Hackers view the holiday season as the ideal time for hacking business computer systems

03 December 2009
Hackers are ready to take advantage of skeleton staff running IT departments over the holidays. According to Michael Hamelin, chief security architect with Tufin Technologies, the Christmas and New Year - holiday periods are the times when the heavy-duty hackers come out to play.

"And whilst you're doing your shopping or putting your feet up, our research shows that the would-be `Neos' of this world stop watching their DVD box sets of Matrix, and start hacking business computer systems," he said. "Our survey of 79 hackers at the annual Defcon 17 event in Las Vegas back in August revealed that 81 per cent of the hackers view the holiday season as the ideal time for hacking business computer systems," he said

Whether this is for mischief or criminal purposes, the effect is usually the same, said the security professional, adding that businesses come back to the offices after the holidays to find that the hackers have caused havoc with their IT systems, as well as gaining unauthorised access to the system's data.

Tufin's research revealed that 52 per cent of hackers said they preferred weekday evenings to gain unauthorised access to computer systems, whilst 32 per cent hacked away during weekday office hours, and just 15 per cent spent their weekend breaking into online systems.

"It's received knowledge in the security world that the Christmas and New Year season are popular with hackers targeting western countries," said Mr Hamelin, adding that hackers know this is when people relax and let their hair down, and many organisations run on a skeleton staff over the holiday period.

96 per cent of hackers in the survey said it doesn't matter how many millions a company spends on its IT security systems, as it's all a waste of time and money if the IT security administrators fail to configure and watch over their firewalls.

86 per cent of cracker respondents felt they could successfully hack into a network via the firewall; a quarter believed they could do so within minutes, 14 per cent within a few hours. Just 16 per cent, meanwhile, said they wouldn't hack into a firewall even if they could.

"This may be stating the obvious," said Hamelin, "but poorly configured firewalls remain a significant risk for many organisations. It's not the technology that's at fault, but rather the configuration and change control processes that are neglected or missing altogether," he explained. "Best practice suggests you should test and review your firewall configuration regularly, but many organisations fail to do so," he explained.

Validating the frustrating gap between compliance and security, 70 per cent of the hackers interviewed said they don't feel that regulations introduced by governments worldwide to implement privacy, security and process controls have made any difference to their chances of hacking into a corporate network. Of the remaining 30 per cent, 15 per cent said compliance initiatives have made hacking more difficult and 15 per cent believe they've made it easier.

Tufin is offering some useful recommendations to make sure you don't become a hacking victim over the Christmas and New Year break:

1) Always test the firewall before holidays. Review and remove any unnecessary rules and objects, as Tufin's experience has shown that many of the firewalls tend to offer functionality that was not being used or intended. A test of the gateway and the firewall will reveal the services in use, which can then be reviewed and removed as required.

2) Restrict firewall services to authorised IP addresses. Restricting services offered to only authorised address ranges effectively hides their presence to the Internet, whilst at the same time still enabling the service to be used by intended users.

3) Apply latest relevant patches and workarounds Attackers are often able to profile the firewall and VPN location and type based on the default ports in use. It is a high priority to keep a disciplined approach to patch updates.

4) Enforce session logging and alerting to detect attacks. Log and alert any and all failed port scans or attempted connections to VPN and firewall management ports. This will help to detect potential hacker attacks and take preventative action.

5) Spring clean your firewall policy. If any default ports are detected, organise a spring clean of the firewall policy configuration to ensure there are no hidden errors resulting from a default installation.

6) Set a limit on the number of failed authentication attempts. Lock out an account and raise an alert flag after a set number of failed authentication attempts.

And on a lighter note

7) Don’t open up those “home shopping services” to help your colleagues get their shopping done on time.

8) Just because it’s Christmas does not mean that you should throw out the rule book about opening “presents” from anonymous donors.

9) Don’t invite strangers into your network during the annual Christmas party.

10) It’s not the season of goodwill to ALL men so don’t leave backdoors unlocked!

print versionPrint version | email this to a friendEmail to a friend | view other articles View other articles

Latest IT, computer and network security articles

 FireEye Closes $50 Million Funding Round

 Shield Guarding sets sights on major growth

 LogRhythm chosen by Maclay Murray & Spens LLP for comprehensive data security

 Comprehensive EndUser Protection to address BYOD challenge launched by Sophos

 Tyco- world’s largest pure-play fire protection and security solutions company acquires First City Care

 Arbor Networks Updates Industry-Leading Peakflow® SP Platform

 2013 Predictions countdown from Infosecurity Europe

 Toshiba Announces Advanced Encryption and Cryptographic-Erase for New Enterprise SSD and Mobile HDD Models

 Venafi says latest TURKTRUST CA attack is a rerun of the infamous DigiNotar incident of 2011

 Business Impact of 2013 IT Trends examined by ISACA

...[view more IT, computer and network security articles]...


Security websites for specific products:

Security websites for specific markets:

IT Security links

directory of IT, computer and network security suppliers
Search directory Register your company
IT, computer and network security books: