Franchise Update Media
Franchise Update Media Digital
Publications
Conferences Education Videos Subscribe
Advertise

Hacked Off: Ready-made Templates Make For Effortless Hacking

There was a time when a hacker needed exceptional computer skills to breach a system. Only the most talented and experienced computer users could successfully bypass even the most minimal provisions. Sadly, those days are gone. Recent investigations have revealed a disturbing trend: the availability of readily accessible hacking-made-easy has swelled the ranks of effective hackers. Now, an amateur with a grade-school computer can often hack a poorly defended business network in minutes after downloading a free hacking template.

This alarming news should serve as a wake-up call for franchisees to increase their IT security vigilance. Novice hackers everywhere are now standing on the shoulders of computer geniuses, giving them the expertise to hack into systems and steal sensitive information that was previously beyond their reach.

A Disturbing Trend

Internet criminals already use a wide variety of hacker tools in their efforts to steal your sensitive information. On a recent compromise investigation, our forensic team found a particularly troubling hacker After gaining access to the victim's network (through insecure remote access) the hacker installed a template that was downloaded from the Internet. This template contained preconfigured applications designed to "walk" the attacker through the steps of hacking the network. The template included features such as dropdown boxes that prompted the user to choose the desired technique to crack passwords, and the method to install a "backdoor" to enable the hacker to easily return to the compromised system at their pleasure. No longer do hackers need to write long strings of complicated code; rather, they simply make their selections as if ordering Chinese from a menu.

Who uses hacking templates?

Because they lack the technical expertise to write their own hacking code, or scripts, novice hackers (called "Script Kiddies" or "Skiddies") rely on sophisticated templates that contain pre-made exploit code. Because of the rising availability of these packaged scripts, the number of hackers attempting to illicitly access your network is growing rapidly. Even though these hackers may be amateurs, their success rates are increasingly high, largely because small merchants and franchisees often lack the substantial perimeter defenses to keep them out.

Kiddie protection

Make certain your firewall is doing its job. In addition to filtering inbound system access, it also needs to protect your credit card processing environment from the rest of your network. If you or your employees visit Facebook, order uniforms, or do anything online unrelated to your payment application, your firewall must segment your payment application from all other devices that connect to the Internet. By segmenting (or quarantining) your payment-processing environment, you create a "safe zone" that limits the opportunity for hackers to get to your customer credit card information.

Firewalls can tell a story

Forensic investigations frequently reveal a consistent problem: a lack of logging. Most merchants are unaware that when they un-box their new firewall (or any Windows system) the device is not automatically set up to record activity logs. Firewall logs allow you to monitor attempts to access your network, and they can be an early-warning system that your network may be under attack. Unlike e-commerce environments where customers access merchant servers from infinite IP addresses, franchisees can configure the segment of their firewall that protects credit card information to communicate only with the payment processor. The Payment Card Industry Data Security Standards (PCI DSS) require merchants to maintain at least 90 days of firewall logs stored on their system, and 12 months of logs stored offline.

Persistent observation

While firewall logging is essential, if logs are not regularly reviewed, you may miss the opportunity to stave off an attack before serious damage is done. Make a practice of reviewing firewall logs every day at work. Ask yourself, "Is this normal traffic or is someone trying to get in my system?" If you see anything suspicious, immediately contact your IT professional or security specialist. If the thought of reviewing activity logs is intimidating, instruct your IT consultant to perform the reviews and report the findings to you.

Another invaluable defense measure is to look for system files that have been changed from their original state. Hackers will frequently modify, corrupt system files, or name hacker malware after legitimate applications. There are many software programs that automatically analyze your system files and look for evidence of manipulation.

Without effective perimeter more businesses will be attacked and compromised by amateur hackers. It's no secret that business network security problems are mounting. If you are vigilant with your firewall, log reviews, and system file comparisons, you just may prevent your business from losing sensitive data.

Note: These recommendations do not constitute a comprehensive IT security regimen. They must be employed along with all security measures outlined in PCI DSS.

David Ellis is director of forensic investigations for SecurityMetrics, a leading provider of PCI data security solutions. Contact him at 801-724-9600 or visit www.securitymetrics.com.

Social Reach:

Viewer Response:

comments powered by Disqus
 

Hot Opportunities

Doc Popcorn Franchise Opportunity

Doc Popcorn
Doc Popcorn is revolutionizing the way people snack in high-traffic...

Add
Bricks 4 Kidz Franchise Opportunity

Bricks 4 Kidz
Bricks 4 Kidz provides project-based programs designed to teach principles...

Add
Papa Murphy's Take 'N' Bake Pizza Franchise Opportunity

Papa Murphy's Take 'N' Bake Pizza
The world's largest, fastest growing Take 'N' Bake pizza franchise is...

Add
Jimmy John's Gourmet Sandwich Shops Franchise Opportunity

Jimmy John's Gourmet Sandwich Shops
Jimmy John's franchise success is built upon an unyielding commitment to...

Add
Oxi Fresh Franchise Opportunity

Oxi Fresh
OXI FRESH is a GREEN Carpet Cleaning Franchise and one of Entrepreneur's...

Add
Smoothie King Franchise Opportunity

Smoothie King
Smoothie King first introduced the nutritional fresh-blended fruit...

Request Information
Physicians WEIGHT LOSS Centers Franchise Opportunity

Physicians WEIGHT LOSS Centers
Be a part of the growing $61 billion dollar weight loss business....

Add
Taco Bell Franchise Opportunity

Taco Bell
If you're looking for the leading Mexican fast food franchise, Taco Bell...

Add


The Franchise Buzz:


A Franchise Update Media Group Production Franchise Update Media Group | P.O. Box 20547 // San Jose, CA 95160 // PH. (408) 402-5681
Copyright © 2001 - 2014. All Rights Reserved. Site Hosting Provided By: wishVPS on FUMG3
0
Your Request List:
No Opportunities Saved