Cyber-attacks are becoming easier to conduct while conversely security is getting increasingly difficult, according to Kevin Curran, senior IEEE member and professor of cybersecurity, Ulster University, during a virtual media roundtable.
“Any company you can think of has had a data breach,” he commented. “Whenever a data breach happens it weakens our credentials because our passwords are often reused on different websites.”
He observed that the art of hacking doesn’t necessarily require a significant amount of technical expertise anymore, and bad actors can receive substantial help from numerous and readily accessible tools online. “You don’t have to spend seven years in college to learn how to hack, you just have to know about these sites and what terms to use,” noted Curran.
A number of legitimate online mechanisms that can help damaging attacks to be launched by hackers were highlighted by Curran in his presentation. These include Google Dorks, which are “search strings which point to website vulnerabilities.” This means vulnerable accounts can be identified simply via Google searches.
Another are free penetration testing toolkits online such as Metasploit, which can enable hackers to undertake exploits very easily. He said that “with a bit of training you can do a lot of damage with this one tool.”
Curran also demonstrated the free online tool Shodan, which scans the internet and categorizes publicly accessible devices, such as webcams. As with Metasploit, the primary users are cybersecurity professionals, but can be utilized by those with malicious intent as well to hack such devices.
Denial of Service (DoS) attacks, whereby websites can be brought down through sending too many packets, can also be conducted relatively easily nowadays, according to Curran. “If you have a complete collection of compromised webcams, you can have them all point to Microsoft.com and bring it to its knees,” he said.
As attacks get easier to conduct, cybersecurity is becoming more complex due to the growing reliance on digital technology and internet connections; something that has been exacerbated by the COVID-19 pandemic.
The security issues associated with IoT devices, such as watches, doorbells and webcams are well documented, but reliance on internet connections is going much wider than this, including even cars and aeroplanes. Curran cited a recent IEEE survey, which showed that the top security concern for chief information officers and chief technology officers was employees bringing their own devices to work and securing IoT.
“We’re moving towards a world where we’re increasingly relying on technology,” he said, outlining recent examples where essential services have been disrupted as a result of this growing connectivity, including the power outage in Ukraine in 2016. This is an issue that countries must be prepared to for in the future.
Curran added: “Everything seems to be moving towards smart cities, but what happens when they crash?”