Our Linux admin is a pretty sharp guy, he is working on updating website technology (php version). We have to keep up with patches and new technical abilities.
Unbeknownst to him, a hacker somehow placed a “crontab” entry which will run every 60 minutes shutting down defenses and opening other attack avenues. The hacker used a well known breach in the Windows platform to make inroads on one computer, this allowed him to connect to another computer which now he is in control of.
Too bad the systems were not regularly inspected for potential breaches. One never knows who is lurking on the Internet ready to pounce.
The problem with looking at this sophisticated target and Michaels attacks can make you think:
That only happens to the big companies – my business does not provide a large target, so I don’t have to worry.
That is unfortunately not true. Small organizations need to do the right thing and secure their resources as much as possible, since thety will get different attackers, different attacks. And undefended you will get hammered as the smaller attacks pile up.
let’s discuss the credit card number fiascos of Target and Michaels. Krebs on Security Blog got the scoop on Jan 14.
No business wants to be the focal point of an investigation: a large credit card processor was seeing hundreds of cards that all had been recently used at Michaels.
And unfortunately Michaels has had this happen before(May of 2011).
There are problems in your IT security when these types of breaches occur again and again.
In all Security operations one must test the configurations, and preferably with an independent set of eyes, that is where we come in aty OversiteSentry.