The double-edged sword of automation


It was the year 2008, and I was sitting at my laptop. Dubstep music was thumping out the beats that fueled my warfare. I was hacking the FTP (file transfer protocol) server of a Windows NT server, and I wanted access.

The process is simple. I used a tool a brute force dictionary attack tool to automate each login attempt to try and guess the credentials so I could log in. Why enter thousands of words manually when I can simply make the process easier? It was guesswork, as the tool generated words from a dictionary file and tried them against the server’s user name and password database table. Sounds innocuous enough? In most cases, it is.

I was connected to a remote desktop with a fast T1 connection which meant the attack against the FTP server would be quick and painless. Each data packet carried every new word attempt over TCP/IP and queried the database for a match while forcing the target NT server to process every packet in the handshake procedure.

ADVERTISEMENT

I didn’t think about setting a timed delay between requests, nor the stress that this was causing the server. My brute force consumed too many network resources, which maxed out the CPU quota and crashed the server.

Fast forward to the present day, and automated security auditing/hacking tools in unskilled hands still have the same effects. But now, unskilled “hackers” are using extremely powerful hacking tools while targeting sensitive computer systems, not aware of the effects their activities can have.

Automated security

Automated security auditing tools handle tedious and complex tasks on the back end for cyber security researchers. They save money and also provide an avenue for a quick response when time is of the essence. While automation can provide faster solutions to information security issues, these same industry tools are being abused en masse by bad actors.

It's all about convenience nowadays. Convenience isn’t necessarily an evil, nor does it denote laziness by nature. Rather, this is about the human element fueling its own ambitions by abusing power at the expense of others. Since automated hacking tools are proliferating, so are actors with bad intentions and the desire to use them.

After all, the time it takes to get to your destination along the service road takes longer than just taking the highway. When time and utility matters, some choose to speed their way through regulated zones that endanger themselves and other drivers or users and infrastructure.

That is why the cybersecurity know-how, once locked away in the realm of skilled and trained professionals, is now open to all, no matter what their intentions, knowledge, or skill level.

ADVERTISEMENT

Automation & system fragility

While automation is celebrated as a time saver in the cybersecurity industry, it's equally a concern due to the various dangers and risks of using powerful tools by unskilled “script kiddie” hackers. Think about it, if a hacker with little knowledge of industrial control systems uses an automated tool used to exploit vulnerabilities in Modbus devices, the consequences could be life-threatening.

I use a lot of automation tools, especially Metasploit Framework. The difference between the potential to cause damage or not lies simply in having a working knowledge of the tool, how it functions, and why. But also, the integrity of network infrastructure isn’t the same. It's just like driving a clunky automobile – anyone who's owned a vehicle knows how fragile they can be. Handling it incorrectly can force the vehicle to malfunction. The same principle applies to network infrastructure.

For example, years ago, I was an insider threat. I gained physical access to an industrial control system (ICS) at a private healthcare facility. I provided remote access to a friend of mine, with the express instruction not to reboot the system because it was an HVAC (Heating Ventilation and Air Conditioning) that had continuous uptime and hadn’t been rebooted in a long time.

While there was no use of autonomous hacking tools, my friend handled the server incorrectly by rebooting it. This somehow caused all five coolers to shut down, resulting in several hours of downtime, during which some climate-controlled medicines spoiled and had to be discarded at the cost of the business.

In another instance, I gained physical access to the server room of a television network. Not understanding some of its network configurations and how delicate they were, I installed a commercial remote access program, which changed a critical configuration and took their entire VoIP (Voice-Over-IP) network offline.

Maliciously motivated autonomy

The sophistication of attacks has risen exponentially due to the proliferation of automated hacking tools, granting less skilled attackers the ability to launch intricate and advanced assaults with very little input. Last year alone, statistics recorded 422.14 million individuals affected by data compromises, a number that's rising every year. Consequently, a broader array of systems, networks, and devices becomes more susceptible to easy targeting. This also means that attackers are able to have a greater reach and receive quicker payouts.

ADVERTISEMENT

Easy accessibility to autonomous hacking tools has caused a major proliferation of cyber attacks fueled by their availability on GitHub, website forums, and peer-to-peer sharing. Tools are also largely user-friendly. This accessibility has enabled a surge in the number of cyber attacks, as more malicious actors can now participate in hacking activities without requiring extensive technical skills.

Automated tools are capable of launching rapid and large-scale attacks, which operate at an unprecedented speed and magnitude because the tediousness of the command line functions or user interfaces can be run without actual knowledge of those frameworks. As a result, they can overpower systems and defenses, posing a significant challenge for security measures to keep pace with the onslaught.

Mass exploitation occurs when automated tools swiftly capitalize on vulnerabilities they discover. This happens before patches or defenses can be implemented, leaving systems and users exposed to potential harm and danger.

I use autonomous WIFI security auditing tools, which utilize nearly a dozen other backend programs for the best results. While I can manually use most of the backend tools, the commands are so simple and with minimal input that even a child could launch them. With the right wireless adapter, anyone can launch a full-scale assault on any wireless network and walk away with stolen passwords to private access points.

Nevertheless, a lot can be said about the last item on this list. Take for example the security auditing tool, Sn1per. With a single command, it can run complex back-end command line syntax to operate functions from a variety of hacking or auditing tools, including scanning for the latest CVEs and vulnerabilities.

Each individual auditing program it utilizes comes with its own complex unique commands, which can be tedious to memorize or write down. Someone once joked to me, saying once they took away all the automation tools from their Red Team, they didn’t know what to do.

The following is a list of tools that form the backbone of Sn1iper, which utilizes automation to maximize its functionality:

  • nuclei
  • metasploit
  • framework
  • amap
  • arachni
  • cisco-torch
  • dnsenum
  • enum4linux
  • golismero
  • hydra
  • metasploit-framework
  • nbtscan
  • nmap smtp-user-enum
  • sqlmap
  • sslscan
  • theharvester
  • w3af
  • wapiti
  • whatweb
  • whois
  • nikto
  • wpsscan

With only a very short command, it will search for open ports, enumerate services and launch exploits against discovered security holes, crawls web pages and compare them to known exploits and automatically attempt to break into the target. It will enumerate subdomains, and links to improperly configured pages, using a host of tools to accomplish this.

However, the results are a hit-and-miss. That’s because automation strips away the ability to maximize functionality. For example, if a vulnerability scanner only looks for specific bugs specified by an outdated CVE database, or doesn’t allow user-defined custom inputs, then you are limited to obtaining positive results. But even that doesn’t necessarily stop a dedicated cyber threat, who will simply move on to a method or technique that works.

ADVERTISEMENT

Mitigation helps withstand proliferation

In order to address the potential risks presented by automated hacking tools, it's imperative to adopt strong cybersecurity measures, regularly update systems and software, perform routine security audits, and raise awareness among users about the dangers linked to cyber threats. It's of utmost importance to partner with cybersecurity specialists and employ proactive defense tactics to effectively protect against potential attacks.

We cannot control what others do with these tools, but we can adopt and implement security standards to defend against the many cybersecurity threats that always lurk in the shadows, looking for a way in. Rather than worrying about unforeseeable threats, it's imperative to simply redirect our energies to what we can do, which is to develop and implement solutions that offer confidence to our cybersecurity lifestyles.