Blog

Half the World Got Hacked: Hold Security Claims

Information Security banner

We wrote an article sometimes back coining the term “Data on Ransom” where critical information about Domino’s Pizza was hacked and put on sale. The trend is rapidly picking up and recently endorsed by a new gang CyberVor that stole 4.5 billion records, the biggest in the history of the cyber crimes. “Vor” is Russian for thief; CyberVor (or CyberThief) sets the tone for many upcoming events similar to this and incites many cyber hackers to be unethical.

An independent Information security and investigations company by the name of “Hold Security” did an extensive research for 7 months to investigate cyber theft cases. Some alarming findings point to a group of about a dozen hackers from Russia who have got hold of almost 4.5 billion records. This includes 1.2 billion user names and password combinations and 500 million email addresses.

According to live internet stats there are total 2.8 billion Internet users throughout the world today. Among them nearly 75% (2.1 billion) live in the top 20 countries.The remaining 25% (0.7 billion) are distributed among the other 178 countries, each representing less than 1% of total users.

If the numbers given by Hold Security hold up (pun intended), then this is surely one of the biggest attacks that ever happened in the history of the world wide web. The fact that the story was broken & verified by New York Times also lends credibility to the incident.

Insights:

As per Hold Security the CyberVor Gang purchased some stolen credentials database from black market, and used it to exploit further. Its claimed that these lists were use to spread spam to victims for a malicious redirections on legitimate systems. Hackers have generally changed their approach with year start by taking control of botnet networks (A large group of virus-infected computers which are normally controlled by one criminal system) information. This was further used to get a list of vulnerable websites (SQL) from those victim machines. If this case is true then we can say it was the largest attack/ audit that has ever been performed. The number of websites reported vulnerable to SQL injection are 400,000 websites. A total of over 1.2 billion of unique sets of emails and passwords were stolen by the CyberVor.

Victims:

The CyberVor group has targeted all type of sites from Fortune 500 to small size companies. Victim list contains hundreds and thousands of sites which includes industries and personal sites too. Websites throughout globe has been hacked including Russia, USA. Apparently it seems that there is no connection between Russian hackers and government.

What to do now:

There are number of small steps you can take to secure yourself:

  1. Immediately change passwords and if you are from corporate sectoror managing any web or Internet based services then change all the credentials according to the password guidelines.
  2. Website developers should review their codes for SQL injection Vulnerabilities and ensure that they are properly reviewed with Security baseline.
  3.  Security Audit should be performed immediately for current web based services.
  4.  Application based firewalls should be implemented and logs should be monitored actively.