Even the least technical people in the country will have heard about the cyber intrusion or attack that TalkTalk suffered recently. The idea that the attackers may have gained access and taken details from their entire customer database is one that strikes fear into the heart of any company that holds sensitive customer data. The size and respectability of TalkTalk is a reminder of the fact that any organisation can be affected by cybercrime and that companies need to be acutely aware of the desire to steal sensitive information.
What Actually Happened?
TalkTalk actually suffered an attack that came in two parts. Initially they reported a DDOS (Distributed Denial of Service Attack) which first came to light when customers reported issues when trying to use the site. Talk Talk then shut down all internal systems to prevent any damage being done. It was later announced that during the DDOS attack the hackers were accessing the TalkTalk customer database. It is now quite a common practice to distract a company with a rather blunt DDOS attack to cover up the fact that another far more dangerous attack is underway. This secondary attack was initially called a sequential attack by TalkTalk, however, this was incorrect. The “secret” attack was actually an SQL Injection and one that may have cost the company dearly in both the long and short term. A SQL Injection is essentially an attack on the database that supports a website where the attacker can exploit the website to indirectly access sensitive information from the database itself.
Preventing SQL injection attacks is now quite standard and attacks can be prevented if the correct procedures and processes are used.. The results of not getting this done can be devastating as many business owners will know.
These kinds of attacks are becoming more and more common because of the simple fact that hacking costs less than it used to and there are more tools available that are increasingly easier to use.. As a result, hacking skills and the hackers themselves have become commoditised and people can even buy hacking packs online to help them. Executing a DDOS or SQL Injection is no longer the preserve of large well-funded groups as this attack has shown with the arrest of a 15 year old boy in relation to the TalkTalk attack.
Prevention is Better than Cure
Fixing the loss of customer data can literally destroy a company, it remains to be seen how TalkTalk will bounce back from this. But the loss of customer trust alone can lead to such big falls in revenue the company just folds. There is, of course, the potential for legal recourse from the ICO and customers too, especially if the data was not encrypted or the adequate security was not in place. Talk Talk may also find that they were not PCI-DSS compliant. Putting in place the correct systems to deal with this and other kinds of attack is the only way to mitigate the damage that attacks of this nature can do. The risks are high and they are getting higher every month as more and more groups and individuals are able to perform these kind of attacks. Redscan provides a wide range of services for retail, financial and professional organisations such as advanced malware detection, SIEM and SOC services, penetration testing and in depth consultations to make sure your company is safe. If you hold customer data at any level, your customers expect it to be safe, contact us today to discuss how we can make sure it is.