If businesses are to survive the growing threat of DDoS (Distributed Denial of Service) attacks, then DDoS protection must evolve quickly and respond even faster. Hackers have no shortage of options when it comes to launching DDoS attacks. In early October, Akamai warned that hackers are now targeting Universal Plug and Play devices, or UPnP, to launch their attacks. The firm estimated that there were more than 4 million UPnP devices, from home routers to web cams, that were vulnerable to being conscripted by hackers to launch devastating DDoS attacks.
Author: Lauren Papagalos Page 18 of 26
With thousands of attacks daily on websites of all sizes, we thought we’d get your day started with some simple website security tips that should be a regular and central part of your security routine. And here’s why.
As hackers of all sorts constantly probe businesses of all sizes for any kind of vulnerability they can exploit, websites could by far be the biggest hole in security. And just one recent hack should have been a wakeup call for anyone responsible for website security. In the world of security breaches it seems like a lifetime ago, but it was less than three months ago that a company called Hold Security reported finding a stash of more than a billion usernames and passwords, along with half a billion email addresses, on the servers of Russian hackers.
Who would consider the possibility of a USB exploit? Whether it’s malware prevention, detection, or removal, the sneaky critters are now getting so clever the challenge of dealing with them just seems to get harder. And sometimes people just get in the way.
You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer.
Story Of A USB Exploit
A couple of months back, a fellow security hack told me the story of a simple but effective way hackers had found to break into a business simply by exploiting the curiosity of a CEO.
Remember Heartbleed, that age-old bug that only surfaced last year and left more than half of all internet servers around the world exposed? Looks like we might have yet another Heartbleed on our hands. This one has been codenamed Shellshock. Experts are already saying the Shellshock exploit could impact millions of Unix systems that operate on Linux or Mac iOS. And may even threaten consumer devices including home routers.
It’s been a good time for malware and its authors, but a very bad time for businesses and especially those that have suffered a data breach. A variety of point of sale (PoS) malware has run rampant through thousands of business and retailers in just the last few months, creating a massive haul of stolen credentials for hackers worldwide. And making consumers a very nervous bunch.
The Home Depot Data Breach
The latest victim is Home Depot, which only just announced that it had lost at least 56 million customer credit and debit cards to hackers who used a variant of PoS malware that’s growing in popularity amongst criminals — because it apparently works very well.
When Did The Need for DDoS Protection Begin?
It’s been a while since the world first started hearing about Denial of Service attacks. It was February 2000, and in the space of just one week, major websites like Yahoo!, eBay, CNN, E-Trade, and Amazon were experiencing inexplicable outages that lasted for more than an hour in some cases. And those outages were costing them millions of dollars in lost revenues.
A little investigating, combined with loose lips on the part of the offender, eventually pointed law enforcement to a 15-year-old Canadian high school student going by the handle MafiaBoy.
As yet another series of data breaches unfolds, there’s been more focus on PCI compliance than ever before. And for good reason. Apparently the PCI Standards Council, the body that overseas PCI, thinks that too many companies are failing in their obligations.
In just the last two weeks we’ve seen major data breaches announced at firms like JP Morgan Chase, Community Health Systems (4.5 million Social Security Numbers exposed), UPS, Dairy Queen, and more than 1,000 retailers.
There’s no such thing as an easy security breach. Unless of course you’re a hacker — all too often they seem to easily breach the security of way too many websites. (Check out the OWASP Top 10 to learn more about common exploits)
But if you’re a business owner, being the victim of a data breach is certainly costly. Just how costly is a data breach? Well, that depends a great deal on circumstances and luck.
But here’s just a selection of some of the costs you might be facing:
Seems like just about everyone thought that the massive Target data breach earlier this year would be the biggest for a while. Yet only a matter of weeks later, eBay announced a data breach that was even bigger.
Now we’re learning of a hacker haul that makes those earlier breaches look like chump change. Security researchers in Milwaukee revealed that they’ve been monitoring a hacking gang operating from a small Russian town, and found the gang had managed to amass a database of more than 1.5 billion stolen credentials.
Here’s just a sample of what the investigators learned about the hackers, and the implications of their haul:
Seems like hardly a day goes by without a report of yet another data breach. And that’s because a day doesn’t go by without one. There has been an average of one reported data breach every day for the last five years, and 2014 has no intention of bucking the trend.
According to the non-profit Identity Theft Resource Center, there have been 411 reported data breaches in the U.S. in the first six months of this year. That works out to an average of more than two data breaches every day. And those data breaches combined have exposed an estimated 11 million records.