A first glance, you might think that the security trends in 2019 are just the same old risks we are all used to. But take a step back and you can also discern a pattern.
The threat potential that we all face has increased primarily because ever more things are connected to the whole world. Unfortunately, this includes things that have no need to be connected to all and sundry.
“It is high time for an interface detox,” says Thomas Tschersich, head of Cyber Defense at Deutsche Telekom. “When baby monitors first appeared, who could have guessed that, eventually, it wouldn’t just be mom and dad who could listen in on the gentle breathing coming from the nursery? But nowadays, all it takes is an ill-configured latest generation baby monitor and, in theory, anyone could hear what’s going on. No matter where in the world they are.” Children’s toys, smart home electronics, kitchen appliances, even the adult entertainment world is increasingly looking for digital connections.
It doesn’t have to be wide-open-like-a-barn-door
When setting up networked devices of any kind, it’s important to ask the right questions. Is it enough to only have access to the devices within your own four walls? Or do you need to have access from outside, with the risk of becoming digitally more vulnerable?
“Switching off unneeded interfaces is a detox that would certainly do us all some good,” says Tschersich. Think about what things you want to share with the entire world and what is just for the family. It’s a good new year’s resolution, too.
The era of contactless theft
Does that also apply to the plastic payment interface? Thanks to modern point of sale systems, contactless payment has now made the leap from a niche into many people’s everyday lives. This has attracted some unwelcome attention. For the head of Cyber Defense, it is not a matter of ‘if’ but ‘when’. When criminals find a way to reach into our digital wallets using transmission-enabled smart cards.
These cards have a near field communication function (NFC), making them a prime target. The leather goods industry has already reacted, launching protective wallets on the market. This is a simple but quite effect solution to ward off “cyberattacks in passing”.
Higher – faster – further
The fierce competition between attackers and protection systems has been raging in the field of bot networks for some time now. There has been one-upmanship on both sides. Result: DDoS (Distributed-Denial-of-Service) attacks are now a lot more “powerful” than they were just a year ago. The figures speak for themselves. “Data rates have increased dramatically. The peaks have long since left the double-digit wgigabit range and pushed into the three-digit range. Not everyone can fend off attacks like this. They need help,” says Thomas Tschersich. In November 2018 alone, Deutsche Telekom AG’s backbone network counted more than 3,000 DDoS attacks. Also quantitatively a very high number. It only takes one successful attack and an online platform can quickly become unavailable. Fear of suffering such attacks is cybercriminals’ greatest weapon. They often send out a blackmail demand hot on the heels of this sort of warning shot. Pay money or we will bring your site down. This sort of blackmail attempt does not necessarily have to come from the botnet operators themselves. Their army of infected zombie PCs can be rented out on the darknet. You can now buy a small DDoS attack for as little as 15 Euros.
Alexa? Protect me from botnets!
In light of such developments, it has become extremely important to identify potential zombie armies before they strike. At Deutsche Telekom, this trend is called “Botnet Command & Control Recognition with Artificial Intelligence”. The AI evaluates huge amounts of data in Deutsche Telekom’s Cyber Defense Center and automatically analyzes specific anomalies.
The Domain Generation Algorithm is one example of what we are looking for. This algorithm is part of malicious software. It helps to create a kind of digital shell company with a cryptic name. These domains, say “eefmggk4bk.net”, for example, are needed to control the zombie army. Attempts to connect to such command-and- control domains indicate infection with malware. This enables Deutsche Telekom to warn its customers before the infected devices become a threat.