Hackers are looking for a breach in your company’s security 24/7. AXS Guard not only aims to act as an external door that prevents attackers from entering, but also to alert SMEs to the danger.

Alex Ongena, CEO of Belgian cybersecurity company AXS Guard, puts it succinctly: “We stop up to ten million potential attacks on our customers every day.” This impressive statistic requires context. Most of the connections that the AXS Guard firewall stops are intruders taking an exploratory look at your IT systems.

“Hackers first search the large pool and then delve deeper. “You inventory everything that is on your servers to create a “fingerprint” of your IT systems: what software you use, what vulnerabilities there are, etc. This is completely automated,” explains Ongena.

Only one of these ten million connections needs to be successful to make your company the next victim. AXS Guard recently published figures on the Belgian cybersecurity landscape to convey this message to SMEs. This is still important in 2023, Ongena notes: “Business leaders still fall off their chairs when I tell them this.”

You need it from your neighboring countries

Of course, it all starts with giving the attackers as little chance as possible to penetrate. But how do you know whether a login attempt comes from a trustworthy person or not? AXS Guard can usually detect this quite quickly. Ongena: “Login services are the entry point for attackers. They bombard them with stolen items credentials or brute force. Login attempts that are too long or too fast can be an indication of suspicious activity. We can see that in real time.”

To be on the safe side, detection tools analyze multiple parameters on the fly to give a green or red light. A first indicator is the IP address, which tells you where the attack is coming from. You can prevent this by quickly blocking IP addresses from certain countries. We usually associate hackers (not wrongly) with countries we don’t have the best idea about: think Russia, North Korea, China and Iran. However, an analysis of AXS Guard log data shows that suspicious activity can also come from unexpected places, namely our neighboring countries.

Of course, there are some tricks an attacker can use to disguise his true origins, Ongena knows. “An attack never goes beyond one point. The first phases go through an automated hosting platform. At a certain point, the automation stops and the hacker still has to establish a direct connection. The data is then often exfiltrated to countries that are difficult for the police to reach. Geoblocking can then be the last resort to prevent this.”

Login attempts that are too long or too fast can be an indication of suspicious activity.

Alex Ongena, CEO AXS Guard

(Un)recognizable behavior

In addition to the IP address, the content of the connection packet, and especially the underlying behavior, also reveals a lot about the intentions of a network visitor. Ongena: “Our database is continuously updated whenever a new CVE (general vulnerability and danger) is known. Typical patterns can then be used to identify that a particular vulnerability is being exploited.

“Our tools also examine atypical behavior,” he continues. “Patterns that are not yet known can indicate a zero day. It is difficult to quantify how often this happens, but I would venture to say that it occurs in around twenty percent of the attacks we detect.”

Made by AI

The breakthrough of generative AI is creating new dynamics in the cybersecurity landscape. It no longer sounds like news that your mailbox is a popular target for attackers since we still send a lot of emails. If you ever ask ChatGPT to compose an email for a customer, you can assume that hackers have already discovered this trick.

“With the help of AI, emails can be made much more personal. First, hackers research the context of the person they want to target; They just look at your public social media profiles,” warns Ongena. “You entered this data into ChatGPT to write an email that fits exactly this context. For example, you may receive an email that appears to be from your boss. Each email reveals new information about you that can be further built upon. This triggers a chain reaction until you finally take action.”

AXS Guard investigates how to distinguish AI-generated texts from human texts. Ongena already notices one thing. “AI texts are written in perfect Dutch, there are rarely errors. This is unnatural because everyone makes typos when writing a quick email. It turns our view of cybercrime on its head: criminals used to give themselves away with childish spelling mistakes, but today they use language that is “too good”. Phishing emails with misspellings come from amateurs.”

“There will always be amateurs, but in general the environment is becoming more and more professional. It is important that you raise people’s awareness and provide them with sufficient training. The reality is that people continue to click on the wrong links every day,” says Ongena.

AI is turning our view of cybercrime on its head: criminals used to give themselves away with childish spelling mistakes, but now they use language that is “too good”.

Alex Ongena, CEO AXS Guard

Forbidden list

It is not uncommon for customers to voluntarily ask AXS Guard to add applications to the banned list. The security company blocks 390,000 applications every day. In a list that our editors can view, four categories dominate: social media, file sharing, media and protocols.

One can rightly ask whether this is always done from a security perspective. When companies ask AXS Guard to block Facebook, WhatsApp, or Netflix on corporate devices, they are more likely to eliminate a potential source of distraction than to view these apps as a risk. Both arguments come together in one application. “Due to government recommendations, the number of requests to block TikTok has increased very quickly. Not only in the public sector, but also in private companies,” explains Ongena.

It’s never personal

The numbers make it clear once again that the danger comes from all directions and in all shapes and sizes. This is also the last message that Ongena wants to convey to those who still doubt it. “You are never personally targeted. Everything happens automatically: from the initial clarification to sending the ransom offer. Only then can you see a person for the first time. That’s what makes it so scary.”

AXS Guard is committed to permanently changing the perception of business leaders. Ongena: “SMEs still too often think that they are not interesting enough. On the contrary: Smaller companies are easy victims because they are often not adequately secured and do not know where to start after an attack. This increases the willingness to pay. Criminals also know exactly how much ransom they can demand: the ransom amount will be less than the cost of completely rebuilding your business.”

Ongena adds: “Many existing security solutions have historically been aimed at large enterprises and are therefore completely unaffordable for SMBs.” We are changing this with our managed Observe & Protect service. Choosing the right security partner may be the most important decision a company has to make.”

Everything happens automatically: only after the “ransom offer” do you see a person for the first time.

Alex Ongena, CEO AXS Guard.

This editorial article was created in collaboration with AXS Guard.