Improve security profile

Jon Clay, security technology expert at Trend Micro, has written a blog about the Russian cyber gang who stole billions of passwords from both commercial websites and consumers.

August 8, 2014

Jon Clay, security technology expert at Trend Micro, has written a blog about the Russian cyber gang who stole billions of passwords from both commercial websites and consumers.

A challenge every day

“The recently disclosed Russian hack in which a Russian cyber gang stole billions of passwords from both commercial websites and consumers highlights the challenges we all face in our day to day activities on the web. Cyber thieves are targeting us all in their quest to make money and as we’ve talked about before, the Russian underground is the biggest and baddest of the underground economies. The goal of this group is to steal as much money from the West and bring into their own country, and as such, this won’t be the last time this occurs.

Cybercriminals can use these stolen credentials in a number of ways. Likely they are selling them within the underground for different amounts depending on the information stolen. Trend Micro researchers have been monitoring the Russian Underground market for a number of years and publishing prices of goods and services sold within. Besides looking for Twitter account credentials, the email addresses are likely being sold to spammers. From our Russian underground investigation the prices for spamming messages are below.”

Sell data is a good deal

“As you see, the prices of stolen data have been dropping each year, and as such cybercriminals need to steal more data to make the same amount of money. This is a key reason why we’re seeing more high-volume attacks, whether the recent retail breaches against vendors who process a lot of credit cards, or attacks like the one discussed here. Compromising sites is a lot more efficient than trying to compromise individual users directly.”

Capture d’écran 2014-08-08 à 12.22.56

Some best practices

Commercial

Monitor your website(s) regularly for malicious compromise. Cybercriminals have been using legitimate sites for years to infect their victims as most security vendors will not block a legitimate site. Scan for SQL Injections or cross-site scripts (malicious scripts) on your sites as well as check for known vulnerabilities in your web apps. Using a service that regularly scans your site for malicious activity can help here.
Secure your databases that host customer data as well as your own internal employee data. Only allow authorized users to access and if you can, add two-factor authentication for access. Also, encrypt the data if possible.

Consumer

The big challenge for consumers is when they visit a legitimate site that has been compromised, it is difficult to know. The best option for this is to ensure you have a good URL filtering solution that incorporates both web reputation and browser exploit prevention technology. Criminals usually redirect the user to another site where the actual infection occurs, and security vendors will block these redirects if not the legitimate site’s page if it is infecting the user outright.

Consumers are often sent spam or phishing emails that entice them to open a weaponized attachment or click on a link. Either of these actions can result in an infection. As such, a good anti-spam/anti-phishing solution that includes checking embedded URLs help. But also, be aware of who is sending you these emails and if they look fishy, they probably are.

“I recommend you update your passwords on most of your online accounts regularly and if you have access to a password manager that can create strong passwords for you as well as manage your multiple account credentials. Note, you should not use the same password among your accounts.”

[button color=”red” link=”http://blog.trendmicro.com/russian-hack-victim-insights/#.U-Sht1awmQt”]Read it all[/button]
Watch video

In the same category