHQ, and other intelligence agencies have established a precedent how governments use the Internet and technology for national defense. We will see more and more countries embrace and go beyond this approach – both in terms of passive surveillance and in aggressive cyber-attacks.

As we’ve seen with Stuxnet, these attacks are dismantled and re-purposed – the attacks become commoditized and trickle down to the rogue elements,” they said. “We’ll see more attacks of this nature occurring, for a wider array of reasons – economics, politics, and terrorism.”

read more:
comments