No business safe from hackers, says security researcher


No business safe from hackers, says security researcher

Warwick Ashford

Automated cyber attacks set up by criminal organisations mean no business is immune to data theft, IDC's IT Security Conference in London has heard.

Businesses following a risk-based approach to security tend to assume that if their risk profile is low, they are unlikely to be targeted, said James Lyne, senior technologist at security firm Sophos. "This is not true because an increasing number of automated attacks target any business they can, irrespective of the company profile."

Although cyber attacks have become increasingly targeted, the use of automated search engines to look for vulnerabilities in web applications means that no business can bank on being overlooked, Lyne said.

A comprehensive security plan to mitigate these and other web-based attacks is important for all organisations connected to the internet, he said.

Invisible attacks

"Threats are increasingly becoming invisible, such as those carried out using PDF documents that are used and trusted by most businesses," said Lyne. In reality, PDF documents are easily exploited by cybercriminals, who can take control of a computer in an organisation simply by inserting a Java script into a PDF document, he said.

An increasing number of legitimate websites are also being exploited by cybercriminals to carry out attacks using SQL-injection, which is also invisible to end-users targeted by these attacks.

Cybercriminals are focusing on stealing information, which can be done by planting malware on legitimate websites, include those routinely visited by companies under standard business processes, he said. According to Lyne, up to 70% of legitimate websites are routinely targeted by cybercriminals for information such as log-in credentials, intellectual property and financial information.

"Cybercriminals are outsourcing information captured in this way to specialists in various industry verticals who can make sense of the data and sell that intelligence to other criminals," he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy