If we had to elaborate a list with the top tech companies who have being hacked in the last weeks, we should include all the ones in the title of this blog post, and maybe a few more cases we are still not aware of.
The first one was Twitter. On February 1st Twitter published an article in their blog, “Keeping our users secure“. They explained they had been victims of an attack, and that information from 250,000 users had been accessed.
A couple of weeks later, Facebook published an article in their blog, titled “Protecting People On Facebook“. It looks like no customer data was compromised in this attack.
The next victim was Apple, just a few days after Facebook announcement, they told Reuters they had also been targeted using the same attack.
And last, but not least, Microsoft recognized they also had been victims of the same attack.
Not a bad list of companies, isnt’t it? Maybe we will see some more (Google is in the same target level, for example, or Amazon, or IBM…) but that’s not the point of this article. What can we learn? Of course there is a lot of information we don’t know yet, however we can see some positive outcome and 1very important task to do:
– Companies are not afraid of recognizing being targets of this kind of attacks.
– They have good security teams which have been able to identify the attacks as they were taking place.
Task to do: We all should stop using Java in the browser. All these attacks were successful thanks to yet another 0-day vulnerability in Java. Disable it now.
People involved in computer security know that there is not a 100% safe place. You can take a number of preventive measures, and they will work well most of the times. But there is always some weak point, some new vulnerability, some human error, and out of the thousands of attacks that such big companies receive on a daily basis, one could succeed.
And being able to identify a current attack is critical. And Twitter, Facebook, Apple and Microsoft were able. They all are gathering information about the attack. They all are working with law enforcement to find out who is behind this attack.
If you are responsible for a medium / small company, you may think you do not have to worry as much as those biggies as you are not such a sexy target. That is partially true, you probably will get a small number of targeted attacks (if any), however you will be hit constantly with the usual cybercrime attacks that infect millions of computers.
According to PandaLabs 2012 Anual Report, 1/3 of all computers were infected at some point last year. And cybercriminals love low-hanging fruit. If you have computers without protection, without updated software, without a serious security plan, you will be the next.
Most computer infections nowadays come from exploit kits, which will infect the user’s computer without his knowledge through some software vulnerability. More than a 90% of these cases are Java vulnerabilites through the browser, so the best way to avoid these infections is simple: DISABLE JAVA IN YOUR BROWSER. NOW. WHAT ARE YOU WAITING FOR?
If for any reason you need Java in the browser to run some application, then use it in a secondary browser.