The theft of millions of password credentials can lead to automated attacks on other companies' sites. But Stephen Singam asks how can they be prepared to spot this risk?
In 1905's The Age of Reason, George Santayana wrote, “Those who cannot remember the past are condemned to repeat it.” For us in the IT industry, the emphasis is always on the new and the next, but there are many cases where repetition and remembering our history would help to improve performance. Alongside the monthly update grind caused by Patch Tuesdays, we see the same issues coming up time and again around security.
Theft of user credentials and passwords by hackers will normally get attention from the press, as an unfortunate company falls victim to a hack or software vulnerability. Each one of these attacks will get attention, and many IT professionals will thank their particular deity of choice that it wasn't their systems this time. However, this still looks at each of these events as a single occurrence.
However, we should look at all these thefts over time as part of a major new source of attacks - account hijacking. This covers automated attacks on e-commerce companies and retailers using large sets of password credentials. Each theft of credentials adds to the list of passwords that can be used in these attacks alongside more traditional dictionary attacks or simple substitutions of numbers for vowels.