500 Million Records Stolen in 2015 Due To Security Vulnerabilities
Despite the wide variety of cyber attacks against companies and individual users all over the world, far too many websites contain security vulnerabilities. Hackers have a relatively easy time to gain access to centralized databases and obtain sensitive user information.
Three In Four Sites Have Security Vulnerabilities
A new report by Symantec paints a rather painful picture for enterprises and individual website owners who collect consumer data. Considering how close to three in four sites have security vulnerabilities which have gone unpatched for quite some time now, the situation is far more dire than most people expected.
Internet criminals are becoming more refined in their attack methods, and there does not seem to be a preference for particular security vulnerabilities. With so many different platforms collecting sensitive data, such as addresses and verification documents, there is a treasure trove of data which can be sold on the underground markets.
Symantec Security Response Director Kevin Haley told the media:
“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off. We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams.”
The report also makes mention of nine “mega breaches” which took place in 2015, and the total number of records stolen is well above half a billion. Zero-day security vulnerabilities seem to be the primary attack vector for internet criminals, and Symantec noted a 125% increase in the number of zero-day exploits being identified last year. Moreover, 430 million new malware variants were discovered, including various types of Bitcoin ransomware.
Speaking of Bitcoin ransomware, this remains one of the biggest concerns for security experts all over the world. Most of these malware packages are part of an exploit kit which will take advantage of security vulnerabilities. Now that ransomware has made it to Macintosh and mobile devices; the future looks grim unless security precautions are taken to the next level.
Distributed ledgers can eventually take the place of traditional database solutions although more research and development is needed in this regard. Storing sensitive consumer data in one place makes it very attractive for hackers to exploit security vulnerabilities and sell the information on underground forums. Blockchain technology is an ally in this fight, and enterprises would be wise to explore this possibility further in the coming years.
What are your thoughts on this new Symantec report? What can be done to prevent hackers from exploiting security vulnerabilities? Let us know in the comments below!
Images courtesy of Symantec, Shutterstock