Yet another major web breach has occurred, impacting over 400 million customer accounts, as reported in a recent Infosecurity Magazine story. This time it was an adult entertainment company FriendFinder Network, but it could happen to any company.
The cyber criminals used a LocalFile Inclusion exploit to infiltrate the network according to data breach notification site LeakedSource. As a result of the breach, a database of just over 412 million accounts has been reported on the darknet, containing email addresses and passwords stored either in plaintext or SHA1 hashed.1 Every single one of these customers is now exposed to blackmail phishing and fraud.
Website Vulnerabilities Persist
The possibility this could be your organization is extremely high when we find that nearly 75% of all legitimate websites have unpatched vulnerabilities, according to Symantec. Cybercriminals are taking advantage of those vulnerabilities. Symantec provides insight into what IT teams are up against with cybercriminals in their monthly report on web attacks. Here’s what the October 2016 report finds:2
- The RIG toolkit was the most active web attack toolkit for the second month in a row, comprising 37.4 percent of all toolkit activity in October.
- The Magnitude toolkit jumped from fourth to second place, up 0.6 percentage points.
- Looking at these toolkits individually, RIG saw a 69 percent increase in usage from September to October, while Magnitude saw a 45 percent increase.
- The number of web attacks blocked increased in October up to 460 thousand per day. This rise could be due to increased toolkit usage in October.
Best Practices Are Your Best Protection
You know the drill. Systems, software and processes need to be reviewed on a regular basis. However, you should also spend some time reviewing best practices to be sure that they are a central part of your policy and processes. Here are a few key best practices from the Online Trust Alliance. The complete list can be found here. 3
- Conduct regular penetration tests and vulnerability scans of your infrastructure in order to identify and mitigate vulnerabilities and thwart potential attack vectors. Regularly scan your cloud providers and look for potential vulnerability points and risks of data loss or theft. Deploy solutions to detect anomalous flows of data that will to help detect attackers staging data for exfiltration.
- Continuously monitor in real-time the security of your organization’s infrastructure including collecting and analyzing all network traffic in real time, and analyzing centralized logs (including firewall, IDS/IPS, VPN and AV) using log management tools, as well as reviewing network statistics. Identify anomalous activity, investigate, and revise your view of anomalous activity accordingly.
- Deploy web application firewalls to detect/prevent common web attacks, such as cross-site scripting, SQL injection and directory traversal attacks. Review and mitigate the top 10 list of web application security risks identified by the Open Web Application Security Project (OWASP). If relying on third-party hosting services, require deployment of firewalls.
- Develop, test and continually refine a data breach response plan. Regularly review and improve the plan based upon changes in your organization’s information technology, data collection and security posture. Take the time after an incident to conduct a post-mortem and make improvements to your plan. Conduct regular tabletop exercises testing your plan and personnel.
The Bottom Line
Customers place their trust in you to protect their privacy and personal data. It is your obligation to deliver the best protection possible and that is accomplished by staying on top of the latest vulnerabilities, investing in the most cutting-edge-technology and/or outsourcing to a trusted vendor.
1Infosecurity Magazine, Adult Websites Breached as 412 Million Users Exposed, November 14, 2016
2Symantec, Monthly Threat Report (web attacks), October 2016
3Online Trust Alliance, Security & Privacy Best Practices, January 21, 2015