Dive Brief:
- Between January and March, bad actors launching fake Internet Explorer 6 browsers have increased more than 350%, according to data from Cloudflare. Other top internet cyberattacks are cross site-scripting and WordPress site manipulation, up about 300% and 250%, respectively.
- Because Internet Explorer is "ancient," the attacks indicate the perpetrators are unsophisticated and simply downloaded outdated but available tools to initiate a cyberattack, John Graham-Cumming, CTO of Cloudflare, told CIO Dive.
- Attacks accessing backup files have decreased nearly 50%, according to the report. There's also been a decline in credential stuffing; a common tactic of nation-state actors from Asian countries, which were put under lockdown due to the coronavirus outbreak before most of the world, according to Graham-Cumming.
Dive Insight:
The attack methods observed by Cloudflare are classic forms of hacking.
This is the time of the year universities are usually on a type of break, and bored technically savvy students "will come along and try and break into things because they've got time on their hands," said Graham-Cumming. It's almost a "recreational" activity for students.
Hacking is a time-consuming activity, requiring trial and error to find and execute flaws. All hackers need is access to tools which "relatively unsophisticated hackers" can download at will, he said. It's "a combination of available tools and time you get, I think, what's happening today."
While amateur hackers are testing their capabilities online, companies in the internet space, such as Cloudflare, are honing their security protocols.
In July Cloudflare suffered an outage, which highlighted the fragility of the internet and its interconnectedness after an issue with border gateway protocol (BGP). BGP links the interconnections between different autonomous systems.
BGP is the heart of the internet, but there is no security fundamentally built into it. When BGP was built, there was no reason to doubt the validity of the information that flowed from the internet. Times have obviously changed.
Larger networks are adopting resource public key infrastructure (RPKI), "which is the cryptographic way of detecting a leak," said Graham-Cumming. "That will prevent those leaks going out there."
About half of internet traffic is "behind a network" that uses RPKI validation, he said. Providers were hesitant of adopting RPKI because "it was hard to do," said Graham-Cumming. There was "slowness" by international manufacturers of network hardware to support what they needed to support. "And then, you know, it's just inertia, right?"