Select Page
Share

By Abílio Pettenazzi, Product Manager at Brasoftware, specialist in Security, Virtualization and Availability

 
 

Hackers showed their strength again. In June 2016, over 32 million Twitter user passwords were made available through the Deep Web. The idea was to sell affected users' information on the internet, such as name, address, e-mail and other passwords. Deep Web refers to web content that is not indexed by standard search engines, that is, they are “invisible”.
 
This is yet another success story for cybercriminals, who increasingly invade systems and expose user data around the world. The website haveibeenpwned.com, for example, has a list of several other cases, such as Forbes, LinkedIn, Myspace, Snapchat, Sony and Vodafone. The portal also allows you to see if your account has been affected.
 
What lessons can we learn from a case like this? And why can a password theft from a social network bring insecurity to companies?
 
From the moment the data has been exposed on the Deep Web, a group of cybercriminals working on an attack on a specific company can benefit from this data.
 
Most Twitter users are linked to the names of the individuals who own the accounts. For example: the likelihood of João Silva's Twitter account being @joaosilva or some simple variant of this example like @jsilva or @silvajoao is very high.
 
If this person works for a company that is being targeted by cybercriminals, accessing a user password template will facilitate the attack. The likelihood of Twitter's password being the same or very similar to that of the corporate network is high. This is how a targeted attack to steal company data succeeds, exploiting data available to company users on the web, whether on the Deep Web or on social networks. by this, all caution are little.
 
Cybercrime has already become a lucrative industry that generates more than US$ 1.5 trillion dollars a year, according to data presented by companies in the information security sector.
 
With the arrival of the Bitcoin device, a digital currency that has no traceability in its financial transactions, the cybercriminal can now make virtual money and then exchange it for real money. Bitcoin has accelerated borderless crime, so today a company of any size and industry can be attacked from virtually anywhere in the world.
 
One reason that increases the risks is the fact that companies, mainly of smaller size, have less investments and security infrastructures, what facilitates the attack of the cybercriminals. It's like in real life: is it easier to break into a house full of cameras, security guards, electric fences and alarm systems, or one with one with only a gate and bars?
 
It is always necessary to invest in the awareness of its users, training of the IT team and to choose the technologies that best meet the company's needs according to the security plan, always taking into account three factors: adherence of technology to the environment, price and relationship with the supplier.
 
In the case of Twitter password exposure, the ideal would be to request the password change of all users of the company's corporate network, always applying the standard password rule with at least eight characters, including letters, numbers and symbols, which do not equal to the last 10 passwords recorded.
 
And another important point is to disclose cases like this from Twitter to employees as a way of alerting both to their personal lives and to prevent information security in the corporate environment. In this way, the company can learn from what happened and also minimize the risks.

quick access

en_USEN