August 6, 2014
Why can’t the $100 Bn security industry stop hackers? Despite technological revolutions, hackers are still invading industrial systems to retrieve confidential information, leading to a rise in the number of fraudulent cases and hacks in recent years. A recent case shows that a new benchmark has been set by hackers in Russia.
Hold Security, a security-research firm based in the U.S., has discovered that a Russian gang has stolen 1.2 billion username and password combinations and over 500 million e-mail IDs. The confidential data was stolen from 420,000 websites and is being cited as the biggest theft of internet credentials yet.
There have been several significant Internet hacks in the past few years:
This recent case takes it to a whole new level. The victims range from Fortune 500 companies to small websites. The criminals most likely appear to be using the stolen information for spamming. The Russian hackers captured the credentials on a massive scale using botnets, which involves the use of a network of zombie computers infected with a virus. The botnet is able to test whether websites are vulnerable to a popular hacking technique called SQL Injection.
Companies that rely on usernames and passwords have to develop a sense of urgency about changing this, said Avivah Litan, a security analyst at the research firm Gartner. Until they do, criminals will just keep stockpiling people’s credentials.
According to a joint study conducted by IBM and the Ponemon Institute, the average cost to a company of a data breach has increased 15% this year. In monitory terms, the figure has reached $3.5 Mn, compared with $3.1 Mn last year. Keeping this in mind, Hold Security is trying to come up with a security tool that would enable people to securely test for their information in the database.
It can be said that there is concern among the security community that they might face a losing battle in protecting confidential information. Companies such as Hold Security have to step up their analysis of how such scalable attacks are made possible even with timely upgrades in security standards.
To know more about the Fraud and Authentication domain, visit ‘The Money Event’ which would be covering speaker sessions on topics like: