Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

12:24 PM
Melanie Rodier
Melanie Rodier
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

You've Been Hacked! Now Learn Their Latest Tricks

Here are 3 ways your organization - and probably even your personal computer - is likely to have been hacked, without you even realizing.

Here are 3 ways your organization - and probably even your personal computer - is likely to have been hacked:

We've all tried to load Firefox (or Safari, or um, if you're still using it...Internet Explorer), and seen the message: "The Connection has timed out, the server is taking too long to respond."

It's a pain. But an innocuous enough setback, right? Wrong. If your bank gets hit with this, it could be the first sign of a Denial of Service attack, which according to experts, isn't technically a "hack," since it can be done without breaking into any system. But it's still pretty lethal.

DoS attacks usually flood a website's with requests, making them completely unresponsive. If you work for a big bank, you may be subjected to botnets, where infected computers all send out requests at the same time. CNN points out, "There's not much that Web companies can do to prevent that kind of attack except to get more servers."

"DoS attacks are very difficult to defend against," Paul Asadoorian, CEO of security consultancy PaulDotCom Enterprises, said in a story on CNN.com. "But attackers are not stealing any information when they do a DoS."

Other ways you might have been hacked include SQL attacks, where hackers get a targeted website to show them what the site's vulnerabilities are.

From CNN.com:

"Sometimes hackers perform "Google hacks" to use the search engine to find cached examples of error messages on pages. Other times, they enter odd terms into a website's search box to see if the site spits back error messages from its SQL database. Those error messages can tell hackers a lot about the site -- often, enough to exploit the found vulnerability by injecting malicious code into the database. That's known as a SQL injection.

SQL injections can be used to get a site to spit back its database contents, such as lists of usernames and passwords. They can also be used to infect visitors' computers with malware. About 14% of all hacks last year involved SQL injections, according to Verizon's 2011 Data Breach Investigations Report."

One of the spookiest attacks is spear phishing, which targets a specific victim and makes you believe an email is coming from a trusted source like a friend or your boss. According to CNN.com, "spear phishers are often agents of foreign governments that do reconnaissance work on their victims to figure out what will make them believe an e-mail is coming from a trusted source."

Watch this space for tips on how to prevent these attacks.

Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
More
Register for Wall Street & Technology Newsletters
Video
All Videos
Trading Floors
Slideshows
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.
More Trading Floors