IT services giant HCL left employee passwords, other sensitive data exposed online

IT services giant HCL left employee passwords, other sensitive data exposed online

IT services giant HCL left employee passwords exposed online, as well as customer project details, and other sensitive information, all without any form of authentication, research by security consultancy UpGuard reveals. An HCL human resources portal published new employee names, usernames and clear text passwords.
/
The ongoing Huawei saga, explained in brief

The ongoing Huawei saga, explained in brief

Here’s a rundown of all the major news in the past week If you’re feeling bewildered trying to keep up with the never-ending references to Huawei in the news, you’re not alone. Fear not—here’s a handy time line of everything that has happened so far
/

DDoS Attack Takeaways 

If you tried to access some of the world’s most popular websites, such as Twitter, Spotify, CNN, Netflix and The New York Times last Friday, you may have run into some trouble. Millions in the U.S. and Europe lost access to much of the internet in the wake of a cyberattack.

Hackers targeted Dyn Inc., a major provider of Domain Name System services in a distributed denial of service (DDoS) attack. The hackers used a malware called Mirai to flood Dyn’s servers with fake traffic through a botnet of internet-enabled devices including DVRs, storage devices and cameras.

Researchers do not yet know the motive for the attack and are unsure of who the perpetrator is. However, they believe that users of  a hacking forum may be responsible, and not the foreign governments, WikiLeaks supporters and political activists who were originally suspected.

Looking back at Friday’s cyberattack, here are four key takeaways.

The ‘Internet of Things’ Presents New Challenges

spybot-IoT

Devices such as webcams, DVRs, video doorbells and refrigerators that can connect to the internet are known as the Internet of Things (IoT). These devices provide us with new opportunities and make our lives easier, but also present new, unexplored security risks.

After the recent attacks, Chinese company Hangzhou Xiongmai Technology, recalled 4.3 million internet-connected cameras, which hackers infiltrated.

Many IoT devices (especially the cheaper ones) are unsophisticated and susceptible to hacking. Many users also never change their passwords from the default settings on IoT devices. Buying devices that allow you to change the default password, and changing the default password when possible, may help to stop these kinds of attacks in the future.

DDoS Protection Is Becoming Centralized

When it comes to DDoS attacks, whoever has the most computing power wins. This makes smaller companies more vulnerable. Larger companies can usually fend off hacking attempts. The use of the botnet in the recent attacks presented a new challenge, however, that Dyn was not prepared for.

Since being bigger makes a company more effective at preventing DDoS attacks, and the attacks are getting larger and more difficult to manage, websites must increasingly seek refuge with large, powerful companies. This is causing a centralization of DDoS protection.

These powerful companies can protect against these hacks more effectively, but the centralization also creates a risk. As demonstrated in Friday’s attack, a single attack can now disable a greater portion of the internet.

Imposters Can and Will Take Credit for Cyber Attacks

hacker-cloud

It can be difficult to ascertain who exactly is responsible for cyberattacks, and this creates the opportunity for imposters to take the credit.

Researchers at Flashpoint believe they have linked the attacks to users of the site Hack Forums. Users of this site frequently hack just for attention or fun, but sometimes also charge money for hacking services.

At first, many believed that Russia or WikiLeaks supporters were behind the attacks. A group called “New World Hackers” took credit for the attack, saying that they did it in response to the Ecuadorian government’s removal of Julian Assange’s Internet connection. WikiLeaks seemed to accept this assertion as true in a tweet. Activist group “Anonymous” also apparently took credit in a tweet. However, researchers believe these claims are false.

It’s Time to Take Cyber Security Seriously

Companies, schools and other organizations provide safety training and conduct fire drills, tornado drills and active shooter drills. Many also have metal detectors and security guards.

But these organizations rarely provide cyber security training. However, as the recent attacks show, cyber security is important and increasingly at risk. IoT technology presents us with new risks and places the responsibility for security more heavily on the average consumer.

Individuals and companies should ensure they are educated about their cyber security risks in order to protect themselves and other internet users.

Friday’s large-scale DDoS attack represents the opening of a new chapter in cyber security. As technology changes, new challenges arise that must be met to keep the internet secure. Hacking and cyber security will likely become an increasingly important issue, so it is imperative that individuals and companies educate and protect themselves however they can.

By Kayla Matthews

Kayla Matthews

Kayla Matthews is a technology writer dedicated to exploring issues related to the Cloud, Cybersecurity, IoT and the use of tech in daily life.

Her work can be seen on such sites as The Huffington Post, MakeUseOf, and VMBlog. You can read more from Kayla on her personal website, Productivity Bytes.

View Website
Ajay Malik

Quantum Computing opens new front in Cloud!

Quantum Computing As the amount of data in the world is rapidly increasing, so is the time required for machines to ...
Apcela

Industrial IoT will reshape network requirements

Industrial IoT The hype around IoT may have been surpassed this year by breathless coverage of topics such as artificial ...
As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

The Multi-cloud Landscape The digital universe is expanding rapidly, and cloud computing is building the foundation for almost infinite use ...
Who Leads Digital Transformation? Historically, It Was The CIO

Who Leads Digital Transformation? Historically, It Was The CIO

Who Leads Digital Transformation? On my way to the office last week, I was stopped at a stoplight that only ...