Thursday, August 07, 2014
Organized cybercrime: 1.2 billion credentials stolen by Russian hackers
News of a massive stolen data collection should spur decision-makers to prioritize network security.
Secure File Transfer
Cybercriminals may not be the lone wolves that consumers and IT teams often picture. While many hackers prefer to work alone, organized cybercrime syndicates are proving to be an even more potent threat to those transferring private information via the Web.
The New York Times recently reported that a Russian hacker gang stole 1.2 billion data points, including user names, passwords, and email addresses—the largest-known aggregation of stolen credentials thus far. The group targeted 420,000 vulnerable websites of both small and large organizations, affirming the need for stronger cyber security across the board.
Hackers band together
Consumers, corporations, and public entities are all aware of the inherent risks of storing critical data on the Internet, and a number of high-profile data breaches have only hammered home the fact that up-to-date security measures are a must for industry giants.
At the same time, the Russian organization responsible for amassing this vast store of information showed that organizations of all sizes and sectors are vulnerable to a breach, The New York Times noted. Hold Security, the Milwaukee-based firm that revealed the Russian crime ring, explained that no exceptions were made by the thieves.
"Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," said Alex Holden, the founder and chief information security officer of Hold Security, as quoted by the source. "And most of these sites are still vulnerable."
Shoring up defenses
The coordinated nature of the Russian hacker group should signal to IT decision-makers across sectors that it is time to put cybersecurity at the top of their dockets. Passive, reactionary approaches to network defense must be swapped out for active efforts that ensure complete protection of company websites, employee login information, and end-user credentials.
"Companies that rely on user names and passwords have to develop a sense of urgency about changing this," said Avivah Litan, a security analyst at the research firm Gartner, as quoted by The New York Times. "Until they do, criminals will just keep stockpiling people's credentials."
PCMag explored the gang's hacking techniques in greater depth, explaining that SQL injections were used to tap into databases revealed to be vulnerable by botnets. Bolstering website defenses will be key in protecting networks against future attacks, but companies should also establish secure file transfer policies and solutions to safeguard critical data moving through their networks.