Blog / Attacks evolve over time… The bad guys are always improving their tactics
It’s no great secret that bad guys are constantly looking for ways to improve their attacks. I would go as far as saying that this is common knowledge. Everyone knows the bad guys are always looking for loopholes and that sort of thing.
So what about the good guys? What are they doing to keep up? Honestly, they’re doing the exact same thing—trying to find new and interesting ways of performing attacks, so they can identify effective tactics the bad guys might use, then develop methods to defend against them.
Sometimes the tactics they find seem outrageous, yet actually get exploited in the wild (remember the Spectre or Meltdown vulnerabilities that became infamous in 2018). Other times these attacks can seem downright fanciful.
As an example, I read an article about a group of University researchers who ran multiple experiments to determine if it was possible to figure out what users were typing just by watching their webcam. They used different video sharing applications, and made sure that participants’ hands and lower arms were not visible. The point was to make it similar to what you see in your average business meeting.
Sounds pretty silly right? Well yes, except for the fact that the researchers were able to achieve an accuracy level of over 90% for some predictions (remember the experiment required that the hands and forearms were not in the cameras view). To put that in context, if there was a video of you typing in your username/password, there’s a very real possibility that video could be used to guess your login information accurately.
Now to be clear, I’m not suggesting you setup company policies specifically regarding bad actors trying to steal information by watching employees type over webcasts, but I’m willing to bet that very few who read this newsletter ever imagined that an attack like this was even possible. I’m also willing to bet that the few who did are like me and are very surprised at the accuracy the researchers were able to achieve.
The point I’m making is for people and organizations to stop being complacent with their security. Only having antivirus software and a firewall is not enough, and never was. Good cybersecurity requires proper policies and procedures for things like passwords and proper computer usage. You need to recognize that attacks can happen to anyone, even your organization, and that a successful attack will probably come from a direction in which you’re poorly defended. You can’t just defend against the most common attacks, because those attacks are always evolving.
As Shakespeare wrote in Henry V, “In cases of Defense ‘tis best to weigh The Enemy more mighty than he seems.”
If you have any questions about computer security, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind, Courtesy of Your Friendly Neighbourhood Cyber-Man.