we discuss 11 ways of how threat actors use automation

11 Ways Hackers are Using Automation to Boost Malware Attacks

Automation is a process that has been finding its way into almost every industry and business, intending to make systems more efficient. Notably, the cybersecurity industry includes automated data collection, which plays a huge role in the defense against data breaches and cyberattacks.

Unfortunately, nowadays, much like all the other techniques they’ve picked up, hackers and cybercriminals are also expanding their reach towards including automation into their attacks and malicious campaigns, making it a lot easier to scale up their operations.

Actually, the tools that hackers trade on the dark web or use in active hacking campaigns all have some sort of automation. 

The reason behind this is simple: hackers see automation as a channel for high success rates of cyberattacks and thus more considerable amounts of financial profit quickly and efficiently.  

This article focuses on how automation helps threat actors acquire and sift through the obtained information, extract the most valuable pieces, and use them against individuals and companies. 

11 Automation Processes Used by Hackers

  1. Data Breaches and Sale of Databases

Data loss affects companies and governments all the time. Still, not all the information is relevant to hackers, as some details are expensive and others cost nothing. Attackers sort through gigabytes of hacked files using automated scripts to separate valuable information from “trash.”

  1. Credential Stuffing

Gathering data is one thing, but matching usernames and passwords is yet another step towards acquiring account access. Hackers use automated robotic networks, a.k.a., botnets, to find credentials quickly.

Manual credential stuffing is humanly impossible. It would take unimaginably long for a person to do what these bots achieve in just minutes. It’s worth noting that IT teams can’t fight this type of attack without automation as well. Only more advanced computerization can put an end to this.

  1. Brute Forcers and Checkers

This trial-and-error method of password guessing, like credential stuffing, can be daunting to accomplish for a human. Hackers use lists of common passwords to gain access to personal and business accounts and steal valuable information.

In the case of checkers, criminals test leaked passwords and logins on many websites until there is a match. This approach results in account takeovers up to 2% of the time.

  1. Cryptors and Loaders

Concealing the malware from being detected in the system is another method hackers use to stay in as long as possible. Cryptors confuse the antivirus system, hindering it from recognizing the malicious code. While this tool can be used legitimately within applications, hackers exploit it for nefarious purposes.

Spam emails are the main ways to push downloaders into the system. Once the user runs the code, the program loads into their network. Depending on the kind of ransomware, the hacker can create a backdoor, pass your system through a botnet, or start an attack. 

  1. Keyloggers and Info Stealers

A keylogger is software that monitors your keyboard activity and uses the gathered information to hack into personal accounts. Although it automatically collects tons of unnecessary details along the way, it’s still efficient in logging passwords and credit card numbers.

Stealers sit in your system, searching for anything from basic operations to personal information. It looks for data in your browser, messages, VPN, gaming and banking software, FTP accounts, and email. While various stealers use different methods to do so, their end goal is one: send useful information to an attacker.

  1. Payment Card Sniffers and Banking Injects

These are designed to find and collect payment card data from eCommerce websites. The sniffer is a JavaScript code that detects card numbers, expiration dates, CVV, and CVC codes. Once the data is collected, the program sends it to the attacker, who uses the sensitive information to steal money or sell the data on the dark web.

Credit and debit card sniffers look for online shops that use third-party services. It’s easier to hack them, as those applications have a higher vulnerability chance.

Financial security threats don’t end here. Banking injections are scripts that reroute the traffic to fake domains and overlays. 

  1. Exploit Kits

These are some of the most popular automated attack methods. Due to their couvert nature, they’re tough to detect. Exploit kits are used to develop massive remote access tools and control company devices within that network.

  1. Spam and Phishing

Nobody is a stranger to spam emails and phishing attacks in this day and age. As a form of social engineering attack, phishing is hard to control. 

While your first step should be educating employees, you should also include technical protection methods in your efforts.

Setting up proper SPF and DKIM records and reaching DMARC reject policy is the minimum you can do to protect your domain and communication from malicious actors. Even if you have everything set up, keeping your domain protection up-to-date should be a top priority.

For example, you can use an SPF checker to see if the DNS record contains errors. The checker will highlight issues with email deliverability. It’s also mandatory to test against new generation hacker attacks to ensure the system stays strong against any penetration. 

  1. Bulletproof Hosting Services (BPHS)

If you’re here, you’re probably aware of regular web hostings. They’re servers where any website on the internet lives. However, you can’t just store anything on these. The hosting company and country regulations impose many restrictions regarding the type of content that can go there.

Unlike ordinary web hostings, BPHS doesn’t have such constraints. While they’re not inherently illegal, they do operate in a legal gray zone. With their “don’t ask, don’t tell” essence, they open a fantastic opportunity for cybercriminals to host their malicious activities and threats. These hosting providers facilitate geo-spoofing, exploit kits, botnet command centers, and black-market websites.

  1. Automated Marketplaces

Hacking databases and acquiring personal and business information is one thing. Still, hackers also buy and sell information on the dark web. As it’s hard to do the bidding manually, cybercriminals use special plugins that automate the process.

  1.  Code Automation

Like bulletproof hosting services, code automation isn’t the problem; it’s how the tool is used. Hackers can initially hide their attack path, then, using advanced automated code, disperse the virus across the network. If detected, malware replicates itself, changing form. This makes it less likely and more challenging for IT teams to detect and neutralize it.

How to Fight Automated Attacks?

Automation and tools like bulletproof hosts, keyloggers, and exploit kits make it almost impossible for IT teams to keep up with hackers using manual methods.

ANY.RUN is an online sandbox created especially to analyze incidents and help stop them from recurring. You can open a suspicious file or a link in a safe virtual environment to see how it might affect a real computer, but the sandbox is a guarantee for safe research. Thanks to the interactivity of ANY.RUN, any kind of threat can be detected and investigated. Reboot the virtual machine, surf the Internet, change location – all steps can trigger malware into action.

The only way to fight against these attack types is to explore the automation opportunities themselves. It proves especially useful to explore the same tactics and tools attackers use. It will help IT teams beat the attackers in their own game.

ANY.RUN guest writer
Hasmik Khachunts
Website | + posts

Hasmik Khachunts inspires with words at EasyDMARC. She produces blog posts and guest articles about domain protection, email security and cybersecurity.

Subscribe
Notify of
2 Comments
Inline Feedbacks
View all comments