On December 4th, 2013, security firm, Trustwave, posted that they had uncovered a database of two million compromised on-line accounts. In this enormous lists are credentials for 1.5 million accounts on various websites, 320,000 credentials for various e-mail services, 41,000 FTP accounts, and 3,000 Remote Desktop accounts. Of particular note, close to 8,000 of the website accounts are for the payroll-processing service, ADP.
What Does This Mean?
Essentially, anyone who has this database can log on to any of these two million compromised accounts. Is your, or are your employees’ credentials in this database? There’s no way to know right now, because the list of accounts has not been released by Trustwave.
How did This Happen?
The most recent mass security breaches in the news have been the result of hackers stealing large lists of credentials from companies like Adobe. In that case, Adobe is at fault for not protecting their customers’ data. In this latest scenario, however, these 2,000,000 usernames and passwords were harvested one at a time, directly from personal computers, using a key-logging, botnet Trojan.
That last sentence warrants some explanation: A Trojan (or Trojan horse program) is a malicious program that gets installed on your computer as the result of downloading some software, opening a malicious e-mail, or visiting a maliciously compromised website. A botnet is a very sophisticated way to control millions of PCs that have been infected with Trojans. Botnets are big business, and access “rights” to infected PCs are regularly bought and sold on the black market. Sometimes, botnets are used to conduct denial-of-service attacks against websites: The “owner” of the botnet can direct all of the millions of infected PCs to attempt to open connections to a Web site all at once. In this case, the botnet was directed to mine data from PCs, using a keylogger. A keylogger is simply a program that records every key that you press on your computer. A parser, then sorts through the keystrokes to find usernames and passwords.
If that doesn’t give you the creepy-crawlies, I don’t know what will. Millions of computers are right now be being secretly controlled, and their every keystroke logged, with access being sold to the highest bidder, without the owners’ knowledge. If your anti-virus software is out of date by more than a few months (or if it’s not working or not installed) there is a very good chance this describes your computer.
Your Company’s Computers are Safe (Right?) but How about Your Employees’ Computers?
If your company’s computers are managed by Clocktower (or another company that implements similar security protocols) you know that anti-virus and anti-malware protections are up to date on all your corporate devices. That’s only half the battle, though. If your business allows access to corporate data from home computers, or other computers that are not corporately managed, you are putting your business at extreme risk. How many times have you or your employees typed in your credentials for a sensitive website or remote connection on a computer at home? Is your anti-virus software working? Is theirs?
You are responsible for the security of customer and employee data that is stored on your systems (like your servers) or systems you pay for (like your e-mail service, or your payroll service). If you allow personal computers to access those systems, you must have a means of ensuring those personal computers are not compromised. Can you do that now? Would you like to? Call us today to talk about the ins and outs of securing your business.