Russian Hacking Team That Stole Billions Of Profiles Proves The Need For Continuous Endpoint Monitoring – Charles Leaver

Charles Leaver Ziften CEO

It is thought that the greatest recognized cyber attack in the history of data breaches has actually been discovered by an American cyber security company. It is believed by the company that a team of cyber bad guys from Russia that they have been examining for numerous months is responsible for taking passwords in the billions and other sensitive individual data. It is declared that the Russian team stole 4.5 billion credentials, although a lot were duplicated, and the final outcome was 1.2 billion unique data profiles being taken. The group took the info from 420,000 sites of different sizes, from large brand name websites to smaller sized mom and pop stores.

The New York Times mentioned that the cyber bad guys comprised of about 12 people. Beginning with small scale spamming methods in 2011 they acquired the majority of the data by purchasing stolen databases.

In an interview with PCMag, the founder of the company that discovered the breach, Alex Holden, stated “the gang begun by simply buying the databases that were available over the Internet.” The group used to buy at fire sales and were referred to as “bottom feeders”. As time went by they started the purchase of higher quality databases. It’s kind of like graduating from taking bikes to stealing pricey automobiles.”

A Progression From Spamming To Using Botnets

The cyber criminal team began to alter their habits. Botnets were employed by the team to gather the stolen data on a much bigger scale. Through the use of the botnets the group were able to automate the procedure of determining sites that were vulnerable and this enabled them to work 24/7. Anytime that a contaminated user would go to a site, the bot would inspect to see if the vulnerability would undergo an SQL injection automatically. Utilizing these injections, which is a typically utilized hacking tool, the database of the website would be forced to reveal its contents through the entering of a simple query. The botnets would flag those sites that were susceptible and the hackers returned later on to extract the information from the site. Using the bot was the supreme downfall of the group as they were identified by the security business using it.

It is believed by the security business that the billions of pieces of information that were stolen were not taken at the same time, and that the majority of the records were most likely bought from other cyber bad guys. According to the Times, very few of the records that were taken have been offered online, rather the hacking group have chosen to use the info for the sending out of spam messages on social media for other groups so that they can earn money. Various cyber security experts are asserting that the magnitude of this breach signifies a pattern of cyber lawbreakers stockpiling huge amounts of personal profiles gradually and conserving them for use later on, according to the Wall Street Journal.

Security expert at the research firm Gartner, Avivah Litan, said “businesses that depend on user names and passwords have to develop a sense of urgency about changing this.” “Until they do, criminals will simply keep stockpiling individuals’s credentials.”

Cyber attacks and breaches on this scale underline the need for companies to safeguard themselves with the current cyber security defenses. Systems that use endpoint threat detection and response will assist companies to create a clearer picture of the threats facing their networks and receive information that is actionable on how best to prevent attacks. Today, when big data breaches are going to occur more and more, the use of continuous endpoint visibility is vital for the security of a business. If the network of the company is constantly monitored, dangers can be identified in real time, and this will minimize the damage that a data breach can inflict on the credibility and bottom line of an organization.