It’s A Brave New Bot-Filled World, With Great Possibilities And Even Greater Risks

‘Bots’ short for robots, are essential to the Internet ecosystem. It is estimated that more than 60 percent of botwebsite traffic is not human, but bots. Bots are essentially software programs that perform automated, repetitive, pre-defined tasks.  These tasks can include almost any interaction with software that has an Application Program Interface (API).

There are many varieties of bots. Some are just basic programs that execute physical work such as ‘Crawlers’ who run continuously in the background, primarily procuring data from other APIs or websites. Then there are specialized crawlers called ‘Spiders’ that extract URLs from documents, download the content and then pass it off to an indexing system to analyze, and construct into searchable indexes like Googlebot. Some only monitor e-commerce websites for price changes, and still, countless others, monitor for site errors, bugs, and performance issues. However this is not the end of the story, but merely just the beginning.

The evolution of bots focuses on the boundless possibilities and opportunities for both businesses and individuals. Add in Artificial Intelligence (AI), Machine Learning (ML), and Natural Language Processing (NLP) all of which enable greater accuracy in understanding both spoken and typed words are bringing never-before-imagined levels of personalization and predictive assistance to generations of mobile-intuitive consumers who are content and self-assured with messaging as a communication paradigm.

These smarter bots have a unique server-side processing component that allows seamless interaction as they are able to understand and respond to queries balanced with a live network for assistance. We interact with these bots through Mobile messaging and/or Chatbots. These natural language interfaces enable retailers, restaurants, and multitudes of other companies to communicate with customers in an innovative and compelling way from hailing a cab, ordering takeout, designing that unique pair of shoes, or paying your credit card bill.

Then there are the autonomous bots, the most rapidly accelerating bot space which includes the Internet of Things (IoT) devices encompassing the self-driving car; to  ‘Amy Ingram,’ a virtual assistant; to Amazon’s Delivery Drones. These bots will eventually require zero human intervention to their jobs.

In contrast, no conversation about bots would be complete without an overview of the Malicious bots which are capable of causing enormous damages to organizations network infrastructures, reputations, brands or their bottom lines.

As technology advances and becomes more easily accessible, bots are becoming the go-to tool of choice for cybercriminals accounting for over 80 percent of all cyberattacks. Add in human characteristics from AI, and these bots become harder to detect by the authorities. While other malicious software corrupts and damages the infrastructure of their targets, these advanced bots are also known as ‘Impersonators’ infect networks in a way that escapes the immediate notice, and the damages can quickly run into the millions.

Here’s how it works: Cybercriminals use Social Engineering techniques such as Phishing, spam, or malicious websites to entice users to download and install various forms of malware, i.e., malicious software including

Traditional-Botnet

A malicious bot, also known as a “Zombie,’ not unlike a worm, is self-propagating malicious software designed to infect a host and connect to a C&C or central command and control server(s). Bots are part of a network of infected computers, known as a ‘botnet,’ which can stretch across the globe controlled by a ‘botnet herder.’

No network is immune.

Once the botnet infiltrates, they go to work logging keystrokes, collecting passwords, amassing e-mails, gathering financial information, spreading spam, capturing and analyzing packets, hijacking servers, and launching Distributed Denial of Service (DDoS) attacks.

DDoS attacks are an ever-growing threat to businesses, growing in both scope and DDos-attack-modeoccurrence every year. Moreover, they are becoming harder to thwart because the attacks are allocated across sundry public anonymous proxies including TOR enabling the substitution of users’ IP addresses with untraceable proxies.

A discussion of impersonators would not be complete without the mention of Googlebot-again. These imposter bots gain privileged access and capture tons of sensitive, valuable online information. Additionally, they are utilized for DDoS attacks. According to the folks at Incapsula, ‘1 out of 25 bots are up to no good.’ Source: Incapsula

two-faces-of-google-dr-crawlit-mr-hack

Cybersecurity is often described as an arms race, Security professionals vs. Cybercriminals. Both sides are tirelessly working to stay ahead of each other. When one side finds a newer more resilient defense, the other side develops a shrewder more destructive offense. What was a sure thing today, is sure to be old news tomorrow. Never stop learning.

Protecting yourself and your organization requires immediate action. 

  • Never open e-mails from unknown senders.
  • Never download attachments or click on links from unknown senders.
  • Never click on pop-ups.
  • Never insert an unknown USB stick into your PC, Laptop, etc.
  • Never store sensitive or critical data only on your PC. Have at least two backups– an external hard drive and in the cloud.
  • Adjust your browsers’ security and privacy settings.
  • Use an HTTPS connection for all credit card transactions.
  • Keep your operating system and software up to date.
  • Never log in as an administrator. Rather choose a guest with limited privileges.
  • Removed outdated plugins and add-ons.
  • Disable ActiveX content in Microsoft Office applications.
  • Block TOR and I2P.
  • Disable remote desktop.
  • Use an anti-virus product.
  • Use a traffic filtering solution that can provide proactive anti-ransomware protection.
  • Block binaries running from %APPDATA% and %TEMP% paths.
  • Work with the C-Suite to enact social engineering awareness training for all employees.
  • Consider a Computer Incident Response Team (CIRT), based on the organization’s needs and available sources.
  • Have a tested business continuity plan in the event of any cyberattack.

P.S., I am not a bot annie2

Cybersecurity is a shared responsibility. Stop. Think. Connect.

Computers have and will continue to impact our lives.

pexels-photo-90807

Computers have become indispensable in our lives. Below find a compilation of the Good, the Bad, and the Absolute ugly specifics about how computers have and will continue to impact our lives.

The Good

  • TheIntel 4004 was the first 4-bit CPU microprocessor designed for a calculator. The computer has come a very long way in a short time.
  • The Apollo 11 Lunar Landing which voyaged to the moon, had less processing power than today’s smartphone.
  • The first “The Dirty Dozen” was, in fact, a group of 12 engineers who designed the IBM PC.
  • Apple, HP, and Microsoft have one very thought-provoking thing in common – they were all started in a garage.
  • Simple static electricity, so trivial that individuals just ignore it, can destroy computer circuitry.
  • It took the World Wide Web (WWW) approximately four years to reach 50 million users. In comparison, it took over 38 years for radio and 14 years for television.

 The Bad

  • The password for the computer controls of nuclear-tipped missiles of the U.S. was 00000000 for nearly two decades.
  • 70% of virus writers work under contract for organized crime syndicates.
  • Every month there are more than 5000 new computer viruses released.
  • There are 200+ BILLION email messages sent daily, 80% are spam.
  • Estimates suggest that the average employee receives approximately 21 spam messages every day and it takes nearly 16 seconds to delete them.
    • In dollars, those 16 seconds equals nearly $712 USD over the course of a year.
    • If you multiply the number of employees in your company by $712, the consequences of spam are astonishing.
      • 100 employees = $71,000
      • 10,000 employees = $7,120,000
      • 50,000 employees = $35,600,000
      • 300,000 employees = $213,600,00
      • U.S. companies who employee more than 300,000 people represents two-thirds of the U.S. GDP with $12 trillion in revenues, $840 billion in profits, $17 trillion in market value, and employ 27.9 million people worldwide.

Absolute Ugly

  • Wombat 2016 State of the Phish found that click rates vary per industry, with telecommunications and professional services clicking phishing emails more than other industries.85% of organizations suffered a phishing attack in 2015
    • Up 13% from 2014
    • 60% said the rate has increased.
  • More than 30% of malicious emails opened.
  • The PhishMe Q1 2016 malware report concludes that the #1 delivery vehicle for malware is email attachments.
  • Cloudmark reports that the average incident cost of a spear fishing attack is $1.6 million.

A few rules to follow: Always double-check the email address. Make sure you hover over hyperlinks to see the destination URL. Not sure about an email? Check with the sender. Never enable macros on any attachment.

Cybersecurity is a shared responsibility. Stop. Think. Connect.