TalkTalk Hack Revisted

Uploaded on 2016-01-11 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Now the dust has settled from the TalkTalk hack, what can be learnt to help other companies prevent a similar situation?

The impact of the hack on TalkTalk was rapid and dramatic; in one day its share price fell by 12% and in total an estimated £360 million was wiped off it’s value (stock value pictured). The direct one-off cost of dealing with the hack was reportedly more than £30 million.

A number of the alleged hackers have been arrested and it appears that rather than organised criminals or nation-state actors this hack was perpetrated by a group of teenagers ranging in age from 15 to 20.
 
Without belittling the skill of the teenagers, it is safe to say that of "threat actors" that concern corporations and governments, mischievous teenagers should sit somewhere near the bottom of the risk scale. The fact they appear to have been caught shows their lower level of expertise, and sets this hack apart from other notable cyber intrusions; such as Sony where it is still hotly debated who did it, let alone whether they will be brought to justice. Despite this, the hack showed just how much damage even a relatively unsophisticated group of hackers can still have on a company.

The publicity surrounding the hack was bad for TalkTalk’s share price, but at least TalkTalk identified they had been breached at all. One study found that in 2014 it took up to 205 days for most companies to discover a breach.

The same study also found that typically it takes hackers seconds to breach a system and only minutes to exfiltrate the data they are interested in. More often than not the public never knows about the many cyber intrusions that occur, making understanding the scale of the problem even more difficult.

In the Talktalk case the attackers reportedly used a simple vulnerability in the company website to launch what is known as a blind SQL injection attack; a way of querying and breaching the database sitting behind a website. This should not have been a difficult vulnerability to identify and fix. This was made worse by bad security procedures by TalkTalk; the creditials for one admin were found to be username: tim, password: tim.

The Teenagers in question are unlikely to have had a wider strategy for using, passing-on and profiting from the information they stole, which would undoubtedly already happened if the hack was carried out by an organised criminal group. A number of the hackers involved have already stated that it was actually done for “shits and giggles”.

This should give TalkTalk’s shareholders something to be happy about and the impact on customers and the data stolen is likely to be much lower than first suspected. In general the more public the hack, the easier it is to find what information has been stolen and easier to mitigate against any disclosure.

Suffering three public hacks in the space of a year makes it clear that TalkTalk is doing something wrong when it comes to cyber security. The latest hack was not a complex or difficult problem to fix and should have been identified if the company was employing ethical hackers and penetration testers.

There are extensive lists of procedures that can be put in place to increase cyber security, all which take money and staff. Ethical hacking is usually at the very end of most lists, and as one of the most expensive to be implemented it is often not done, this is a problem because it is potentially the most important to carry out. Without skilled professionals testing a network and system just like the real hackers would there is no way of knowing what holes there are left in your security infrastructure.

As Talktalk found the money spent trying to mitigate a cyber attack is vastly more than putting in effective procedures before it happens. The irony is that even if millions are spent on the highest level of cyber security it still does not guarantee that all attacks will be stopped. A good cyber security infrastructure will stop many attacks, including the one Talktalk was victim to but sadly complete security can never be guaranteed. Knowing this and preparing for what to do when breach does occur is another useful part of a complete cyber security strategy.

Max Vetter is a consultant, trainer, investigator and ethical hacker specialising in Cyber Security and the Dark Web

http://maxrvetter.com/

« Islamic State Launches A Cyber War Magazine
Ukrainian Power Grid Hack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

CERT.hr

CERT.hr

CERT.hr is the national authority competent for prevention and protection from computer threats to public information systems in the Republic of Croatia.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

BGD E-GOV CIRT

BGD E-GOV CIRT

BGD e-GOV CIRT's mission is to support government efforts to develop ICT programs by establishing incident management capabilities within Bangladesh.

Malware Patrol

Malware Patrol

Malware Patrol provides intelligent threat data that protects against cyber attacks.

Crosscheck Networks

Crosscheck Networks

Crosscheck products allow you to test your APIs across different protocols and message formats with functional automation, performance, and security testing capabilities.

Trusted Knight

Trusted Knight

Trusted Knight is a leading provider of security software solutions focused on defeating newly developed malware and crimeware trojans.

Proteus

Proteus

Proteus is an Information Security consulting firm specialized in Risk Analysis and Executive Control.

Cygilant

Cygilant

Cygilant is a SOC2 certified service provider that combines MSSP and Incident Detection and Response (IDR) capabilities managed by global SOCs staffed with trained security engineers.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum is a catalyst platform designed to create a more resilient and better cyberworld for all.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

Valency Networks

Valency Networks

Valency Networks provide cutting edge results in the areas of Vulnerability Assessment and Penetration Testing services for webapps, cloud apps, mobile apps and IT networks.

Airiam

Airiam

Airiam provides cybersecurity, managed IT, consulting, incident response, and digital transformation services so you can focus on what matters most.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

Coalition for Secure AI (CoSAI)

Coalition for Secure AI (CoSAI)

CoSAI is an open ecosystem of AI and security experts from industry leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research.