Is Your IT System Low Hanging Fruit For Criminal Hackers?

A couple of questions come mind:

  1.  How can the Criminal Hacker tell if my system is weak and thus “Low hanging fruit”
  2. What will the criminal hacker do with my systems?

How much do you REALLY trust your situation?

Criminals have ways of finding your weaknesses – if you have one they will find it.

A. Misconfiguration – your systems may be misconfigured and unfortunately have a hole that the hacker can take advantage of.  (includes replacing default passwords in your computer)

B. Insufficient protection for malicious traffic. If your anti-virus or anti-malware can’t catch the current stream of attacking software coming through your desk.

C. Zero-Day Exploits – if you are not patched enough or when some evil software takes advantage of a heretofore unknown attack.

D. Hijacking your communications – Somehow the traffic you are creating gets hijacked and thus your information is taken.

kovtor-ransomware-pcworld   A Nightmare message

 

Criminal Hackers  have a marketplace of attacks available to them in the Darknet . there are servers in the Darknet  which sell various attacks to other hackers.  this is done so that the programmer good at defeating defenses does not have to  spend time figuring out to actually make the attack themselves.

These criminal superhackers develop software so that someone else will perform the actual attack, and thus they become a mini-software company.

 

The hacker has a specific attack that works on a specific amount of computers, for example all computers without patch ABC. Windowsecurity.com¹ has an article that is still appropriate:

 

When a new patch comes out, a lot of people do not actually patch their computers as in the article 13% of all users are still using WindowsXP(13 year old Operating System) which cannot be patched anymore.  But there can be more reasons, such as

microsoftreasonsfornotpatching

“In Some cases it’s due to simple laziness, cost, or a distaste for change, but we’ve heard many XP holdouts say they didn’t want to buy a new computer and were afraid of upgrading the ones they have would ‘break things’.

Microsoft’s own Security Patches Best Practices documentation on the TechNet web site contains the statement that “the risk of implementing the service pack, hotfix and security patch should always be less than the risk of not implementing it” and goes on to say “You should never be worse off by implementing a service pack, hotfix and security patch. If you are unsure, then take steps to ensure that there is no doubt when moving them to production systems.” Unfortunately, it seems many of their customers are unsure these days. So what are the steps you need to take to ensure there is no doubt?


Microsoft has much experience in this phenomenon and this is one reason they are so over the top with the Win10 upgrade(my opinion)

 

 

If 13% of all Windows users are still using Windows XP, I am sure that there are at least 20% more that do not patch quickly which makes them targets for criminal hackers.  If there are 20 million computers, that means 4 million computers are easily susceptible to the latest attacks, while there are also 2.6 million Windows XP machines.  (the windowsecurity.com article was published on Jan 14, 2015)

 

I realize I am not using actual numbers here, but you can see that the criminal hacker has many potential targets here.

Current number of Internet users = 3.27 Billion in the world²

Here are some actual numbers: from mapsoftheworld.com³ for the US.

On 25th March of 2013

USA had 223 million PCs

68.7% of all households have access to the Internet

61.8% own PCs

 

So actually I am off by a factor of 10.

if 200 million PCs in the US then 26 million PCs have WindowsXP

And if I am right that  ~20% of people delay or avoid patching in a quick manner – then there are 40 million PCs susceptible to potential criminal hacker attacks just in the US.

Do you want to be part of the group that can be attacked? ” The low hanging fruit?” “The Easy Mark”

 

What is the lowest  hanging fruit?

lowhangingfruitimage from psmag.com

The one that is easy to pick – it is on the ground and all you have to do is walk up and get it.

 

If you are one of the connected machines to the Internet (68.7% of all households are connected to the Internet)  How many businesses are connected to the Internet?  I would imagine it is 100% or very close to it.

So how many businesses are there?

According to the SBA https://www.sba.gov/sites/default/files/FAQ_Sept_2012.pdf

 

In 2010 there were 27.9 million small businesses. Even if we stick to the numbers of all small businesses…

Would businesses also not update when needed? Unfortunately yes this is true.  Let’s assume they are a bit better – at 10% that still gives a 2.8million target list of businesses.

The Criminal hacker has many targets available to him.

maximyastremsky

Remember that the criminals make a lot of money at $3000 – $4000 per month in a country like Ukraine or Russia (other East European countries).

The criminal is making it their business to find the low-hanging fruit and make as much money as easily as possible.

Don’t be the company to fail at defending your computer systems.  Have the ethical hacker check your configs and more. Contact us now..

 

 

  1. http://www.windowsecurity.com/articles-tutorials/misc_network_security/patch-or-not-weighing-risks-immediate-updating.html
  2. http://www.internetlivestats.com/internet-users/
  3. http://www.mapsofworld.com/world-top-ten/world-top-ten-personal-computers-users-map.html