View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

What the CyberVor record cache tells us about cyber security

CBR consults the experts on how we should respond.

By Jimmy Nicholls

The "CyberVor" cache might well be the biggest archive of login details ever obtained by one group of hackers.

Over some seven months Hold Security managed to identify the Russian cyber gang responsible, by which time the hackers had amassed 4.5 billion records, with 1.2 billion believed to be unique.

Whether or not a company has been affected there is much to learn from the breach, so here are the best responses from the security community.

1) It may be time for legislation about breach notification

Amid some controversy Hold are planning on charging websites before they tell them whether they were affected in the breach. Those willing will have to sign up to the firm’s breach notification service, at a cost of $120 (£71) a year. Unsurprisingly, some have condemned this as cynical, while others call for better regulation.

"An interesting feature of the attack having been uncovered by an independent security firm is the unstructured process by which news of which businesses have been hacked reaches those organisations," said James Mullock, partner at law firm Osborne Clarke. "There is currently little legislative guidance regulating how that process should operate and it appears ripe for review."

2) Passwords are still broken

We know you’re bored of being told how useless passwords are, but it is still as true today as it was yesterday. Hold even found pairs of emails and passwords used across different sites, which is the kind of sin security experts are always reprimanding us for.

"It’s too easy to reuse passwords across countless websites or create easy-to-guess passwords," said Laura O’Brien, technical narrator at security firm Symantec. "As a result, if an attacker manages to gain access to the user’s login credentials by breaching a website, they could potentially use the details to gain unauthorised access to several other online accounts."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The future of security may involve two-factor authentication or even biometrics, but for now users are advised to use strong passwords, and even consider a password manager – though these are not without their problems.

3) Hackers bought some of the data

The modern depiction of a hacker is not that far removed from the nerd of yesteryear, albeit a bit moodier, and more inclined to wear hoodies. Yet increasingly we are hearing reports of hacker as businessmen, even selling their wares as a product or service.

"It appears the biggest compilation of stolen credentials in the world wasn’t created through a master hacking operation, but rather the conglomeration of disparate hacking groups," said Gary Davis, vice president of global consumer marketing at McAfee.

"And that’s the thing you need to know about professional hackers: they aren’t the James Bond-esque adventurers depicted in the movies, but rather people who operate through trial and error and spreadsheets."

4) …but they also used a botnet

Many of the big security stories this year have involved botnets, where victims’ computers are unwittingly roped into distributing malware. In this case a botnet was used to identify SQL vulnerabilities in more than 400,000 sites, which were then attacked so the hackers could steal data.

"A large proportion of all the malware families that we see form some sort of botnet," said James Wyke, senior threat researcher at security firm Sophos. "In fact there are relatively few categories of malware that don’t. Even those that don’t are often spread through botnets – CryptoLocker was spread via the Gameover Zeus botnet for example."

5) It’s no time to panic

It is easy to become jaded over the seemingly constant stream of big cyber attacks in the news these days. But some argue that this particular attack is overblown, and that there’s no immediate need for people to hastily change all their passwords.

"While this sounds like a credentials disaster of the worst kind, the fact remains that we have yet to see any hard details on the various breaches – and currently no companies have come forward and admitted being affected," said Chris Boyd, malware intelligence analyst at Malwarebytes.

"If this attack really is this wide-reaching, then surely some of this information will come out in the wash eventually – with 1.2 billion passwords supposedly taken, it would be impossible for it not to."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.