CyberCrime: A look into the mind of a hacker

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.jamaicaobserver.com/business/CyberCrime--A-look-into-the-mind-of-a-hacker-_19229336

IT used to be that several months would go by without any mention of a
website being hacked. Unfortunately, it now seems to be a weekly or even
daily event. More disconcerting is the fact that these nefarious actions
have definitely begun to affect businesses here in Jamaica.

Who are these people and why are we being targeted?

In the early days hacking was typically the mischievous activities of a
couple of guys working late into the night trying to break into vulnerable
sites. If they did something illegal, it was typically a spur-of-the-moment
crime of opportunity. Today, however, things are very different. Roger
Grimes of Info World puts it like this.

When describing a typical hacking scenario, these days you must begin with
the organisation behind the attack. Today, hacking is all crime, all the
time, complete with bidding markets for malware, crime syndicates, botnets
for hire, and cyber warfare gone amok.

Typically hackers fall into two groups -- hacktivists who are about
promoting a social or political cause, and hackers with a singular and
malicious intent of stealing data for personal financial gain.

Hackivists are operating all over the world, typically in many of the
world's conflict areas. Some hacktivists are even state-sponsored. It has
been suggested that China-based hackers caused the demise of the once-huge
Canadian company Nortel, which lost a large number of its corporate secrets
through hacking emanating from China.

Another example of some notoriety, is the LulzSec Hacktivist group who some
years ago successfully penetrated the US Senate website and released some
"secure" information; they also brought down the CIA site for over two
hours.

In more recent times, even the terrorist group ISIS has been under attack
by the highly active hacktivist group called 'Anonymous', as a form of
protest supporting freedom of speech in the wake of the Charlie Hebdo
attack by ISIS in Paris.

On our home ground, you may have read where several Jamaican government
websites were hacked last year and sites were defaced. But why would anyone
want to attack the Jamaican government?

The truth is that the Jamaican government was a mere casualty in these
spate of attacks; the offensive being a broad political statement against
all governments. The hackers simply targeted all domain names with .GOV
ending. There was no intention to steal data, but rather just to say "I did
it".

Other more sinister hackers, out for financial gain, are often heavily
funded by organised crime. With huge resources at their disposal, they are
on the hunt for credit card information and often are involved in ransom
ware -- ie where they encrypt your files and demand payment to release them.

A typical small business doesn't have the time or resources to combat these
attacks on their own, but do not be disheartened, you can win this fight!
There are ways to protect your website or online business.

Just follow these 3 simple rules:

* Don't try to do it all yourself. The level of cyber-crime is increasing
every day, and the truth is that you just can't keep your fingers on
everything. Employ the services of a company with dedicated resources for
this.

* Get the best layers of security. With a robust backup and recovery system
in place, even if your site is compromised, chances are that they will not
be able to get to sensitive areas prior to alerts going off -- enabling you
to stop the intruders before they do too much harm. Please don't compromise
on these layers of security:

* Triple firewall protection

* 24/7 monitoring

* Ongoing malware detection for newly discovered threats missed by
anti-viruses

* Blacklist and reputation monitoring

* Daily backups for added protection

* Periodic snapshots of your system files, so that you can easily pinpoint
the breach, making it easier to fix

* Visitor and threat analytics

* Update your site periodically. Contrary to what many believe, building a
web site is not an event, and, as with the opening of any business channel,
should be maintained and updated periodically. The reality is that like any
other computer system, as time passes more ways to compromise the system
will be discovered by those who are looking. So you have to be as proactive
as an attacker in order to be safe.

Do not wait. Put these layers of security in place before it is too late.
If you need further guidance as to the best way to secure your site, one of
our team members can be made available to you to guide you through the
process. It's a lot easier than you think.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!