Recent reports by technology firms Symantec and SplashData have highlighted new network attack methods and password weaknesses, with IT security in a tricky situation as it attempts to keep up.
Findings in the Symantec Internet Security Threat Report of April, 2016, point to an increase in zero-day vulnerabilities being discovered and collected by hacker groups along with new types of ransomware attacks.
Hackers collecting rare software vulnerabilities
A zero-day exploit or vulnerability in technology is a method of entry to a network or control of software that is unknown to its creators.
These types of exploits are obviously undisclosed to the general public and are often only accessible via tor networking and black market trades – zero-day vulnerabilities are an addition to the illegal online industry that includes the sale of credit card numbers, ransomware scripts and phishing software.
Because software developers are generally unaware of zero-day exploits, the time available to implement a patch is incredibly limited. This response period is absolutely critical to the health of a business or a piece of software – it may take a short amount of time to generate a solution, but the numbers of infected devices and applications will be constantly on the rise until a fix is delivered.
Flash Player software is found on more than 1 billion connected devices.
Cybercriminals use flash – it’s super effective
Abode Flash, or Shockwave Flash in some browsers, is a piece of software that you’ll find on nearly every computer. It enables individuals to stream music and video, enjoy interactive online multimedia and is said by Adobe to be found in 24 out of 25 top games on Facebook.
The software development company also states that Flash Player is found on more than 1 billion connected devices, with more than 400 million users updating their software within six weeks of a new release.
While these are figures that any company would be proud of, the report by Symantec also states that four of the five most regularly used exploits were found within Abobe Flash Player. This doesn’t necessarily show a decreased effort by the software development company to develop more stable applications, but the resilience that hackers will employ when attempting to crack a system.
Because of this, it’s crucial for a company to regularly maintain software updates, to be at the frontline of network security by not looking to meet hackers in the battle, but to mitigate the damage with disaster recovery solutions.
We can see that the moral of the story above is less about trying to make software or a network unhackable, but to be vigilant, and always prepared to respond with an effective redundancy plan.
Easy passwords barely break a brute force sweat
A brute force attack is a common method used by hackers to reveal a user’s password, with collected information run through a dictionary file within a password cracking program.
While a lengthy process of achieving their goal, this way of unlocking a system still proves successful as users refuse to update their password security levels.
In a list simply titled Worst Passwords, SplashData investigated the increasingly poor levels of password security. Shockingly, “123456” and “password” are still the two highest results on the list – these passwords may only take a matter of seconds to break.
Looking at the rest of the list, good advice when creating a new password is to avoid the common pitfalls of hobbies, dates and interests. With inclusion such as “baseball”, “football” and “starwars”, when it comes time to generate passwords, whether you’re an individual or a company, make sure you consider the most secure approach possible.
At the end of 2015, a record data breach totaled up to 191 million records.
The real cost of a data breach
Data breaches are a lucrative business for hackers. At the end of 2015, according to the Symantec report, a record data breach totaled up to 191 million records. This wasn’t the only isolated incident of the year, however, with this final attack only one of nine breaches to expose more than 10 million records.
When we think about this amount of information – almost 200 million records – you may be obliged to believe that the individual cost of these pieces of data is insignificant.
No matter the size of your company, the cost of a data breach will always sting. According to research conducted by the Ponemon Institute and sponsored by IBM, a single record of healthcare or education data valued at US$355 and $246 respectively.
An active solution with NetCraft
The hidden cost of an attack is also public perception of your security weaknesses, and potential loss of business during the fallout.
NetCraft can offer a business solution for monitoring your network accessible devices – intended to send alerts to designated staff if an undesirable event occurs.
Providing you with technical assistance 24 hours a day, 7 days a week, there’s never been a better time to reach out to NetCraft.