Cybercriminals have been a constant since the Internet’s worldwide usage and are a growing problem that has no easy solution with the present model. Cyberattacks are constantly occurring, as we all know, due to the centralized internet infrastructure we follow today, due to the lack of a well-designed security measure some decades ago when the implementation of the World Wide Web took place.
As a cause of these vulnerabilities, the World Wide Web has become a hub for hackers who are grateful for deploying the Internet of Things into centralization. Having a central point in which to actuate and the cheapness of producing mayhem via Distributed Denial of Service (DDoS), or malware, the future looks bright for cybercriminals.
To understand the importance of bringing a change to this cyberattack frenzy, let’s dig into the exponential growth of hacking. As one of the major and recent cyberattacks, the Cit0day Breach Collection reached over 13 billion users’ data, extracted from 23K+ different databases, during 2020. And looking at specific data breaches, no one is safe; Heartland Payment Systems, Capital One, Equifax, MySpace, Friend Finder Network, Marriott Hotels, Yahoo, Facebook, and First American, are some big names hacked.
Cyberattacks have exposed private data such as names, addresses, credit scores, payment histories, bank account numbers, and credit card applications. As for email domains hacked, we find yahoo.com, gmail.com, hotmail.com, mail.ru, and aol.com, which presents the vast problem today’s centralized model presents. Hackers access even 500 Fortune corporations, and one of the main problems is using bad password usage by employers.
These cyberattacks with a worldwide IoT implementation within households, healthcare, and transport, are extremely dangerous. Acting not just on the economy but on human lives, it is imperative to solve the issue before whole societies are in danger, and the required solutions come through changing the current centralized Internet model.
Above, we mentioned how cybercriminals and cyberterrorists could access databases and retrieve private information. Now let’s look at these in more detail — DDoS, Ransomware, Malware, and Phishing.
DDoS attacks are designed to saturate the organization’s online operations with many requests that cripple interruption in one or more of its services. The attack floods their resources with HTTP requests and traffic, denying access to legitimate users. Therefore, a DDoS attack’s strategy involves using what appears to be legitimate requests to overwhelm systems.
There are also different types of DDoS attacks:
1. Application Layer: The attacks target the software that provides a service or cloud provider applications, known as the most common DDoS attack. It is also referred to as Layer 7 attacks concerning the number of the application layer in the OSI/RM (Open Systems Interconnection--Reference Model).
2. Protocol: Actuates by consuming the resources of critical servers and network-based devices, e.g., the server’s operating system or firewalls. These attacks target layers 3 and 4 of the OSI/RM (the network and transport layers, respectively).
3. Volumetric: In this case, the focus is to exploit the normal operations of the internet, creating massive network traffic floods consuming the organization’s bandwidth.
To understand the amplitude and threats DDoS attacks can generate in all industry verticals, and thus, we summarize some facts and the importance of being aware of them.
Recent research observed an increase in the number of large DDoS attacks (500Mbps and 50Kbps), and those over 100 GB/s in volume have increased nearly tenfold. Attacks have become more sophisticated by combining DDoS with other attacks, including ransomware. The growth of artificial intelligence (AI) and machine learning adoption is aiding to perform sophisticated network reconnaissance to target the weakest systems. Other forms of AI usage help reconfigure attacks to thwart detection and change strategy.
Examples of major DDoS attacks include the recent Amazon Web Services (AWS), which occurred in February 2020. The leading provider of cloud computing services combatted the attack during a three-day incursion. The Google September 2017 DDoS attack originated from a state-sponsored group of cybercriminals out of China and spanned six months.
Ransomware is malware from cryptovirology threatening to publish personal data or perpetually block access to it unless a ransom is paid. This type of cyberattack is actioned via a Trojan acting as a legitimate file, tricking the user into downloading or opening it, entering a system through, for example:
· A malicious attachment.
· The embedded link in a Phishing email.
· Vulnerability in a network service.
Recent examples of ransomware attacks that have successfully reached their target are the WannaCry, in May 2017, an attack that spread through the Internet. The ransomware attack infected over 230K computers in over 150 countries, affecting Telefónica, the British National Health Service (NHS), FedEx, Deutsche Bahn, Honda, and Renault.
Another example happening this year occurred on May 7, 2021, when a cyberattack was executed on the US Colonial Pipeline. The Federal Bureau of Investigation identified DarkSide as the Colonial Pipeline ransomware attack perpetrator, which led to a voluntary shutdown of the main pipeline supplying 45% of fuel to the East Coast of the United States. DarkSide successfully extorted about 75 Bitcoin (almost US$5 million) from Colonial Pipeline.
Malware is software that has been created to damage or utilize a part of software or hardware. It is a collective name used to describe ransomware, viruses, Trojans, spyware, etc. Some of the most common malware delivery methods are:
· Messaging apps
· Pop-up alerts
· Drive-by downloads
· Personal installation
· Physical media
Phishing grounds its potential by sending a fraudulent message to trick the receiver into exposing sensitive information or deploying malicious software into the victim's infrastructure. It is essential to know that as of 2020, phishing has become one of the most common attacks performed by cybercriminals.
· FBI's Internet Crime Complaint Center — Recorded over twice as many phishing incidents than any other type of computer crime.
Email phishing is one of the most common and known ways of proceeding by cybercriminals. It has variations such as Spear phishing (curated to specific victims), Whaling and CEO fraud (targeting high executives), and Clone phishing (replicating an existing email). Other phishing techniques include Voice phishing or vishing (using telephone calls), SMS phishing or smishing (cell phone text messages), and page hijacking (compromising legitimate web pages).
As can be seen from the quick presentation of these major cyberattacks, which are intertwined and connected, they are an on-growing constant problem. When IoT devices deployment is at full speed and billions of sensors, wearables, IT devices, etc., are connected, the potential for wreaking havoc increases exponentially.
To offer a solution in which cyber-criminals and cyber-terrorists will have a much harder time creating data breaches and DDoS through the internet's decentralization. Designing an alternative software layer within the decentralized Internet deletes a center point for cybercriminals to target. IoT can be added into clustered data walled gardens where the data flow moves and is secured using peer-to-peer platforms.
This solution uses scalability to offer node actuators when necessary inside walled gardens that do not need to move data to server centers to be processed. This results in minimum vulnerabilities for the data transmitted through each specific necessity (apartments, hospitals, businesses, etc.). In addition, this model can provide assets to each node that offers resources to the network, giving ownership to each node within the network.
Therefore, using a decentralized model for the future of the Internet and the cyber-criminal deletion for the IoT deployment within Smart Cities and Smart Nations. Initiates a sustainable, scalable, secure, and fast infrastructure that is governed by a well-designed edge computing platform working where it is essentially required. Data processing is zero-trust and can transfer data into tangible information for professionals on a real-time basis.
Internet of Everything Corp (IoECorp), with the aid of Quantum1Net, is offering the Eden System solution that provides a structured platform complying with three basic risk threats. These are sensor risks and are the fact that all businesses, corporations, governments, and institutions are aware of — sensors breakdown when in the millions, creating three basic malfunctions:
-> Broken or dead sensors
-> Incorrect data transmission to AI (Artificial Intelligence)
-> Bad actors access
To overcome sensor breakdown, IoE Corp’s Eden offers groundbreaking solutions for the Internet of Everything and the Internet of Things by forming a decentralized infrastructure.
A solution that creates a DID (Decentralized ID) for broken or dead sensors to ignite an alarm to indicate the necessity to change the sensor. At the same time, by being a decentralized structure, the failure does not act upon the whole system. The exact implementation procedure ignites in the scenario of a sensor injecting incorrect information into the AI system.
The above malfunctions have an “easy” fix by simply changing the sensors when broken or dead, rearranging the malfunctioning sensor that feeds incorrect data to the AI system, or replacing the sensor in the worst-case scenario. The breakthrough Eden System permits lies in the capability of being decentralized, which gives the system a quick and easy-to-fix solution without huge side effects. Something a centralized infrastructure is not capable of achieving.
In the case of bad actors or cyberattacks access, the scenario can be very different for obvious reasons. What is imperative to be acknowledged, as we saw above, is that these cybercriminals are getting ready to act upon the billions of sensors that are needed to provide the IoT devices deployment. Devices set within all industries and private homes, actioning smart cities, smart homes, and smart hospitals.
This scenario offers excellent potential for cybercriminals to create tremendous havoc within all levels of society — economically and socially. An Internet-based decentralized End-to-End service platform as Eden System solves it.
Contact us for more information on our groundbreaking technology, or talk to one of our security experts.