If you think your network is secure, you might want to think again. Recently, a giant oil company revealed that its network had been compromised, even though it thought the system was airtight. The hackers came in through an unexpected method — a menu from a Chinese food restaurant.
This hack is the latest in a series of major data breaches, such as the Target hack that happened over the holiday season. These breaches are troublesome for consumers and businesses alike — the hackers have done millions of dollars’ worth of damage, and that’s not to mention the information that’s been stolen. Worse still, a new security vulnerability known as Heartbleed could cause virtually all information on the Internet to be compromised.
Here’s some information about how recent breaches happened and what’s being done to prevent them in the future.
A Chinese Menu
The hackers who breached the oil company’s network took advantage of a subtle, unexpected vulnerability. It seems the hackers painstakingly examined company activity for months. During this time, they discovered several employees frequently ordered from a local Chinese restaurant. Online ordering is a common and innocuous practice, but it’s also what made the breach possible. Hackers got into the restaurant’s network and implanted a code on the online menu. The next time the workers browsed the menu online, they inadvertently downloaded the code, granting the hackers access to the network.
The Target Data Breach
The Target data breach is still probably the forefront of our minds, and for good reason. It was one of the biggest breaches of consumer information to ever occur. Hackers accessed the network over a period of several weeks, during which obtained debit card information for thousands of consumers and stole an incredible amount of money.
For some time, the data breach was something of a mystery. Target didn’t notice when the hackers got in, which allowed them to exploit the network for several months. When the company did realize what happened, it had no idea how. Eventually, Target discovered the hackers got in via the stores’ HVAC system. They found key information in the company’s heating and coolers records. While this may seem surprising at first, consider this — most stores’ climate controls are managed by computers and are part of the same network as everything else.
It’s become increasingly common for hackers to obtain debit and/ or credit card information while unsuspecting owners are filling up their tanks. The card readers on gas pumps are not very well secured, and it’s not very hard for a hacker to install a skimming device on a pump.
Recently, 13 hackers were arrested for stealing card information from gas pumps around the U.S. The skimmers they used were Bluetooth enabled, so the hackers just downloaded the data from another location. The criminals stole over $2.1 million over the course of a year. Perhaps the scariest thing about gas pump identify theft is that there’s no third party hack involved. Hackers can just walk up, install and device and walk away with card information.
In early 2014, Yahoo revealed that hackers had obtained account information for many if its users. Similar to many other data breaches, the hackers also obtained information through a third party database. The real danger of the breach was not just that hackers could access users’ Yahoo mail. Rather, because many people use the same username and password for multiple sites, hackers could potentially access bank accounts, credit card information and other financial data with this information.
Heartbleed: the Biggest Security Vulnerability Online
Have you ever been told you know a site is secure if you put “https” at the beginning URL? For example, if you’re purchasing batch powder coating services, using “https” in front of the website would help secure your credit card information. While that can protect you to some extent, even secure connections are not totally hack-proof. The security vulnerability known as Heartbleed could allow hackers to obtain private information from all sites, even though the connection is supposed to be secure. Many believe Heartbleed allowed the Yahoo account hacks to be hacked earlier this year.
Internet providers are working hard to repair the vulnerability, but the bug is complicated, and in the meantime, everyone should be extremely careful about what they do online. Keep a close eye on your bank accounts, credit cards and anything else that could be compromised. In addition, here are a few more tips for securing your devices.
Preventing Future Attacks
According to Arbor Networks, hackers use third parties to obtain access to a network over 70 percent of the time. This means the security of a network is not measured by the network itself, but rather by everything even tangentially involved with the system. Preventing attacks is becoming increasingly difficult, and we all could afford to be more careful about who we work with and what activities we engage in online. There are few foolproof measures you can take to prevent a breach, but a little common sense can go a long way. Catching theft early can also prevent the hacker from doing future damage to your bank account.