4 Ways Hackers Are Using Data Science to Steal Billions

Technology photo created by pressfoto - www.freepik.com

Most data scientists you know are on the “good” side of data science. They work at top tech companies. They use their powers for good, building products, spotting trends, and even actively working to stop hackers. For example, a new field of data science called Phishitycs uses machine learning to stop phishing attacks.

Even if data scientists aren’t employed directly, many operate as ethical hackers, using their skills to spot and help companies shore up weaknesses to earn bounties. 

However, as data science becomes a more common skill, many hackers are using it as a tool to steal corporate data, personal data, privacy invasion, or any other important information that can harm the business.

It shouldn’t come as a surprise. The data science field and the hacking field have a lot in common, despite being on opposite sides of legality. Data science requires a lot of thinking outside the box, problem-solving, and analytical thinking. So does hacking. 

The best way to stop your enemy is to know your enemy. Here are four ways hackers are using data science - and how they can be stopped.

1. Hackers use machine learning to improve efficiency against humans

 
One of the most common - and most successful - types of hacking is imitating other humans at the company to gain access to emails, secure servers, and more. This type of hacking includes spoofing, phishing, spear phishing, and impersonation.

Hackers have begun using machine learning to better imitate human speech and text patterns. Just as machine learning can be used to help natural language processing progress as a field, the same skills can be used to make hackers sound more realistic. 

A hacker might use machine learning to analyze how your CTO speaks and writes, using social networks. Then she might successfully impersonate your CTO, getting you to click on a malicious link. 

2. Hackers use machine learning to overcome security systems once inside

 
Artificial intelligence and machine learning can use clever ransomware and malware that are increasingly adaptive against threats. 

One issue a lot of companies face is that their security systems are passive and reactive, rather than active. As hackers have built malware that is more and more intelligent and has the ability to recognize security software and adapt to it accordingly to remain hidden, companies must develop their own intelligent security systems. 

So far, they have not done so well at this. Last year alone, cybercrime cost companies a total of $20 billion, a number that has been steadily increasing over the past few years. 

3. Hackers build bots that can click that small checkbox

 
Everyone is familiar with ticking the box that confirms you’re not a bot, called CAPTCHAs. Most of us are familiar with the slightly annoying and weirdly sad collection of pictures that come afterward, asking us to identify the traffic light, boat, train, or other random objects in a grid. 

Even more annoying than me, a human, being asked to prove I’m not a bot is the realization that a bot can probably do that, too. Nowadays, anyone who’s used Google’s search functionality through images should know that machine learning and algorithms can be used to train bots that are capable of overcoming these security measures. 

“There are many ways to get past the text CAPTCHAs on their own. Researchers demonstrated how they could write a program that beats image recognition tests. CAPTCHAs can irritate users, who find themselves stuck on a webpage while waiting for the CAPTCHA test. In some cases, this leads them to feel discouraged and give up altogether,” writes Ali Qamar in Techgenix. 

4. Overloading with DoS or DDoS attacks

 
DoS (Denial of Service) or DDoS (distributed denial of service) attacks are among the most famous hacker accomplishments in the news lately. Hackers will overwhelm the bandwidth or infrastructure of their target with a flood of simulated web traffic. This makes it hard or impossible for real visitors to use the site, disrupting commerce. 

The biggest attack was on Google back in 2017 - though they only disclosed the attack in 2020. 

While DoS attacks can use a single device, sturdier DDoS attacks rely on a network of “zombies,” which are devices infected with a particular malware that allows a hacker to remotely control their activity. These DDoS attacks rely on algorithms to coordinate these attacks together. As the IoT has become more widespread, hackers have grown more proficient at infecting just about any device, from a company server to the wifi-enabled fridge. 

How can companies overcome these issues?

 
Reading the list above, it’s easy to feel overwhelmed. Luckily, for every hacker, there is a data science working diligently to stop them. The same tools can be flipped around and made to protect companies rather than infiltrate them. Not only that but a lot of attacks can be stopped with training and common sense. Here are three ways to rebuff modern hackers.

1. Invest in the right technology

 
Hackers evolved when companies began moving to the cloud since a lot of security issues arise when a company moves to the cloud, which improves service but causes greater security threats. To address this weakness, many companies are upgrading too, using a secure access service edge, or SASE. Being able to customize security settings and operational needs means companies can flexibly build a security architecture that works for them. 

2. Get proactive

 
Companies should aim to build more proactive and predictive security models rather than the reactive models that are the standard today. Companies can feed machine learning algorithms with historical and current information about cyber intrusions to predict and detect these, working as the human immune system to identify threats even as they shift. 

3. Focus on the people, not the machines

 
One of my favorite folktales about hackers is when a class of future computer scientists was asked to try to hack into their university servers. Most were unable to detect any vulnerabilities or get past the powerful firewalls.
 
One woman, however, put on a fake lanyard and simply tried to walk into the building where the servers were kept. She pretended her lanyard didn’t work and was let through the doors by a helpful employee. Once inside, she pretended she had forgotten the password to log in and asked for it. Again, she was able to get inside the systems. 

Her skill wasn’t technical, but psychological. Many hackers rely on the same skillset. So many of these hackers can be stopped by reducing human error. Don’t click on the link in the email. Don’t download the attachment. Don’t trust what you read. With that alone, you can eliminate many of the hackers’ attempts to get inside. 

 
 
Zulie Rane is a freelance writer and coding enthusiast.