Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Why Small Business's Should Be Serious About Hackers

published on 2013-08-20 12:31:00 UTC by Trojan7Malware
Content:
I decided to write this blog post after I contacted a local business about a serious vulnerability (SQLi). The company is a luxury boat reseller. You simply select your boat and "checkout". The website handles Credit cards (CC) so SQLi is a incredibly dangerous vulnerability. 
  I reported the vulnerability and I received no response. So I decided to take action into my own hands, you can guess what happened next (I fixed it).

Many small companies think that just because they are not world famous and regularly in the news they're not a target. The truth is you couldn't be further from the truth. For example, the website in this article hasn't been updated since beginning of 2013 which most likely means they don't regularly monitor what content is on the website. Small websites and small companies simply don't have the time/knowledge to update modules,apps and CMS's. 

Websites like these are perfect for exploit kits. Hacking into a major website like google is a good way to get the Feds to come round for a dinner party. Smaller websites are of no interest to Feds so a hack will go almost unpunished. Using automated hacking tools that target joomla for example can generate huge exploit rates at almost no effort. For example www.societyforbuscuits.com is 100% guaranteed to be easier to hack than google thus a easier and more profitable target. 

Within a matter of minutes your small company's website can be turned into a major player in world wide computer fraud. I've personally seen hacked websites have their DNS's changed to cloudflare to reduce server load. 

Why hack a small site over yahoo for example? 
It's simple. It's all about your view-time ratio. A successful hack of yahoo.com will earn you about 45,000 hits a minute. Yahoo is generally on top of their game so a hack will most likely last about 2-3 minutes so that's 135,000 hits. On the other hand you can most likely hack around 200-300 websites in the time it takes to research,find a vuln and gain control of a major website. Let's generalise the websites. Say they earn 500 views a day each (really low for a business) that's 150k hits already and you haven't even sent a single spam message yet. Social media hacking and spam can probably bring in another 400-500k. Again that's easily achievable when verified twitter accounts and high follower accounts are hacked.

In summary
 From personal experience I would rather hack several hundred small websites rather than one major one in the same time frame. It works out a lot more profitable on a time-views ratio not to mention the fact your chances of getting arrested are significantly reduced.
Article: Why Small Business's Should Be Serious About Hackers - published over 11 years ago.

http://trojan7malware.blogspot.com/2013/08/why-small-business-should-be-serious.html   
Published: 2013 08 20 12:31:00
Received: 2023 12 01 16:22:31
Feed: Trojan7Malware
Source: Trojan7Malware
Category: Cyber Security
Topic: Cyber Security
Views: 2

Custom HTML Block

Click to Open Code Editor