It takes cybercriminals an average of 9 hours to steal personal information from a more or less protected server
According to a study by Comparitech, computer attacks take less time than we think.
The study's results allowed the research firm to count 175 computer attacks in just 11 days. Results that is likely to frighten more than one. The result comes from a test. The firm's researchers simply left an open-access database on a minimum-protected server to see who could access it. They then tracked. The idea is not only how long it would take cyber criminals to access the contents of this database, and in turn, the method that will be used by them. "Time is essential in these situations. We wanted to know how quickly data can be compromised if it is not secure," the company says. After only 8 hours and 35 minutes, the cybercriminals succeeded. The first visitor found the address and immediately launched the attack. Two days after the database went live, the server was already recording about 20 attacks from all sides. This record is more than alarming because it highlights the ease with which cybercriminals can undermine our privacy and even our privacy.
This article will also interest you: The data of former customers stolen, Koodo got hacked
The speed with which cybercriminals have the ability to steal personal information from computer systems, with the time it often takes before the discovery of these data leaks, shows how far the struggle to preserve certain rights on digital platforms remains far from a victory. While companies do their best to protect their users, the problem always remains when we know that a database can suffer an average of 18 attacks per day according to Comparitech specialists.
During its small experiment, Comparitech used an elasticSearch server, a computer tool famous in the industry, which gives the feeling when using it to be facing an Excel spreadsheet in large format. But the celebrity of elasticSearch servers lies particularly in its numerous data leaks, due in large part to security settings. A problem that can generally be blamed on directors in most cases. We then remember the data leak suffered by one of the partners the Ministry of National Education, in the information met on a French forum (BDSM). Again, Daniel's fry was discovered a few months later, exposing thousands of users on the internet through the disclosure of certain personal information. It should be noted, on the one hand, that not all companies have protective tools to detect this type of incident in a short period of time. For those who have them, from the first minute, these data leaks are automatically detected. But the truth is, my speed by which a company detects a data leak will depend on the controls of the systems and their interval.
In addition, not all manipulations detected during the Comparitech test are acts of cyber malice, according to the latter. For example, there are some computer security researchers scanning networks to uncover security vulnerabilities that they can then communicate to affected companies, which they often do for a fee or simple advertisement. But the line between these ethical hackers and the real cyber criminals is thin.
On the other hand, while data theft is something easier to execute for cyber criminals, it can lead to other consequences. Indeed, few cyber criminals will simply steal information when they have access to less secure server. Among other things, exposed computer systems run the risk of further incidents by installing malicious scripts that could be Trojans, encryption programs and still spying software. In a certain context, cybercriminals will prefer ransomware.
Now access an unlimited number of passwords: