Over 90% of passwords vulnerable to hacking
Passwords in the Middle East - even ones deemed to be "strong" - are actually susceptible to infiltration.
May 23, 2013 8:51 by kippreport
In what is set to be the region’s most anticipated gathering of information security experts, the Gulf Information Security Expo and Conference (GISEC) will take place from 3 – 5 June 3 to address hot-button issues in the cyber security arena.
The event comes amid thought-provoking research indicating that more than 90% of the user-generated passwords in the Middle East – including the ones which IT professionals deem to be “strong” – are actually susceptible to hacking, leaving the door open for billions of dollars in potential financial, reputational and strategic damages.
These revelations are according to the 2013 Middle East TMT Predictions by global firm Deloitte. According to the study, underlining the need for urgent solutions by information security experts is the fact that while it previously took cyber criminals about 5.5 hours to crack any eight-character password, they are now resorting to “crowd hacking” where criminals outsource the task to thousands of other machines and fellow hackers, enabling them to decipher the codes and undo years of IT professionals’ work in mere seconds.
Recently, regional online payment provider CashU has also warned Middle East PC users to remain diligent and protect their PCs with up-to-date antivirus in light of the recent malicious attacks across the region. A virus called “ransomware,” has been spreading across the region, prompting users with an onscreen message that their PC is locked and asks users to send a set amount of money via CashU service to have their PC unlocked. It has documented attacks in Saudi Arabia, UAE and Qatar, as well as the Levant.
“These phishing attacks are primarily targeting PC users with the aim of collecting private information such as user data, financial and password information,” said Omar Soudodi, acting CEO of CashU.
According to a Ponemon Institute report that was commissioned by Juniper Networks, web-based and DoS (Denial of Service) attacks are the most serious types of attacks reported by respondents’ companies – making up 62% and 60% of the cases respectively. This has motivated the participants at GISEC to collaborate and share information on recent attacks so that criminals can be identified by their modus operandi.
Kevin Mitnick, hacker turned international cyber security guru, will speak at the GISEC Conference to share his perspective on the threat of “social engineering” – a highly effective type of attack that exploits the human element of corporate security.
While relatively unknown to the general public, the term “social engineering” is widely used within the computer security community to describe the techniques hackers use to deceive a trusted computer user within a company into revealing sensitive information, or trick an unsuspecting mark into performing actions that create a security hole.
Mitnick is to illustrate why a misplaced reliance on security technologies alone, such as firewalls, authentication devices, encryption, and intrusion detection systems are virtually ineffective against a motivated attacker using these techniques.