The Web Application Attack Report (WAAR) studied attacks on 30 different enterprise and government web applications highlighting that assaults on websites and databases are now as frequent as 25,000 per hour.

The sheer volume of these attacks is worrying. However perhaps more concerning is the fact that most of them are conducted by automated bots. This makes the threat unique. Car jacking for instance cannot be automated and neither can purse theft. For this reason cyber crime has the potential to have greater financial impact than all other forms of crime put together.

“The level of automation in cyber attacks continues to shock us. The sheer volume of attacks that can be carried out in such a short period of time is almost unimaginable to most businesses,” stated Amichai Shulman, Imperva’s CTO and lead researcher.

Aside from automation cyber criminals are becoming increasingly evasive “Our data demonstrates that it is increasingly difficult to trace attacks to specific entities or organisations.”

What is known is that the majority of attacks originate from bots developed in the US (29%) and China (10%). Such bots are simply left to make consistent attempts to hack and retrieve critical data.

Imperva advise CEOs across all industries to always consider their businesses a target and especially “If you hold sensitive information with value for governments, employees or competition.”

Rise of the Data Crime Bot is a post from Backup Technology's Blog. Contact us today for further information on our Online Backup and Business Continuity services.

Cloud Computing was ranked in fifth place on the list of “areas of likely IT investment” with areas such as “next generation data management & analysis,” “enterprise mobility” and “social media/networking” ranking ahead.

An obvious link exists here with many still holding huge reservations with regards to trusting external providers.

“There still exists a level of concern over the cloud” according to the Chief Research Officer at IDC Crawford del Prete.

Another recent report conducted by the Ponemon institure in California indicated that just 33% of the 1000 IT professionals surveyed trusted Cloud Hosting data centres.

It is difficult to calculate the damage that hacking groups are doing to the growth of Cloud Computing as a sector. With every headlining attack such as that on Sony earlier this year many companies are beginning to shy away from entrusting their data to Cloud providers, and for good reason.

“If we pick a vendor to host our stuff, are they going to have the same maturity, the right service levels, the ability to pay the same amount of attention as we do to our environment today?” suggested Richard Scott, CTO at Guardian Life Insurance Company.

Policing the cyber landscape is extremely difficult and there are many out there simply looking for the next opportunity to hack, defraud and steal.

The new focus on security is not being missed and companies such as BAE Systems are noticing a huge surge of interest with private companies being the main point of focus according to Martin Sutherland, managing director of Detica (BAE’s cyber security division).

Cyber Security – The No.1 Priority is a post from Backup Technology's Blog. Contact us today for further information on our Online Backup and Business Continuity services.

Microsoft, one of the first Cloud providers to come clean, have revealed that the U.S. authorities have the right to access any data stored by them, even if that data resides within the EU.

This isn’t the first time that the U.S. Patriot Act has come under fire.  After the Act was passed 2001 because of Sept 11 terrorist attacks, students and staff from a Canadian university campaigned against their emails being routed through the States.

This will make firms more wary of utilising the new Microsoft roll-out as the software giant cannot guarantee data will not leave its place of origin.

In addition, Gordon Frazer CEO of Microsoft admitted that customers would only be informed “whenever possible” with respect to authorities extracting data.

Such an example is where the FBI has the ability to issue a ‘National Security Letter’ demanding a company’s data. Frazer stated that in this case he wouldn’t even be able to admit he had received such an order.

“In a limited number of circumstances, Microsoft may need to disclose data without your prior consent, including as needed to satisfy legal requirements or to protect the rights or property of Microsoft or others (including the enforcement of agreements or policies governing the use of the service)” said Frazer.

The head of Independent State Centre for Data protection in the German state of Schleswig Holstein, Thilo Weichert claimed that the sharing of data outside of the EU conflicts with EU laws. He argues that at the very least under such a service agreement companies should have the opportunity to terminate contracts with immediate effect.

So in summary, the best recommendation would be to use service providers who can ensure your data will remain in Europe.

U S Patriot Act Dampens Microsoft Cloud Services is a post from Backup Technology's Blog. Contact us today for further information on our Online Backup and Business Continuity services.

The sites were inaccessible this morning after LulzSec had flooded the site. Users simply received an error message stating that the site had suffered a timeout.

The Brazilian government adds to a growing list of victims which includes the CIA, the US Senate, the US television broadcaster PBS, Britain’s Serious and Organised Crime Agency, Sony and Nintendo.

LulzSecBrazil tweeted: “TANGO DOWN brasil.gov.br & presidencia.gov.br,” when the job was done.

On Monday night 19 year old Ryan Clearly was arrested in his family home. Scotland Yard claimed that a “significant amount of material” was seized.

Although there were no tweets for over 10 hours from LulzSec they did eventually reply with two denials including:

“Seems the glorious leader of LulzSec got arrested, it’s all over now..wait..we’re all still here! Which poor bastard did they take down?”

His older brother Mitchell commented “He’s not the sort of person to do anything mad or go out and let his hair down or do anything violent. He stays in his room – you’ll be lucky if he opens his blinds, but that’s just family isn’t it? I barely see him – I’m more of a footballer person – he’s more of an inside person.”

The arrest appears to have prompted a scam on Facebook. It has been alleged that people may be making commission through sharing a picture of two pixelated men leading another pixelated man away from a building.

“Sharing and liking the page, followed by clicking on the link, led me to third party webpages that urged me to download a program called iLividSetupV1.exe which attempted to install a series of toolbars.” Sophos senior technology consultant Graham Cluley stated in a blog post.“It is certainly inventive to exploit the breaking news story of the arrested hacker,” he added.

Lulzsec Target Brazilian Government is a post from Backup Technology's Blog. Contact us today for further information on our Online Backup and Business Continuity services.

This was the message delivered in a speech made by Viviane Reding, Vice-President of the European commission. Many believe this has come as a direct result of the rare admission by Citi bank last week that they had suffered a data breach. However in addition to this there has been a stream of recent attacks such as that on Sony which have called out for this new legislation.

A representative of the British Bankers Association commented, “the UK’s banks follow the highest standards of customer protection in their data management” and added that it was “unlikely that such a step would affect the current practices of the UK banks.”

“I understand that some in the banking sector are concerned that a mandatory notification requirement would be a additional administrative burden. However I do believe that an obligation to notify incidents of serious data security breach is entirely proportionate and would enhance consumers’ confidence in data security and oversight mechanisms.” Ms Reding.

Approximately 360,000 Citi customers had their names, email addresses and account numbers exposed to hackers. As well as Citi promising to work closely with their internet security team in order to beef up security measures. The U.S. Federal government is also looking closely at the issue and is seriously considering implementing new measures which will improve online banking security.

Banks will always be a major target for hackers and such incidents will receive much more publicity now. The danger is that many hackers thrive from making a name for themselves and may relish the chance to make headlines. It also will be interesting to note how new legislation will affect other companies in the future, outside of the banking sphere such as web giants Google and Facebook.

Banks Forced to come Clean is a post from Backup Technology's Blog. Contact us today for further information on our Online Backup and Business Continuity services.

“We deeply apologise for the inconvenience we have caused,” said Kazup Hirai (one of the executives which took a bow at the company’s headquarters in Tokyo).

The Sony Online Entertainment Network allows people to play multiplayer games with their peers or strangers across the Internet. The facility allows users to also download films as well as upgrades to games.

Among data stolen from Sony’s servers were names, addresses, emails, birth dates, phone numbers in addition to other information. Furthermore data was taken from an out-dated 2007 database.

24,000 financial records belonging to people from outside the U.S. have been taken. This includes bank details of customers in Austria, Germany, the Netherlands and Spain. However Sony claim that there is no evidence that the information stolen has been used for illegal gain.

Mr Hirai is claiming that parts of the service would be back this week and that Sony has plans to significantly beef up security measures. However this doesn’t change the fact that some 3 million Britons using the Sony system have been caught up in the largest criminal cyber attack on record.

Sony Hack is a post from Backup Technology's Blog. Contact us today for further information on our Online Backup and Business Continuity services.

A former network engineer Sam Chihlung Yin, 34 has been accused of illegally accessing Gucci’s servers and deleting a whole host of data. The attack comprised of shutting down servers, deleting data, as well as preventing employees from all over the country from sending and receiving emails.

The American fashion giant was attacked 6 months after they fired Yin who proceeded to attack the company’s IT infrastructure using a fake user account.

Using VPN access Yin wreaked havoc over Gucci’s systems for over 2 hours before being identified. Investigations revealed that Yin was quite skilful in exploiting the holes in Gucci’s systems through his extensive experience within the company.

He “deleted several virtual servers, shut down a storage area network and deleted a disk containing the corporate mailboxes from an email server.” According to court documents.

Charges included computer tampering, identity theft, falsifying records, computer trespass, criminal possession of computer related material, unlawful duplication of computer related material and unauthorised use of a computer.

Although the act appeared ‘revengeful’ in it’s nature rather than for financial profit Yin could potentially be behind bars for 15 years. In total Yin’s actions cost Gucci more than $200,000.

The New York district attorney Cyprus Vance stated “computer hacking is not a game, it is a serious threat to corporate security that can have a devastating effect on personal privacy, jobs and the ability of a business to function at all.”

The senior technology consultant at Sophos, Graham Cluley emphasised how important it was that companies place emphasis on protecting their corporate networks.

The Gucci incident coincided with the criminal act which saw Conde Nast $8 million out of pocket by tricking the company into paying a fake printing company. It was only a month after paying into a fake account that the scam was revealed.

“So make sure your defences are in place, and that only authorised users can access your sensitive systems.” Graham Cluley wrote on the Sophos company blog.

$200,000 Attack on Gucci is a post from Backup Technology's Blog. Contact us today for further information on our Online Backup and Business Continuity services.

The more realistic approach is to prepare for cyber attack more diligently. In order to remain competitive organisations have to embrace the Cloud and accept that data will reside in potentially, multiple locations in the future. This will become especially apparent as data volume grows exponentially, over the coming years.

In order to cope with increased data sizes predictions suggest that the overall security approach must be far more automated. The speed and scale of attacks mean that organisations can no longer rely on human identification of intrusion and threats. Solutions must now be put in place which can detect, access and respond to external threats immediately.

A detected threat may lead to the shutting down of one portion of the network as well as the instigation of proactive monitoring. If the threat is escalated to high priority, further portions of the network may subsequently be shut down.

There is also now a more clear idea emerging over what exactly a data leak means for a given organisation. A leak for example, regarding a major retailors transportation routes will not necessarily lead to a competitor gaining the ability to replicate the retailors supply chain.

The bottom line is that automation will become a large part of the overall security strategy, for every IT organisation.

Another future strategy for extreme cyber attacks is the prospect of ‘fighting back,’ rather than remaining defensive. Such efforts include that of Sypris who are creating a ‘cyber range.’ It is hoped that the range will be a battle ground within cyber space which will allow agencies to test their offensive and defensive strategies. .

Data Security is a post from Backup Technology's Blog. Contact us today for further information on our Online Backup and Business Continuity services.

A study by NGS Secure took place in a pair of schools, one dealing with secondary students and the other with younger primary pupils, in order to determine the levels of data protection and IT security in place at each establishment.

Three hundred and thirty eight individual machines were scanned for issues at the secondary school and in total more than 9000 problems were discovered. This included antivirus software either being absent or completely out of date, along with security vulnerabilities relating to unpatched software.

Malware and viruses could easily infect and exploit school computers such as these, according to the professionals who carried out the study.

Internal servers which hold details relating to pupils and teachers were also found to be exposed, potentially allowing third parties to steal vast amounts of valuable data with little to stop them doing so.

Poor password choices littered the systems, while users having access to separate administrator accounts and thus direct control over key system features, were also found to be prevalent.

Forty-four PCs within the primary school were examined, with just under 50 per cent of this number being plagued by gaping security holes. Significantly the type of software installed on these PCs was unsanctioned and inappropriate for school, including the likes of instant messaging services and even iTunes.

The implication of the presence of this software is that many pupils and perhaps teachers are installing them in order to play files brought on removable storage from their home PCs, which greatly increases the chances of spreading a virus to school systems.

NGC Secure’s Paul Vlissidis, said that these security issues found in two UK schools are representative of similar problems that can be discovered in many public sector organisations. In the worst cases the analysts found certain pieces of software were 15 years out of date with no patches or fixes applied.

Security risks plague UK schools, experts claim is a post from Backup Technology's Blog. Contact us today for further information on our Online Backup and Business Continuity services.

There is clearly a confusion among most employees as 58 per cent of respondents to a recent study conducted by BlockMaster, said that they thought damaging a laptop to the extent that it is necessary to replace it, would prove to be more costly than a data loss incident caused by misplacing a portable USB memory stick.

Over 1000 people took part in the survey and a series of questions allowed the analysts to discover that while 29 per cent of people consider data loss to be a serious incident, about the same proportion consider being stuck in work overnight as a result of poor weather, to be the equivalent of a data loss disaster.

BlockMaster’s Anders Kjellander, admitted that while the results were clearly worrying, he was not surprised to find that many employees are simply unaware of the value of data to a business.

Mr Kjellander restated the point that IT hardware is less valuable to any organisation than the data which is stored upon it. He explained that while a broken computer is replaceable, lost or stolen data cannot be recovered.

Mr Kjellander pointed to the recent Wikileaks scandal as a clear indication that once data has made it out of safe hands, it can never be corralled back into secrecy. While the costs of replacing hardware are quantifiable, data loss can have an ongoing financial impact that is impossible to measure in the short term, according to SC Magazine.

Some believe that employees put a greater emphasis on protecting devices rather than data because they relate to corporate phones or laptops in the same way that they would to a personal device, which can be unhelpful in the fight against data loss and theft.

Automating security and ensuring that password protection and encryption are the very minimum levels of loss prevention in place is advised.

Value of data unrecognised by many, study finds is a post from Backup Technology's Blog. Contact us today for further information on our Online Backup and Business Continuity services.