As news of the Guardian web site hack broke on Sunday, identity information on consumers and companies continues to be a prime target for criminal hackers.
“As we identified back in May of last year – when our researchers discovered a Crimeserver containing more than 1.4 gigs of data on individual and business credentials – data that can be assembled for user in identity theft kits has been right up there on cybercriminals shopping lists for some time,” said Yuval Ben Itzhak, Finjan’s CTO.
“Although top Web sites have been – and continue to be – targeted by cybercriminals, those sites that store identity information will continue to a primary target, especially now that criminal hackers are being affected by the economic situation we all find ourselves in,” he added.
And with the holiday season now starting in earnest, IT managers will be under immense pressure to maintain the status quo on their security, so it is important that managers make full use of the automated technology at their fingertips to help stop hacker incursions into their site data.
Securing Web applications using web application firewalls and securing the backend database using database security tools are a logical course of preparing to defend those IT resources that contain personal and business data.
But, security vendors have reported on additional attack vectors such as the theft of administrator FTP server credentials, which are then later used by cybercriminals to penetrate even more highly secure Web sites.
“Usually, cybercriminals are using this type of stolen data to create fake identities, as well as generating spam plus phishing attacks, as well as many other scams,” Itzhak said.