In a digital world where security breaches are becoming ever-more sophisticated and common place.
Onyx Group’s Hosting and Security Consultant Andrew Waite discusses how and why your business systems could be under attack, and the necessary measures needed to help prevent a breach.
It seems there are always stories related to information security these days. From TJX being breached to access numerous credit card details to Sony’s PlayStation Network breached in response to perceive persecution of GeoHot, Coca-Cola targeted in corporate espionage to Iran’s nuclear facilities being targeted by a joint US/Israeli intelligence operation.
Most people can understand the reasoning behind the headline making attacks, even if they don’t agree with them. But the question most commonly asked by those responsible for securing (vastly) smaller networks and organisations is ‘Why Me?’, usually followed up by the statement ‘I’ve got nothing anyone would want’. Unfortunately even if you’re not Sony or Coca-Cola, if you have systems on the Internet, they will be (and are) under attack.
Automated Scanning, Mass Propagation and ‘Script Kiddies’
Many systems, whether intentionally or as part of a compromise, continuously scan the Internet looking for insecure victims. From my own research, systems can be live for under a minute before coming under attack. Any common vulnerabilities present on the system will be exploited, with control of the system handed to the attacking parties, often to begin the cycle again looking for further hosts to attack.
Slightly higher up the sophistication chain from automated software are ‘Script Kiddies’ (low-skilled attackers utilising pre-built attack tools). If a system is vulnerable to an attack that they have an exploit for, the system will be compromised; if not, ‘Script Kiddies’ will often look elsewhere for a softer target.
Resources and Kudos
That’s the ‘who?’, but what about the ‘why?’ Whilst you might believe you have nothing worth taking, your online adversaries will disagree. At a minimum your IT systems will have resources that are valuable. These include:
- Storage: Whilst storage is getting cheaper, why incur the expense of a larger hard-drive or online backup service if you can compromise an unsuspecting system and store your data there for free. One of the stranger things I’ve found on a compromised system was the entire first 6 series of The Simpsons.
- Bandwidth: Your systems have the ability to send information to other systems on the Internet, and this can be used to attack other systems. Distributed Denial of Service (DDoS) attacks are essentially multiple systems requesting from the target system that is more than it can handle. This prevents legitimate users from accessing the system; similar to a traffic jam at rush-hour, or a stadium bar at half-time. Systems used for these attacks are openly sold and/or rented on the underground market for as little as $700 or $2 per hour.
- Free Hosting: Hosting systems, services and website online costs money. If attackers can compromise your systems, they will, as they can get the same level of service that costs you money, without paying a penny. In the past I’ve encountered everything from an Adult ‘introduction’ site, to an Anti-Government propaganda site when helping clients clean-up following a compromise.
- Anonymity: Once compromised, attackers are able to route their own internet traffic through your system, appearing to the outside world to be ‘you’. This can be done for a number of reasons; either to hide the true source of an attack on other systems, or to remain anonymous in parts of the world where the monitoring of citizens is common practice. Either way, you don’t want the trail to go cold on your systems when the Police or Intelligence Services come knocking.
- Because it can be done: Some people compromise systems simply to prove that a) it can be done, or b) that they can do it. This can be similar to the graffiti tagging of buildings in the physical world, often to (perceiveable) increase their reputation within hacking circles. Previously, some websites have even been created with the distinct purpose of allowing others to share and rate their hacking exploits.
Where’s the good news?
All of the above can seem daunting, but the good news is basic system security and administration can protect most of the low-hanging fruit which attackers leverage to achieve mass compromises. Consider if you have:
- Implemented solid perimeter security (firewalls) to reduce the available attack surface to your systems
- Applied patches and updates to all systems
- Run anti-virus and other systems to identify elements of a compromise
- Changed default passwords on all systems/software and implemented a strong password policy
- Regularly review system security to identify any missing protections and remain up-to-date with the latest threats
Article written by Andrew Waite, Hosting and Security Consultant, Onyx Group. November 2012.
Onyx Group can assist with all of the above and more. To discuss any aspect of securing your systems and information please contact us today at 0800 970 9292 or email email@example.com.