We’ve all seen the ads inviting us to earn large amounts of money. £500 per day. £5K per month.
But $80K per month? Really?
According to this recent article on BusinessInsider.com, that’s what computer hackers can allegedly make up to today. A good chunk can be made from ‘exploit kits’ – essentially a toolkit to enable other hackers to create maximum damage. And this is particularly disturbing because it means that hacking now requires minimal technical knowledge as you can buy into ready-made hacking tools.
Even more disturbing, if anyone can be a hacker then anyone – that’s you or your employees – can be a victim of hacking.
Take ‘Eavesdropping’ for example. The next time you’re sitting in your favourite café, 9 times out of 10 it’s not the person on the next table listening in to your conversation that you need to worry about.
It’s the inconspicuous stranger a few tables away who’s picking up data being transmitted between your phone and the free (and woefully insecure) Wi-Fi.
You may have chosen to connect, or your settings may allow an automatic connection.
Maybe you’re making a quick purchase before heading off to work – and as the data packets created by your device fly silently across the radio waves, it’s not just the Wi-Fi hub that picks them up.
192.168.0.5 | 123.124.254.23 | 4658585948483747 0414 0519 654 |
These strings of numbers might not mean much to you but they can provide valuable information to the hacker whose scanning device sees:
- Source 192.168.0.5 (your device on the local network)
- Destination 123.124.254.23 (could be an independent online shop)
- Payload 4658585948483747 0414 0519 654 (could be your card details which you have entered into an unsecured payment form)
The good news is that if you’re transacting with a website that has an SSL certificate, then the connection is encrypted so the data is rendered meaningless while it’s in transit.
So if you were checking your bank balance then you’d be OK – but it’s always worth checking for the padlock in the url address bar.
However, hackers are looking for any chinks in your cyber armour. They’re looking for data and intelligence that will allow them to identify any vulnerability that will give them access to your device or PC. Once they’ve found it they’re ready to run the malware or exploits……and potentially make a lot of money from it.
In that respect, they’re effectively scavenging for information in the same way as someone going through your bins hunting for credit card statements or cash withdrawal receipts. Any clues that will help them in their quest to get their hands on your hard earned cash.
In the old-fashioned, paper-based world the solution was the shredder. We need to get into the habit of deploying the digital equivalent.
That’s one of the reasons why the UK Government have been raising awareness of cyber-crime, by writing new standards and certifications, such as the Cyber Essentials scheme and running an advertising campaign with posters springing up across the London Underground.
So what can you do to reduce the risks when your people want to connect to your system wherever they might be?
A VPN or virtual private network allows secure access; encrypting data to render it worthless to the ‘eavesdropper’.
Another alternative is to disable Wi-Fi on company devices and provide 4G dongles which provide a dedicated connection.
It’s also reassuring to know that there are super-heroes out there fighting the hackers on a daily basis! I recently visited Sophos UK HQ and got a sneak peek into the mysterious world of the Sophos Labs where they track literally thousands of live hacks and viruses across the globe.
They’re also constantly campaigning to raise awareness of the threats and educate businesses and their people on the steps they can take to minimise the risk of a data breach.
I particularly like their light-hearted but incredibly impactful approach to such a serious subject. Take a look at their approach in this special presentation we’ve put together. We’ve also got some more information on the IT Security pages of our website and we’ve just created an infographic about how hackers target businesses, using the weakest link in the security chain: human error.
Serious note :
we’re obviously not suggesting that anyone turns to hacking as a way to top up their income. But if the figures touted in the article are to be believed then there will always be those who are tempted. And the threat will persist.
This blog was originally published here.[su_box title=”About James Dettmer” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.