Hackers’ Greater Knowledge on Value of Data Endangers Businesses

Bob Styran, IT audit expert
April 18, 2011 /

While hackers have now escalated their efforts to target data stored in the networks of businesses, most enterprises are still ignoring the call to tighten their data security, noted a security researcher.

Noa Bar-Yosef, senior security strategist at Imperva, a database and application security vendor, has been monitoring several hacker forums and analyzing their tools in attacking networks. Her latest findings revealed that hackers are now shifting their focus on the credentials of customers, “which they are commoditizing.”

Earlier this month, software company Informatica reported that 39pc of financial companies have suffered major losses of data that disrupted their operations. The report added that 74pc of the surveyed firms acknowledged the fact that they still have a long way to go to tighten their customers’ data security.

Bar-Yosef cited as example of hackers’ target the online services that are way more valuable than credit card numbers. She said user credentials have become the top priority of hackers since credit card numbers have otherwise shorter life span, thus harder to “monetize” due to CVC numbers and expiry date requirements.

But Bar-Yosef went on to say that this red flag which is supposed to alarm companies to tighten their data security measures is often disregarded.

Not only should the debate on data security be limited within the context of databases, but as well as in the increasing use of mobile devices to transmit and store data.

Bar-Yosef added that the equally widespread ignorance on the threat posed by storing data in mobile devices is rampant in businesses based on the study.

For example, she noted the growing interest of hackers in Android operating system as evidenced by discussions in several hacker forums, in addition to iPhone and Nokia smartphones.

Bar-Yosef said hackers have started developing data-stealing Trojans like Zeus and SpyEye to target vulnerabilities in mobile applications that still rely on user input and implement no comparable data security protection to SSL as in computers.

Quite ironically, regulations implemented by the USA and other countries to shut down botnets and capture DDoS attackers have pushed cybercriminals to gather up resources and heavily invest in creating “bigger and more effective attacks” to shun data security controls.

According to Bar-Yosef, cybercriminals “are feeling the heat and reacting accordingly.”

She warned that merely depending upon application and operating system patches and anti-malware software does not guarantee an effective security of data once an attack is launched.

Citing a research about the security issues raised by social media and cloud computing, Bar-Yosef advised enterprises to set up tighter controls over their data security measures as cybercriminals have advanced know-how about these technologies, which they could use to exploit them.

 

Share your opinion