Hackers access files for the sound of keystrokes
Posted on October 7, 2019 by Noble
A study has from Southern Methodist University in Texas has found that hackers can work out your online password from the sound of your keystrokes. In trials, cyber experts were able to detect what was being typed with remarkable accuracy using just a smartphone.To understand the implications and preventive actions that can be considered, Digital Journal spoke with Ivan Blesa, Director of Technology, Noble.
Digital Journal: What is the newly identified hacking threat?
Ivan Blesa: The threat landscape is constantly evolving, with cybercriminals regularly coming up with new and innovative ways to wreak havoc on businesses.
For example, researchers recently discovered that hackers can work out your online password from the sound of your keystrokes. In this case, we’re lucky the threat was discovered by researchers looking to improve security, but worryingly, cyber-criminals could use this method of hacking passwords to break into networks without being detected.
Therefore, it’s crucial that businesses have the tools in place to detect intrusions before any business systems are compromised or data stolen.
DJ: What are the main risks for businesses?
Blesa: This study, and the countless number of breaches that make the news, are further nails in the coffin for passwords as an authentication method. Businesses that are still relying on them should rethink their strategy. Implementing multi-factor authentication across enterprise accounts is a great first step towards adding an extra layer of security.
DJ: Where are most of these hacks coming from?
Blesa: Cyber-criminals operate in a global environment, and they’re very good at collaborating and hiding their traces. They evolve very fast, and when they strike, they strike hard. Businesses shouldn’t take a reactive approach to defending their organisation by assuming they can work out where the next hack will come from and where it will hit. Instead they should be developing a proactive security posture to prevent attacks from occurring in the first place.
DJ: How can businesses detect these threats?
Blesa: Many businesses rely on network monitoring systems to detect threats to their organisation. Unfortunately, legacy approaches to network monitoring, with systems powered by rule-based automation that works off historical data are no longer adequate. The danger lies in the fact that threat detection is entirely restricted to previously seen malicious behaviour, hindering organisations in their ability to detect new threats.
The good news is technology has advanced so that we’re now seeing a new breed of intelligent network monitoring able to analyse vast amounts of data in real time, detect anomalies, and proactively identify new threats. These tools are powered by advanced automation methods, specifically unsupervised deep learning, driven by unsupervised algorithms that do not focus on previous detected malicious activity.
Instead, it continuously adapts and responds to an organisation’s network behaviour to detect anomalies and proactively look for the unknown, to uncover the first-seen and most sophisticated attacks that we’re witnessing today.