As 2014 rolls on online security risks keep on rising. This week the US Hold Security group, renowned for uncovering security breaches and hacks, have gone public about what is being described as the biggest data heist of our time.
1.2 billion user names and password combinations have been stolen on a systematic botnet attack this year. The botnet network scoured over 400,000 websites looking for vulnerabilities. The Russian gang then returned to each website that the botnet had discovered a vulnerability within, and started to infiltrate it.
Hold Security has not disclosed the list of vulnerable sites identified, but has cited that the list includes both high profile companies as well as smaller personal websites. It is unclear at this point whether the user account details are being sold on the dark side of the web, but several bogus marketing campaigns masquerading as unknown users are starting to appear on social networks.
What can you do?
As we have reported before, the following best practices should be followed:
- Passwords! Passwords! Use secure passwords and make sure you use different passwords for different sites. As it is unclear on the timeframe and the websites involved, it is prudent to reset your passwords now.
- If you are in the habit of alternating your passwords do not reset them back to a password you were using during the time when Heartbleed or GameOver ZeuS was reported earlier in the year.
- Change your password regularly.
- Backup your data now! If your credentials have been comprised and malware has been installed, you will have a backup should a factory reset be required.
- Make sure you have a good antivirus package installed and make sure it updates daily.
- If you are a business, do not allow your users to have administrative rights, this will prevent software being installed on their computer.
- Keep your computer up to date with your updates, especially if you are a Windows user. Free monthly updates will protect your computer. If the updates are regularly failing, you may have malware installed already.
During this period of risk, opportunistic scammers will call you advising you they can recover data or remove the malware by dialling onto your computer. Only trust known and reputable IT support providers.
Our IT experts can help you to keep your computer systems secure, contact one of our team today on 01228 711888 to find out more and help keep you safeguarded.
Posted: August 7th, 2014