Login passwords and the username seems to be the main asset in the cyber world and everyone at some point of time will forget the password and reset it. Recently a hacker hacked around 1.2 billion account credentials.
It is not an easy task to get around 1.2 billion login passwords which is a large number and to accomplish this task he (#Mr.Grey) used botnets it seems.
The news also stated that the login passwords belongs not to a single account but to almost 420,000 websites and this is done by exploiting the simple #SQL Injection attack.
Actually botnets can be used to carry out a large attack such as DDoS (Distributed Denial of Service) or other deadly attack but in this case it has been used to scan the Internet for finding any vulnerable site.
Let's have a deeper look, consider a hacker already planted a malicious malware in computers across globe say 5000 computers. The malware will receive instructions from the attacker who planted the malware. Then if the attacker issues a command to scan the Internet, all 5000 computers will start scanning for vulnerable site.
If the site has been found vulnerable then the url can be given to the attacker or it can carry out the attack and get the credentials and send it to the attacker.
There has been no information that the attacker alone does this job or a group of hackers accomplished this task. There is no information about the sites that has been compromised and also about the login credentials also.
Users are requested not to respond to any mail from unknown stranger and also to scan any drive before pluggin them into the computer. Apart from these, use complex passwords to prevent attacks to some extent.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment