4.5 billion records stolen by cyber criminals
Reports have been confirmed that over four billion records from 500 million addresses have been stolen by by a Russian group. From buying a set of stolen details on a Dark Web Site the gang was able to install malware on systems using both social media and email exploits. These infected systems were then used to expand the theft as their botnet grew through SQL injection attacks and other vulnerabilities enabling them to steal more data from more websites.
This process was repeated time and again as the attacked spread across the Internet. The reported theft is one of the biggest known and has affected hundreds of thousands of sites, from the largest to the smallest. Hold Security, the firm that identified the attack believes that most of the sites affected are still vulnerable.
Information on the attack provided by Hold Security has been analyzed by independent security experts who have confirmed it's authenticity.
Though the information stolen has been used to spread spam through email and social networks, it does not yet appear to have been widely sold on to others though as so many people use their email addresses and relatively simple passwords for much of their online activity this could provide lucrative for the gang.
The frequency and scale of attacks of this type raises really questions around about using simple username and password combinations for security. The basic rules for for passwords have been established for a long time with users asked to change them frequently, increase the length and include characters and numbers to disrupt a brute force attack, but still the breaches continue.
The more widespread use of "two factor authentication" would be significant in defeating most attacks of this type, but requires behavioural changes and buy-in form both users and companies.
Two factor authentication works by connecting the login process to another device, such as a mobile phone or tablet, that then provides the capability to add unique one-time codes to enable access.
Russell Price of the Continuity Forum said "We have the capability to dramatically reduce the risk posed by attacks of this type, but at the moment the technology to do it is not being applied by many of those most at risk". He added " a big part of the problem is that a lot of firms just aren't properly analyzing and importantly quantifying the risks around the data and processes they depend on."
He continued says "Boards need to wake up to the risks they are taking and challenge those responsible for their IT to show that they are implementing good practice IT and Cyber measures that are appropriate and known to be effective. At the moment there is considerable uncertainty or confusion around the capabilities actually needed by the business at both the executive and technical level. Directors should really be showing their leadership on this issue and demanding regular reviews, testing and improvements in computer security, based on the evolving threats being faced."