London, 6 August 2014 – The largest ever data breach may have been performed by a Russian crime syndicate, according to the New York Times. Amassing the largest known colen Internet credentials, over 500 Million email addresses, and a staggering 1.2 Billion usernames and passwords have been compromised.
Reportedly, the findings of Hold Security in Milwaukee USA, have been verified by independent 3rd parties, and are now being used by the firm to leverage revenue from the potential victims, as reported by the Wall Street Journal.
“One can understand their approach, as they are running a business, but it is rather unusual for them not to just immediately alert the victims, and then offer remediation services.” commented Infosec Partners Commercial Director, Fran Ordillano. “We’ve found that acts of good-will, go a long way and help to strengthen our relationships with clients”.
Using botnets, vulnerabilities of more than 420 thousand websites were targeted in order to obtain databases which were then used to ‘attack e-mail providers, social media, and other websites to distribute spam to victims and install malicious redirections on legitimate systems’.
What precautions should we take in light of this news?
1. Change passwords, usernames
- Ensure you have strong passwords, and take care on how you store and communicate them.
- It’s still very common to find default admin usernames and password on devices, make sure they have been changed again.
2. Shut down accounts not used
- Another security fundamental that often gets overlooked in staff changes, and system changes. These accounts may have administrative access that pose a significant risk to the organisation.
3. Test all sites and internet visible systems
- Make sure that all patching is up to date, and your internet visible systems have been thoroughly tested for vulnerabilities.
4. Ensure monitoring and alerting are robust
- You’ve installed ‘alarms’, make sure they’re switched on and configured correctly.
More details are likely to soon unfurl on this story, but it’s a reminder for us all to again address and maintain fundamental security essentials, as discussed recently at The Guardian. Timely patching through best of breed solutions like Secunia CSI will reduce the likelihood of known vulnerabilities being targeted. Behaviour-based Web Application Firewalls like FortiWeb as an additional layer on to our your firewall and IPS, will make sure that online applications are secured. Whilst USM from AlienVault, or traditional SIEM solutions like LogRhythm, can help make sure you are alerted of any suspicious behaviour, and can easily manage any post breach remediation.
As a trusted adviser to significant organizations, Infosec Partners has a track record of guiding executive teams with their overall security strategy, either acting as – or assisting incumbent – Chief Information Security Officers. With a ready to mobilize team of technical experts adept at Security Vulnerability & Penetration Testing, there’s no better time to reduce your exposure to hackers, Russian or otherwise.