Rainbow attacks, vampire data, data forensics and hackers who target infrastructure, where do we go from here?

The ways of the world are changing and it is more noticeable in the technology space than anywhere else in the business world.    In some places it is changing that fast that even the industry has trouble keeping up.

With the larger technologist companies pushing innovation as their major selling point, moving from traditional sales of hardware and software to the intangible market of ideas and saving money the rest of the world is still focused on making the technology work to their benefit.

How are small and medium businesses and not for profit organisations going to keep up with these changes in attitude and technology.

Recently a number of new or little heard of ideas have registered on the technology radar, some have been major changes in attitude and others are a change in direction.  But all of them will start to have an impact on the business world.

Lets look at some

Vampire data

This is information and data that has been inside your business system for the last x amount of years.

Maybe old ideas, old information that has been shelved or lost and misplaced in the last three upgrades of the system.

This data is not so much important as having either financial, personal or intellectual property that has not been handled correctly.

In addition to this information what about old backups on tape, old copies of information and even information that has been marked for archiving and distraction but never actually done it.

Rainbow attacks

There use to be brute force attacks on systems looking for passwords.

Old passwords, easy passwords or default system passwords that have not been reset to more complicated ones.   These attacks have now morphed into rainbow attacks, sounds colourful doesn’t it.

A brute force attack is also based on the dictionary, the rainbow is based on permutations of the dictionary.   For instance Replicating all of the words with an ‘e’ and substituting 3.

A larger set of vectors but with today’s computer speed relatively easy to implement.   These new systems use a rainbow table hence the rainbow attack.

Data forensics

We have all seen it on CSI and crime shows, but data forensics are now being implemented in major organisations as a way to manage attacks and the theft of data.

Some of the larger forensic organisations are more focused on what is happening in real time than what has happened in history.

It is easier to catch and prosecute someone if you catch them red handed than try to prove that it was them after the fact.

Hackers who target infrastructure

Hackers have been around since the first virus was invented (on a mac mind you) in the early 1980 and most of us have been playing catch up since.   The focus of a hackers’ attack has started to include malicious damage.

They are still after money, information and data but they are now after the ability to actually damage the target systems.   This is mostly because when discovered it takes longer to find out what was stolen and what is missing.

Looking forward, what will be the next line of defence for these types of attacks.

  • Going back to the common sense hypothesis, complicated passwords using letters, numbers and symbols as well as spaces is always a good place to start.
  • Keep track of all of your information and if it is no longer required then it should be safely destroyed.
  • Implementation of better compliance and system requirements including best practice will always help when it comes to making sure that only the right people are accessing your information
  • Hackers use exploits in systems, applications and platforms – make sure that they are patched and up to date as much as possible.  This makes it very hard for them to get a basic foot hold on your systems.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.