Bill Walker | 9 January 2013
Hackers, Trojan worms and Zeus botnets may sound like the stuff of gritty crime novels and Hollywood thrillers but cybercrime is making real life headlines too. In the second instalment of this series of posts on cyber security, we examine how the cybercriminals of Hollywood match up to reality.
Hackers operate alone
Reality: The identity of 'the hacker' has significantly changed in recent years
If Hollywood is to be believed, hackers are all Justin Long look-a-likes who talk very quickly, have bad hair cuts and operate from their bedroom in between Playstation sessions. The reality is slightly different...
Over the last few years we have seen a change in the typical identity of 'the hacker'. No longer is the online adversary a lone opponent at home on his PC accessing business networks for fun. We are seeing a professionalization of the hacking community, with a rise in targeted and persistent attacks on business networks.
Hollywood: CEOs are always leaving suitcases/briefcases/phones on trains, planes and automobiles
Reality: It happens much more often than you'd think!
The old suitcase switcheroo - a favourite of the Hollywood film writer - as featured in The Thomas Crown Affair… fact or fiction?
Now, I can't speak for all CEOs and senior directors but the loss of valuable company property and data is pretty common. It was a particularly hot issue a few years ago when it was disclosed that more than 1,000 government computers had been lost or stolen. In that same year, transport secretary, Ruth Kelly, announced that the personal details of 3 million driving test candidates had gone missing and Alistair Darling, admitted to MPs that computer discs holding personal information on 25 million people and 7.2 million families had been lost.
Civil servants are not the only guilty parties. According to a study released by Dell , business travellers lose 15,648 laptops every week - 900 of which are lost at Heathrow. Worse still, 59% of those business travellers do not take steps to protect the confidential information contained on their laptops so if it were to fall into the wrong hands then thieves would have free reign to take what they wanted.
The numbers speak for themselves!
- Average no. of laptops lost by business travellers every week: 15,648
- Average no. of laptops lost by business travellers every month: 67,286
- Average no. of laptops lost by business travellers every year: 813,696
All film heroes have an amazing
ability to guess computer passwords in a matter of seconds
Reality: I bet I could guess your password right now.
Is it 123456? Or maybe qwerty? Oh no you didn't did you? Is it password? No? Good. Then you are better than most.
An annual study of the most commonly used passwords found that password, 123456 and 12345678 are still the most commonly used passwords, despite years of security experts urging us to make sure they are secure. Here is the top 10 - if yours is on there, I suggest you change it. Now.
- password (Unchanged)
- 123456 (Unchanged)
- 12345678 (Unchanged)
- abc123 (Up 1)
- qwerty (Down 1)
- monkey (Unchanged)
- letmein (Up 1)
- dragon (Up 2)
- 111111 (Up 3)
- baseball (Up 1)
Email scams don't make the cut
Reality: 500 million phishing emails appear in user inboxes every day
It seems the Nigerian prince who wants to leave his billions to an overseas partner isn't deemed glamorous enough to feature as the plot of a Hollywood film. Too obvious perhaps, not devious enough maybe, but the reality is that 500 million phishing emails appear in user inboxes every day.
The attacks are not just random mass email blasts aimed at naive individuals they are often premeditated attacks on large organisations. In fact, in the first half of 2011, PayPal was the number one targeted domain for phishing attacks with 34,209 recorded attacks.
Phishing takes a number of different forms - here are some definitions below:
Phishing: An attempt, via email, to acquire information from someone by pretending to be someone else. Phishing scams typically encourage people to divulge their usernames, passwords , and/or credit card details by posing as a trustworthy source.
Spear Phishing:This is a more targeted attack on a specific individual or company. Rather than sending out mass emails to numerous different email addresses, attackers carefully select their targets and seek to make their emails as specific as possible by gather personal information about their quarry. This usually increases their success rate.
Whaling:Aphishing attack directed high ranking business contacts such as CEOs and board directors.
The newspapers are full of stories reporting on the costs of successful phishing scams to businesses. We can expect the number of spear phishing attacks to steadily increase as more and more money is made from these attacks. I wouldn't be surprised is a nautical-pun-filled Hollywood epic is just around the corner!
Now, if we were in Hollywood the solution to these hacking attacks would be to bowl in, guns blazing, and shoot 'em all up! The reality, although not quite as exciting, is much more sensible and simpler.~
Approximately 80% of known cyber attacks could have been prevented or successfully overcome with the implementation of basic business security practises targeted at employees, processes and technology.
Educating your workforce and raising user awareness is the first step you need to take to protect your business.
Why not attend our register to watch our cyber security management seminar which is taking place on Friday 18 th January in London. During the event you will hear from our team of cyber security experts who will talk you through the risks and how to protect against them.
Register to watch live at www.qa.com/cybertalk
Alternatively, browse our IA and Cyber Security courses at www.qa.com/cybersecurity