SMEs have been warned by the Federal Police and security experts to keep up-to-date with new hacking attempts and then bolster their security systems in response, as the number of hacks against small and medium businesses continues to increase.
The warning comes after the Federal Police have arrested a New South Wales man over hacking into the servers of National Broadband Network testing company Platform Networks, in an attempt the AFP have said could have crippled the company’s entire systems.
Ty Miller, chief technology officer for Pure Hacking, says companies must keep up-to-date with the latest techniques being used in these attacks.
“They need to keep up-to-date with what attacks are actually going on in the real world. The main ones we are seeing are phishing attacks, we see application attacks and attacks against infrastructure as well.”
Miller says two of the major recent hacking attempts, the RSA and Sony hacks, were used through two different methods.
Well-known Australian SMEs, Distribute IT and cosmetics retailer Lush, have also been hacked in the past year, indicating that more SMEs are being targeted and not just large multi-national corporations and governments.
Distribute IT suffered days of downtime, with many customers actually losing their data after the hacking attempt. It is now owned by NetRegistry.
The Australian Federal Police have said Platform Networks hacker was found as part of an investigation into similar hacking attempts directed at the University of Sydney and Distribute IT, but could not confirm this morning whether the individual involved was responsible for those hacks as well.
Using the hacker alias “Evil”, the Australian Federal Police say that the 25-year-old man, completely self-taught, broke into the company’s systems and actually began mapping infrastructure. He is being charged with 49 hacking charges, including 48 counts of unauthorised access to, or modification, of restricted data, along with one count of unauthorised modification of data to cause impairment.
The AFP says the man was caught after bragging in an online chat room of the attempts, which apparently targeted a number of different companies. They warn that services could have been disrupted if the hacker decided to conduct more damage.
“The AFP will allege in court that this person acted with an extreme and unusual level of malice and with no regard to the damage caused, indiscriminately targeting both individuals and companies,” it said.
Miller says solo hackers often try to brag about their accomplishments online.
“These individual hackers tend to do it for a bit of bravado, and then often leave their calling card,” he says, adding that many “don’t care about the size of the company they are targeting”.
“The more systems they can break into, the better,” he says.
As a result, Miller says businesses need to ensure they are doing constant security testing. “Complete that testing to ensure you identify real risks, and then focus your budget on minimising those critical risks.”
AFP national manager for high tech crime operations Neil Gaughan says businesses must ensure they have strict security policies in place to protect themselves against the growing number of attacks.
“While Platform Networks had strong cyber security measures in place, even the best security systems are only as strong as the weakest link – it only takes one user with a weak password to put an entire network at risk,” he said.