It is another example of the law of unintended consequences. What is originally deemed to be a benefit to society can also have a dark side, comprised of unforeseen circumstances and unexpected interactions between different entities. There are many examples of this. For instance, it seems natural that governments should regulate the introduction of new drugs into the marketplace, but the lengthy and costly process it requires may stifle the rate of innovation, inadvertently causing more deaths in the end. Here is another example: computer processes just got a lot faster. So fast, that the brand-new Nvidia RTX 4090 can crack a password twice as fast as its predecessor, the RTX 3090.
The New Tool Choice of Today’s Hi-tech Criminal
There is a large appetite for Nvidia high-speed processors. While traditionally known as a high-performance gaming processors, these chips are also fueling the acceleration of AI technology into our daily lives. As it turns out, however, there is a big demand for them in the hacking community too. It isn’t just gamers, AI developers, and data scientists that appreciate speed. Cybercriminals do as well. Their goal is to get in and out of your network before being detected. That’s the aim of any criminal. In the 1920s bank robbers demanded faster getaway cars. In today’s era of digital transformation, it’s about processing speed.
Introducing the Nvidia RTX 4090
According to Nvidia’s website, the new RTX 4090 graphics card is the ultimate GeForce GPU that is redefining expectations regarding performance, efficiency, and AI-powered graphics. The Nvidia RTX series have played a significant role in the crypto mining revolution as these GPUs are designed to easily handle highly complex mathematical computations. Whether it is mining cryptocurrency, beating an opponent at your favorite game, or cracking passwords, the 24 GB of G6X onboard memory makes it a lot easier. Those who remain skeptical of the password-cracking proficiency of these powerful chips can view the actual results of a real brute-force attack that was made available on GitHub.
In tests against Microsoft’s New Technology LAN Manager (NTLM) authentication protocol, the RTX 4090 scored record speeds of 300GH/sec and 200kh/sec. A machine running eight RTX 4090 GPUs can rotate through 200 billion eight-character password combinations in a record 48 minutes using brute force methods. This of course assumes that someone put the effort to make a half-respectable password. According to the latest password statistics, the top three passwords are 123456, 123456789, and qwerty. Even with ordinary processors, these passwords can be cracked in a matter of seconds.
Low Cost of Entry for Cybercriminals
It isn’t just that fact that these ultra-fast processors are available on the open market today. The RTX 4090 can be readily purchased for between $1,300 and $1,600. That puts the price tag of the 8-processor package under $13,000, making password decryption affordable for many determined cybercriminals. This is one of the frustrating aspects of cybersecurity. The tools that cybercriminals use can be acquired at a fraction of what it costs to properly secure and protect all the digital assets in a network. While the global cybersecurity market amounted to more than $152 billion in 2020, it is estimated that the money spent by malicious actors to mount their attacks amounted to 35.8 billion that same year. the tools of the digital hacker are much cheaper than the security controls required of the digital defender. When it comes to the arms race of cybersecurity today, the bad guys have a huge monetary advantage.
The Vulnerability of Passwords
According to Microsoft’s 2022 Digital Defense Report, password-based attacks are the primary deployment method of attacks. In an average one second duration of time in 2022 there were as many as 1,000 password-based attacks, a 74% increase over the year prior. Despite the increased capabilities of hackers to decipher passwords, the percentage of online accounts protected by MFA remains low to this day. The fact is that while passwords may be the first line of defense for many accounts, they are the only defense in too many cases.
Nothing is Off the Table
The accelerating pace of innovation creates a real conundrum for the cybersecurity community. Digital technologies are now distributed freely to the masses without discerning consideration other than the ability to pay. Hackers are finding ways to utilize an assortment of tools and platforms that were never foreseen to serve malicious intent. In an effort to expand their distribution channel, cybercriminals are targeting legitimate platforms to snare unsuspecting users. It is kind of the same notion as a fisherman that stumbles upon a remote lake that no one has cast a line before, and the fish are all too eager to bite. An example of this was the documented compromise of a vulnerability found in the widely used Apache Log4j Java-based logging library back in 2021 that allowed unauthenticated remote code execution (RCE) and a complete system takeover.
An Accelerating Arms Race
For an SMB that is trying to focus on their core business in today’s highly dynamic and competitive markets, the task of securing their digital assets can be exasperating. Hackers are getting better tools thanks to technological innovation and the cost to arm themselves is substantially lower than it is to defend against them. Attack windows are being compressed thanks to the speed of better technology as hackers can scan for CVEs in your environment in a matter of minutes from the moment there are disclosed. What is an SMB to do?
Get a Head of the Hackers with a SOC
SMBs need an edge today to make up for the growing advantages that bad actors have. That edge comes in the form of 24/7 monitoring, experienced security professionals that know how to fully leverage your available security tools, and a capable incident response team. That is where a security operations center (SOC) comes into play. The accelerated speeds at which hackers operate now require constant vigilance. That includes non-business hours, and a SOC can ensure that you have the security controls and people in place to combat and remediate today’s threats.
Technology alone isn’t going to resolve your cybersecurity threats because technology innovation in the wrong hands can just as simply undermine your defensive efforts without the right strategies and personnel in place. Don’t be blindsided by the law of unintended consequences. Be prepared for it because the stakes are only getting higher.