Cyber attacks: how they have changed, explained by a super expert
Cyber attacks
While the Biden administration strengthens international cooperation in the field of cybersecurity and launches the National cybersecurity strategy, cybercrime increases and sheds its skin. Less and less cyber vandalism or demonstration attacks. In Italy, for example, 70% of attacks are aimed at data theft, while digital transformation and hybrid work (partly from home and partly from the office) are complicating things more and more.What is the scenario of the future? “ I think the good news is that the attacks are still the same as they were two or three years ago, and this allows us to respond better. But the bad news is that the professionalism of the attackers has increased sharply, who have transformed the sector into an industry, with business models, distribution chains, functional areas for this or that activity ”, says Patrick Pulvermueller .
Pulvermueller is the CEO of Acronis, a cybersecurity company based in Switzerland, in Schaffhausen, and global headquarters in Singapore. Acronis is present in 18 countries, has research and development centers in Bulgaria, the United States and Singapore. It just opened thirteen new data centers, bringing the number of facilities worldwide to over 50. In short, it is one of the main operators in the sector.
"A very strong problem in the sector – says Pulvermueller – is the application of the law: attackers can be anywhere and use servers in different parts of the world to relaunch attacks. Countries where, for example, the international jurisdiction, or states that sponsor cybercrime, such as North Korea." Pulvermueller takes stock of the situation from his point of view: the attacks grow steadily and are increasingly targeted and costly for companies. At the top of the list are ransomware and attacks that use zero day vulnerabilities, i.e. the possibility of attacking by exploiting weaknesses never seen before and therefore with a very high success rate.
In a market of insecurity the cost for companies of this type is very high: 10-15 successful attacks per day, millions of dollars of direct or indirect damage each time, service blocking for large companies even for one or two days in a row. " The impact - says Pulvermueller - increases and with it the sophistication because there is always more money at stake. But paradoxically the overall volume and the "noise" of the attacks decrease, because the kids who used to play hackers today are less and less . Cyberinsecurity is in the hands of professionals today.”
It's a cat-and-mouse struggle, between attackers, the attacked, and those trying to manage security. There are two current levers that are creating growing problems, according to Pulvermueller: " On the one hand, companies have to digitize more and more to become more efficient and effective, but this obviously increases their attackable surface. On the other, post-hybrid work The pandemic is very complex from the point of view of technical management. Paradoxically, it was easier to manage only working from home during the lockdowns".
The shortage of talent also plays a role in all of this: according to analysts in the USA two million expert cybersecurity technicians are missing. In Europe even more. "And again - he says - we have not seen anything compared to artificial intelligence". AIs have long been used for the management and defense of networks and complex systems: neural networks are trained to understand if there is abnormal behavior even without there being a predefined "footprint". With ever-changing attacks, the era of virus vaccines, which used samples of malicious software to recognize new infections in systems and block them, ended. Now, instead of antiviruses, it is necessary to use behavioral approaches, which make it possible to extract from the "noise" of millions and millions of system signals those that create a pattern useful to indicate a potential danger.
From the side of the attackers , however, a different use of AIs is coming, along the lines of what is being seen with ChatGPT : " AIs are used to impersonate, for example, the CEO of a company, and defraud his finance manager by convincing him with fake messages to make a money transfer to a fraudulent account ". The attack of this type requires a relatively easy preparation after all: the violation of the target's emails or messages. The AI is trained quickly: it doesn't have to hold complex conversations but simply write in a credible style about the business. And then you use the chatbot that impersonates the CEO based on the information collected to scam someone else. It's more difficult than phishing, it's more personal, "tailored" and deadly effective.
" Voice or video deepfakes can be done, but they don't make sense: it's very complicated and easy to make mistakes and get discovered. Instead, attacks always follow the path of the lowest cost and maximum efficiency: email, WhatsApp and text messages. The only way to defend yourself is to authenticate communications using another channel, for example a voice call ". Pulvermueller points out that in any case AI can also be used in a more creative way to defend oneself: the software developed by the company studies and learns the basic behaviors in using the computer, analyzing the frequency, strength and speed of typing on the keyboard , in such a way as to understand, without the need for passwords or other forms of identification, who is using the computer, the owner or not.
" In reality - says Pulvermueller - the levels of defense are many and increasingly fragmented also because the panorama of tools becomes more fragmented. At home, if I work, my computer needs to be protected and be on a different network from that of my son who plays video games". But the most radical idea, and which encounters difficulties especially with company managers, is the empty house approach, that is, the one where even if the thief enters he cannot steal anything: " The more important a figure is in the company - he says Pulvermueller - less must have access to data. This is always difficult to make clear, but the point is the CEO or sales or marketing manager are publicly visible and immediately become a recognizable and attackable target. For this reason, even if it is violated the boss's computer, it must not be possible to use it to access confidential information. For example, I can only send my emails and practically nothing else".
The future? Go through security levels designed in a completely different way. A future without passwords but with authentication on devices with dedicated chips, with "quantum safe" cryptographic "keys", i.e. resistant to the attacks that are about to arrive with the development of quantum computers, capable of "breaking" much of the encryption that we consider secure today . " In the past, twenty years ago, it was very difficult to secure systems: we had to physically disconnect them from the Internet. Today this is no longer the case and the power of our mobile phones and personal computers allows us to have local security, and to be already also quantum safe, why not ".