Hacking has spread across the world and security experts from all over the world are showing concern over this unstoppable nefarious action. Symantec has released awful data in the website security threat reports regarding targeted attack, social media frauds, and data breaches that insist us to take prompt action against hacking. The data show a perturbing increase in sophisticated attack.
Data breach is a main concern for organizations and it can put confidential information at stake. Hackers can gain unauthorized access and view, steal or use individual information. The data could be personal health information, personally identifiable information, intellectual property, and other business secrets.
Symantec observed in its research that around 10M identities were exposed in 2014 year. Out of this, there are 49% data breaches happened due to attackers. Besides, the major concern was attacked on a retail POS system as a result; millions of credit card numbers were exposed in the previous year.
In the underground market, credit card details cost only $0.50 to $1 while basic identity and insurance information is valued among of $10 to $50 depends on data.
Targeted attacks are done to infiltrate the security environment of organizations and individuals. On initial base, attackers try to gain access to a computer or network, and then they find exploits in the network or system to harm the system in a drastic way. Such attacks are performed with the combination with APT attacks (Advanced Persistent Threats).
Symantec observed that sophisticated techniques have been applied in targeted attacks. There are major campaigns were seen named Dragonfly, Waterbug, and Turla, which have infected industrials, government embassies, and other targets. Watering hole and zero-day vulnerabilities proceed jointly and take advantage of backdoor opened on any computer that recently visited a malicious website with an active watering hole through which the attackers perform attacks.
The research says that it took 55 days on the average base to patch the zero-day vulnerability. Microsoft ActiveX control, Microsoft IE, Adobe Flash Player, and Microsoft windows were the main target of Zero-day exploits in 2014. Besides, the number of spear phishing campaigns has also increased in 2014. Manufacturing, services, finance, real estate & insurance industries were mostly targeted in the previous year.
Social Media Frauds:
The rise in messaging and dating app have opened new doors for hackers and numerous types of frauds are being seen on such platforms. Whether a user is on Facebook, Twitter, Instagram, or Pinterest, attackers are monitoring and always search for monetary benefits from different fake programs offering includes weight loss, gift card, celebrity news, lottery winning, click and Signup.
The major drawback on social media is the single password policy that helps hackers to easily crack all affiliated social accounts. Even phishing have played a vital role in spreading social media frauds. The email phishing rate has also surged in 2014 compared to a previous 2013 year. Most phishing swindles are distributed via phishing emails and URLs posted on social media sites. Most phishing emails were designed to grab professional account details like details of banking, Linkedin accounts, cloud storage, email accounts.
Email frauds generally involves a fake email sent to a person working in the financial department requesting for credit card payment or wire transfer. Such emails pretend to be coming from the superior department of the same organization and request a person to send money transfer details in attachment. However, corporate security systems can filter such malicious attachment but they are still lacking to implement such security system.
Ways to Set Up Secure Environment:
Symantec insists on getting SSL for a website that makes online information incomprehensible to third parties. It also increases the credibility of a business and ensures customers about their security of online information. There are a few recommendations to avoid threats entering into server and network system of organizations and individuals.
Go for Stronger SSL:
Compare to 2048- bit RSA key, ECC key is 64000 times stronger and it requires more computing power to run a brute force attack to crack the ECC algorithm. Even it gets site owners from “Slow site loading issue” because ECC keys require less processing power on the website and can handle extra connections and users.
Besides ECC algorithm, PFS (Perfect Forward Secrecy) is also an important feature that disables historical data and allows attackers only to decrypt the present encrypted data.
Symantec supports RSA, DSA, and ECC algorithm and offers many additional features besides common features with their SSL certificate products that other vendors do not offer.
For instance, Daily Website Malware Scan, Vulnerability Assessment, Seal-in-Search, ECC algorithm and world’s most popular trust badge “Norton Site Seal”.
It is advisable to encrypt all pages of the website rather than only login page because attackers can infiltrate any unencrypted web page and gain access to the site. To avoid this embarrassing situation, use Always-On SSL and encrypt the entire website. Always-On SSL removes the mixed content error, which occur sometime during browsing the site.
The good security habits can avoid many cyber disasters in the organization. The organization should have to arrange cyber security awareness program for their employees and give the proper security training to avoid unfamiliar attacks. You need to include a few points in the training like how to avoid malicious attachment, social media conduct, adoption of two-step authentication, different password policy, avoid piracy software.
Attackers have become ruthless and advanced to abuse the internet for personal gains. The above recommendations surely save your organizations from potential dangers. When it comes to business security, SSL should be considered in security policy because users are moving towards digital age and the website is a primary facet of any business that should be secured with SSL certificate to avoid unnecessary panic.