Introduction
Hackers are using widely bots (automated Web robots that run scripts over the Internet) to seek out and subvert vulnerable servers in Internet or Intranets they have gained access. Once the potential target is located, a human usually carries out the actual breaching operation.Cybereason company created a “honeypot” installation and observed first time an automated breach of system executed by a bot.
The automation and in future artificial intelligence enhanced bot will increase further the probability of the breach. Currently, Cisco security organisation blocks more than 20 million attacks every day including booby-trapped emails, malicious web pages, and new malware.
Threat case
About two hours after the “honeypot” server for the fake finance firm was put online it was found by a bot which then aggressively set about taking it over. Passwords to protect some of the server's functions were left intentionally weak to tempt the bot which duly cracked them and then went on to plunder information on the machine.
Within 15 seconds of getting access, the bot:
- sought out and exploited several known vulnerabilities
- scanned the network to which the server was connected
- stole and dumped credentials for other vulnerable machines
- created new user accounts for its creators to use.
Once the bot had done its work, the attackers went quiet for two days but returned to steal data to which the compromised server allowed access. In total, the attackers took about four gigabytes of data, all of which was fake.
Recommendation
Since the attacker is improving and automating their processes and tools so should the defender. Artificial Intelligence enhanced Security Incident, and Event Management systems will increase the probability of catching the crooks on-time, while the human operator cannot maintain focus all the time and is not able to reach far to the historical data.
References:
- http://www.bbc.com/news/technology-43788337