By Gulf News
Best and the simplest method is to have a complicated password that is difficult to crack.
Dubai: It has been proven again that despite having all the high-tech security solutions, no one is immune from hackers.
According to Nicolai Solling, director of technology services at Help AG, some of victims of the recent attacks will be from the region definitely.
According to the internetlivestats.com website, there are close to three billion internet users worldwide as of now.
“So, definitely UAE accounts could be compromised by this hacking. Hold Security hasn’t named which websites have been hacked by the Russian group,” Solling said.
He said that it is difficult to know whether any user account has been hacked without verification. The data has been collected over a period of time and some accounts could be obsolete by now.
In this case, Solling said the data was extracted from the websites using a network of compromised computers known as a botnet.
A botnet is created by an attacker using malware to infect a large number of machines for malicious purposes.
The best and the simplest method is to have a complicated password that is difficult to crack.
“Users need to change the password very often because they [users] will not know whether their account is hacked,” he said.
Some services like Gmail and Facebook use double-authentication methods when users are using a new computer for the first time.
By turning the feature on in the settings, Solling that the service will send a six-digit code to your registered smartphone to know that you are the registered user.
“This is a good method as the hackers will not have access to your smartphone,” he said.
“We don’t know the full extent, we know there were 1.2 billion records but the number of people affected is unknown. Also it is unknown what the attack vector was at the moment but it is likely to be a combination of different methods including malware, App based attacks,” said Gary Newe, Senior Systems Engineering Manager at F5.
He said the value of an actual credit card is now lower than the value of someone’s twitter account and if this attack is as big as we think it is then I would assume that there are a large number of complete identities that have been compromised in this event.
“I think again we have to look at what we are protecting here. Are we protecting the network or the data? It is clear that we need to protect the data and the applications that contain the data, it is not enough to just protect the network. We need to realise that we have to move our security approach to an application centric security model. It is no longer good enough to protect the perimeter, or even the device,” Newe said.
He said the last 12 months have shown that these hackers are very resourceful and are very good. At the moment the applications, attacked via malware, zero day exploits and plain old application attacks, SQL injection etc, are the low hanging fruit and until we fix this, the market will continue to grow.
Justin Doo, head of advanced threat protection at Blue Coat, said that most of the attacks taking place today are a combination of social engineering and zero-day attacks.
“People like you and I are the weakest link in any security policy because we are accessing internet and networks, increasingly from mobile devices. Also there are increasing zero-day threats,” he said.
The biggest challenge for a Chief Information Officer is to be right 100 per cent all the time whereas the bad guys have to be right only once to gain access, Doo said.
Kalle Bjorn, director of systems engineering at Fortinet Middle East, said the cat and mouse game will always continue.
“We can always look at pre-emptive measures but whatever the hacker thinks, the industry is not going to figure it out until the damage is done. You can never get 100 per cent security … that is impossible,” he said.
The targeted attacks and advanced persistent attacks are the big things in the news lately. The motto is “prevention is better than cure and that applies to this industry also. Having different layers of protection can limit the damage,” he said.
Experts said the most secure network is the one not connected to the internet.
Doo stressed that the recent high-profile hackings demonstrates that even having the best technology, best process and best people, organisations are still vulnerable to attacks.
