In August of this year, the New York Times reported on the largest theft of online credentials to date—more than 1.2 billion username and password combinations and 500 million e-mail addresses from approximately 420,000 websites around the globe. Uncovered by Hold Security, an information security and investigations company, the theft is believed to have been perpetrated by a Russian gang of cyber criminals that the company has dubbed CyberVor ("vor" meaning "thief" in Russian).
With the hacking of JPMorgan Chase's database following just a month later, and also believed to have been the work of Russian criminals—not to mention well-publicized breaches at Target, Home Depot, Kmart, and potentially Staples—you may be wondering what you need to know about these attacks and what you should do to re-secure your online credentials.
The Anatomy of the CyberVor Hack
Initially, CyberVor attacked e-mail providers and websites with spam that installed malicious software on computers. The gang then changed their attack strategy after accessing a large group of botnets—virus-infected computers controlled by one criminal system—from a Russian underground network.
The gang used a code-injecting technique, called SQL injecting, to identify vulnerabilities in website databases and steal information from victims. The gang hacked usernames and passwords from all types of sites, including large, corporate, small-business, and even personal websites.
Given that there are fewer than 3 billion Internet users worldwide, and CyberVor now has 1.2 billion unique credentials, analysts consider this incident to be even more detrimental than the Heartbleed bug. And it's likely that one of your passwords is in their database.
What Should You Do?
Orla Cox, Symantec's director of security response, told NPR news that it's best to assume that your online credentials have been compromised. She explains:
"I think all Internet users should assume they've been impacted by this. Clearly these aren't opportunists; they aren't hobbyists. These are full-time cyber criminals. They have been likely carrying this out for a number of months, maybe even years."
How can you protect your information? While the anatomy of the CyberVor attack differs from other recent attacks, one thing is the same: all of these attacks have the potential to compromise your e-mail and other personal and financial accounts. Attackers sell the information they gather—like the 76 million consumer e-mail addresses that were stolen from JPMorgan Chase—and then try to access the information in these accounts through password-cracking techniques and the use of phishing e-mails that contain fraudulent links.
It's highly probable that these breaches will pick up in intensity, and every time, the message will be the same: change all of your passwords and monitor your personal information. Indeed, Commonwealth's Information Security team thinks that's the easiest solution at this time.
When updating your passwords, be sure that they are as strong as possible. Each of the sites that you frequent should have a different, unique password. To save time, you might consider using a password manager, like LastPass, to auto-generate these logins.
In addition, be sure to enable multifactor authentication whenever possible; a number of sites and companies have added this feature, including Apple, Microsoft, Google, Yahoo!, Facebook, Twitter, Dropbox, Evernote, Amazon, and LinkedIn. With multifactor authentication, a hacker may still be able to gain access to your password, but not the account or any of your information!
Are your clients concerned about information security threats? Do you discuss strategies to improve online security?