Wednesday 26 June 2013

How internet hackers attack the rich through the poor

By Prince Osuagwu •New attacking method wreaks havoc •Why data protection law is imminent in Nigeria… All through the world, from Asia to Europe, America to Africa, cyber espionage seems to be a common enemy at the moment. This is largely because the art of warfare is gradually shifting from physical to virtual. Heavy military presence and sophisticated war weapons are shrinking, melting into a small room with few Personal Computers and a few frail-looking youths behind them Watering Hole From a recently released 160- page internet security report by renowned internet security experts, Symantec, a certain attacking method called the Watering Hole was identified to have caused major breakdown in the systems of even the most secured corporate entities in the world. To a hacker that adopts the watering hole method, it does not matter any more if a company is fortified as long as it has relations with others that are vulnerable. All it takes is the patience to waif until it leaves the secure zone. Interestingly, Watering hole is an old war art used by hunters who created little holes in the desert and filled them with water, waiting patiently for the animals to come, drink and get shot. The beauty of this method for a hacker is that he does not need to bother how to break into the more secure sites of major organisations. He only would easily do so by targeting and infecting less protected companies that have links with the secure ones. The moment the secured organisations launch into the websites of their partners who obviously are vulnerable, the infected sites render them also vulnerable and open to attack. What this means is that in the growing world of espionages and hackvitists, there may not be much difference between the rich and the poor, the weak and the powerful. All that would make sense is that the strong protects the poor; else the two would go down in one internet hack exercise. Why new attacking methods sprout Before 2012, attacks were mainly carried out through spear phishing. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by random hackers but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information. The spear Phisher thrives on familiarity; he knows your name, email and a little information about you. But in 2012, there was a massive drop because people are becoming more aware of protecting their mails and discarding spam mails. Many corporations invested heavily in data protection and general internet security, just as governments were more alert to activities that would compromise their policies and secret information. Nigeria improves, but….. Interestingly, the report shows how Nigeria has improved in security ranking in Africa, taking the sixth position in overall internet security profile in Africa. This position, however, comes behind South Africa, Morocco and a few others. The country also improved globally leaping from 59 to 68th position in global internet security ranking Despite these improvements Nigerian companies particularly the SMEs are still major targets. According to Symantec, in 2012 there were serious threat and attacks on particularly small and medium companies that did not have the financial base or knowledge to protect selves. Worse hit among these SMEs are the manufacturing companies, which the report still regards as major targets in 2013. Data protection law to the rescue As a measure, Symantec challenged Nigeria to come up with adequate data protection law that would ensure that operators both of mobile services and financial services do not roll out services that would engage millions of Nigerians without taking into consideration that the data entrusted in their care are strongly protected. Perhaps if the country could imagine the huge loss, should one hack activity wipes out valuable data in the country’s growing banking industry, oil, telecommunications and other sectors, it would be imperative to freely declare self a target now, launch nationwide awareness campaign on internet threats and developments, promulgate data protection laws and equip, defend the citizens better. - See more at: http://www.vanguardngr.com/2013/06/watering-hole-how-internet-hackers-attack-the-rich-through-the-poor/#sthash.2USkUU0Y.dpuf

No comments:

Post a Comment