Understanding Why Passwords are so Valuable to Hackers Can both Explain and Prepare Enterprises to Deal with Potential Security Vulnerabilities…
The big story making its way through the news cycles over the past several days is that criminals have stolen the usernames and passwords for approximately two million accounts from Facebook, Google, Twitter, Yahoo, and several others. According to CNN, this massive data breach was a result of malware: key logging software was maliciously installed on a significant number of computers around the world, and as users logged into their accounts, it sent their credentials to a server managed by the team behind the virus.
On Nov. 24, Trustwave researchers tracked that server to a location in the Netherlands. They discovered compromised credentials for more than 93,000 websites, including 318,000 Facebook (FB, Fortune 500) accounts, 70,000 Gmail, Google+ and YouTube accounts, 60,000 Yahoo (YHOO, Fortune 500) accounts, 22,000 Twitter (TWTR) accounts, and 8,000 LinkedIn (LNKD) accounts among others.
According to Trustwave’s security analysts, to determine if a particular computer is infected, simply searching programs and files will generally not suffice, because the virus intentionally obfuscates itself. Antivirus platforms should be updated, along with Internet browsers (although at this point, you should really be running a browser capable of automatically updating itself, such as Chrome or Firefox), the typical roundup of Adobe products (ADBE), and Java.
Thankfully, the compromise of two million passwords is not an common occurrence, but smaller and sometimes more significant breaches are undeniably taking place every day. According to a recent Forrester report, 62% of all breaches yield sensitive personal information or trade secrets, and an additional 25% compromise authentication credentials. So how can companies and individuals protect themselves after the fact when a breach does occur?
Preparation, data, and insight will always be the most powerful weapons in defending against criminal hacking, both before and after a data loss event occurs. If you are not aware of where your risks are and taking steps to address those risks directly, you will be powerless to assess and prevent reputation damage or monetary loss. A core component of any enterprise security program in today’s hyperconnected social and mobile technology ecosystem is access and account monitoring, coupled with a notification system that makes the owner of sensitive data immediately aware of potential threat. In other words, data loss like this recent event does not occur in a vacuum, or by magic: it is the result of systematic failure, typically the combination of inadequate visibility around potential risk as well as insufficient remediation and forensic technologies to properly manage potential loss before it happens.
Understanding why passwords are so valuable to hackers can both explain and prepare enterprises to deal with potential security vulnerabilities. There are potentially hundreds of uses for stolen passwords once they are obtained. Examine for a moment why the compromise of an employee’s Facebook or Twitter password can hold so much significance for an enterprise organization: weak passwords are pervasive on these consumer services, which are often shared either directly or indirectly via OAUTH with the organizational domain, users have been taught that they are rarely if ever responsible for data security, and the lines between personal and professional usage of devices and software are blurred.
The most common next step is for criminals to run software that will utilize the same email/password combinations on other sites to see if they can get into people’s financial or social media accounts. From there, given the amount of information that exists in user profiles such as LinkedIn or Facebook, it is fairly easy for nefarious parties to create a spear phishing campaign against perceived high-value targets such as company executives and managers.
Armed with this knowledge, security professionals should be extra vigilant in studying data access patterns after these types of events in order to identify anomalies. Out of the norm traffic from certain geographic regions or the continuous appearance of a small number of users are just a couple of indicators that something could be wrong and that the network may have been compromised. Remember, it’s always better to be proactive in these situations than reactive.
So while the news cycle winds down on this latest breach, rest assured that another security headline is not far behind. The question every security practitioner should be asking themselves in the meantime is whether they are adequately prepared for the potential fallout.
Security is one of the most interesting areas of technology due to its rapid pace and continuously changing environment. The need to keep pace with the hackers, latest vulnerabilities and schemes is what draws most of us to the profession to begin with. Yet, despite the almost constant uncertainty, there are few things we have come to rely upon as near guarantees: there will always be new attacks, criminals will continue to become more sophisticated in their approaches, and end-users will remain the first and best potential defense, but only if properly trained and encouraged to act as such. Knowing this is half the battle; the other half is data, insight, and intelligence.