Over 400,000 websites were recently compromised in what might be the largest data breach to date.
Your website might be among them. (The compromised domains range from small sites up to Fortune 500 companies.) But even if not, you might still be affected.
According to recent reports (for example, this New York Times article), a small team of Russian hackers has amassed a database of 4.5 billion user credentials (emails, user names, and passwords) by hacking into over 400,000 websites.
Of those 4.5 billion credentials, about 1.2 billion were unique. This is among the largest data breaches known.
The hackers did this with a well-planned campaign. First, they rented access to large botnets. They used the infected botnet computers to identify vulnerable websites: while the computers’ owners browsed the Web, their machines quietly attempted SQL injection into each site that was visited. Those sites that were vulnerable were identified and flagged.
Later, the hackers went back and systematically broke into the identified sites, to steal whatever data was available.
Here’s why this incident is important to you.
First, SQL injection is an old technique. It’s been publicly known since 1998. There’s no excuse for any company to still be vulnerable to this today.
Nevertheless, even some Fortune 500 companies were penetrated by this attack. Not only that, researchers have found that many of the sites that were breached, are still vulnerable.
So, if you have web assets (whether a site, service, data, etc.): is your site secure?
How confident are you about your answer? (Remember, the Fortune 500 victims thought they were well-protected too.)
Second, the systematic nature of this attack is instructive. Too often, security professionals seem to think they’re facing a few bored teenagers living in their parents’ basements. The opposite is true: today’s hackers are skilled, motivated, and increasingly professional. (Read more about this in Reblaze’s latest white paper.)
Third, this attack represents a new trend in hacking: a crowdsourced attack. Botnets have traditionally been used for mass activities like spamming and DDoS attacks. Here we see that hackers used botnets to, in effect, do a security audit on the entire Internet.
Could your site recognize and defend itself when even normal visitors are (unwittingly) probing your site for vulnerabilities?
Fourth, even if your site is secured against these forms of attacks, you still might be affected. Some sites (for example, domain registrar Namecheap) are now experiencing a surge of attempted login attempts, which are apparently using the database of stolen credentials.
So you should ensure that your intrusion detection systems are robust and updated.
There might be a large spike in bogus login attempts coming your way.