Automated hacking: Increasing use of artificial intelligence in targeted cybercrime

• Author:
• Author name

  Quantumrun Foresight
• February 5, 2022

Insight summary

Automated hacking uses advanced technology to infiltrate digital systems and gather valuable data with minimal human involvement. This cybercrime employs various methods, from brute force attacks to email spam, and can lead to serious consequences such as identity theft, financial loss, and disruption of critical infrastructure. To combat this growing threat, organizations are investing in cybersecurity measures, including automated tools to detect vulnerabilities, and governments are allocating more resources to fight cybercrime.

Automated hacking context

Automated hacking refers to the practice where cybercriminals employ specially designed automation software to penetrate digital systems. The objective is to gather specific or valuable data from individuals or organizations, and this is achieved with minimal human involvement. This type of cybercrime leverages tools powered by AI, such as machine learning and deep learning, capable of providing a detailed analysis of an organization's digital vulnerabilities.

Cybercriminals utilize tools like Shodan, a search engine for internet-connected devices, to generate a comprehensive overview of devices within a network. These devices could include printers, webcams, security cameras, or other internet-connected devices such as web servers. For instance, cybercriminals may employ automated hacking tools to locate public webcams in the vicinity of a high-profile individual's residence.

The footage obtained from such surveillance activities could then be used to identify and track certain activities of the individual. The insights derived from this type of surveillance can be used for a variety of malicious purposes, such as blackmail. Furthermore, the techniques and strategies learned from these activities can be replicated to launch attacks on businesses and even government organizations. 

Disruptive impact

Cyberhackers often use publicly available open-source intelligence (OSINT) to create profiles of their targets. Examples of OSINT are publicly available presentations, search engines, news platforms, social media, third-party websites, and company websites. The information collected may be used to impersonate an organization's top official. Cyberhackers can then use certain tools––which are becoming increasingly sophisticated, powerful, and available for purchase––to collect (or scrape) this information.

Automated hacking exists in different forms. Each type has its specific uses for cyberhackers. Some forms of automated hacking include the sale of databases and data breaches, brute force attacks and credential stuffing, cryptors and loaders, and keyloggers and stealers. Banking injects are potent tools that can be used to redirect bank users from legitimate banking platforms to fake ones. Cybercriminals also use email spam to generate email addresses and send out fake messages at scale, including fake gift e-vouchers or get rich quick schemes. Another type of automated hacking is credit card sniffing. Cyberhackers create malware to steal card-not-present data from online shops' checkout pages. 

Specific security measures can be followed to reduce an organization’s vulnerability to automated hacking. Conversely, automated hacking can be used as a security measure against cybercriminals. For example, businesses can invest in hacking software to detect any potential vulnerabilities in their systems and determine the scale of their digital security weaknesses. Companies can prevent attacks by employing automated tools to assess and detect who is accessing or viewing their digital assets, websites or third-party vendors. Typically, well-planned countermeasures cost less than recovering from a hacking incident.

Implications of automated hacking

Wider implications of automated hacking may include:

• The continued growth of cybercrime incidents globally in terms of scale and frequency. 
• The complimentary growth of the cybersecurity industry, including increased investment in modernized hardware, software, and cross-system protocols that limit security vulnerabilities.
• More governments investing ever greater sums of public funds into agencies that police and defund against cybercrime targeted against public infrastructure and systems.
• An increased emphasis on cybersecurity education, leading to a shift in the labor market with more individuals pursuing careers in cybersecurity.
• Disruptions in critical infrastructure leading to significant economic costs, impacting national economies and leading to a reevaluation of the reliance on digital systems.
• Individuals becoming more cautious about sharing personal information online, leading to changes in online behavior and digital communication.
• Environmental implications, such as increased pollution due to power outages or disruptions in waste management systems.

Questions to consider

• Do you think automated hacking can be prevented through modern cybersecurity measures? 
• In what ways can governments tackle automated hacking through regulation?