A New Danger: Cyber Attacks Are Increasingly Automated

A recent study from Sectigo/SiteLock analyzed more than 14 million websites worldwide to determine the current state of the internet, and the findings are more than a little disturbing. Case in point: It is estimated that there are currently 4.1 million websites infected with malware.

But an even more worrying figure is that twice as many cyber threats were recorded in 2021, compared to 2020.

There are many reasons for this rapid proliferation of online security threats. Start with the global Covid-19 pandemic and the shift to remote work that ensued, which revealed many weaknesses in cybersecurity that bad actors could take advantage of.

The current geopolitical context—in which tensions between a number of nations around the globe are running high—has also contributed to this explosion of malicious cyber activity.

The net result? Ransomware, phishing, account hacking and other cyberattacks aimed at stealing user and corporate data will most likely continue to increase in the coming years.

As if this wasn’t enough to worry about, a paradigm shift is beginning to take place in how attacks are carried out: There is a growing automation of online attacks.

Who are the preferred targets? Increasingly, it’s SMEs (Small to Medium-Sized Enterprises). According to the U.S. Cybersecurity & Infrastructure Security Agency—an agency overseen by the Department of Homeland Security (DHS)—small businesses are at a higher risk of cyber attacks than larger businesses because they often have fewer resources dedicated to cybersecurity. That is precisely why they need to better understand the threats they face.

Small businesses, more fragile than ever

First of all, let’s remember that websites are attacked on average nearly 63,000 times a year, 172 times a day, or 8 times per minute worldwide. Those are figures that should give any CIO pause.

Among these affected companies, SMEs have been identified as the most vulnerable, but they are not necessarily always aware of it. Attacks against SMEs increased by 53% in 2021 compared to the previous year, yet almost half of SMEs think they are too small of a target to be attacked. Meanwhile, half of them have already been victims of attacks.

The consequences of these attacks can be severe, handicapping these companies in both the short and long term. Beyond the damage caused by the attack itself, such as the loss of sensitive data or intellectual property, there are many other negative ramifications.

For starters, an attack can result in the degraded performance or even the total unavailability of an SME’s website, which makes any digital interaction with its prospects or customers impossible. Then there is the loss of time and the drop in productivity that affects employees who are deprived of their work tools and/or have to quickly manage an unprecedented crisis situation.

Last but not least, there is the broken customer trust and damage to the reputation of the company, which can lead to a loss of revenue, or even the complete closure of the company.

No SMEs are immune to these attacks, whether it’s a cluster of school districts in Texas, or a printing company with several hundred employees outside Denver, Colorado.

In this context, it is interesting to note the high vulnerability of sites managed with CMS (Content Management Systems) such as WordPress, even though they are widely used by SMEs. Easy to use, requiring little or no special knowledge in website development, CMSs offer the perfect solution to small businesses looking to have a quick online presence (blog, showcase site, contact form, etc.), at a lower cost. But this convenience comes with some potential pitfalls.

Websites managed with WordPress are 39 times more prone to attacks than other websites. Moreover, plugins—those tools that allow you to add extra features to websites—have an impact on the vulnerability of the CMS. For every five plugins installed on a website, the risk of attack is almost doubled. That’s because plugins can easily be infected by a bot or malware, offering a backdoor to access the site’s data.

The continuing growth of bots

If SMEs are already ideal targets for hackers based on the above factors, their risk profile has only increased based on the new ways these attacks are carried out.

We have gone from attacks carried out in a manual and targeted way to more sophisticated attacks, some of which are totally automated. The main culprits behind huge numbers of attacks today are bots, pieces of code generated by hackers that perform repetitive tasks.

While manual, targeted attacks are less numerous, they are also more dangerous because the hacker usually attacks a very specific target. But don’t get us wrong: Bots can cause plenty of problems.

This tool can become an ultra-powerful vector, because bot automation multiplies the strength of an online attack, essentially industrializing attacks in a way never seen before. Thus, hackers have a whole new arsenal at their disposal, allowing them to carry out various types of attacks, from simple email phishing aimed at stealing passwords, to distributed denial of service (DDoS) attacks, a technique that involves overwhelming a service/website’s servers to make it unresponsive or unavailable.

The numbers don’t lie. In 2021, SMEs received 5.5 times more visits from bots than from real internet users. That’s more than 2,300 visits per week per website. Thanks to a single bot, a hacker can reach thousands of IP addresses. Additionally, according to a study conducted by CyberArk (2022), 68% of bots have already had access to sensitive data and assets. This trend is expected to continue with the rapid development of new technologies based on AI. Attacks will therefore intensify, and their sophistication will only continue to grow.

In the future, it will be increasingly difficult to differentiate between human and bot traffic. Beyond the implementation of traditional tools to counter them, such as updating certificates and automating cybersecurity systems, it is up to SMEs to take the bull by the horns.

In that regard, tools like the cybersecurity planning tool offered by the Federal Communications Commission (FCC) and  the cyber resilience review self-assessment tool offered by DHS are a step in the right direction.