Hackers Breached Adobe Server in Order to Sign Their Malware
Well, this is nothing new. A well-known company that’s hacked only to be used as a trojan horse to infect other computers (usually of smaller businesses or regular consumers).
So why does that happen? There are two reasons that hackers are after your computer and are resorting to hacking the giants like Adobe:
1. Processing power. The more computers you have on your side the better. The better connected those computer are the better. Imagine a distributed denial of service attack (DDoS) that uses thousands of computers from various well-connected collocation centers targeting one victim. Yes, a lot of the traffic will be filtered at the router/firewall level. But there will be a point where the router and the firewall will buckle. The speed of having to deal with some much garbage data coming its way can render the line useless and thus the victim is completely cut off from the internet.
2. Sensitive information. In this aspect small businesses fall victims to their own pessimism. “We really don’t have that much sensitive information here for someone to care” is a common phrase that’s been uttered during my consultations. How about your employees though? Aren’t you storing their personal information on an “HR” folder? And what about your clients? Have them made some payments? Have you used documents to showcase to them not only your business, but also other clients of yours as a referral? Do you know how that information can be translated in the wrong hands?
Imagine this scenario: You are running a janitorial service. You have a small server that handles all your file and email needs. As a matter of fact it’s usually your go-to desktop because…well…it’s just a computer after all. But you get a call from the local sheriff’s station. They want you to give them a bid for cleaning the station after hours. After a successful meeting you are provided with a rough layout of the place as well as how your people can access the location.
Now what? Is that small little server still a server of a non-important janitorial service? Are you, as a business owner, willing to take the risk of becoming the conduit that bad guys use to get access to the important information? Will your business suffer such a negative exposure?
In reality all those can be avoided if you simply take care of your network and patch your servers. If you are not a big enough company that needs to be up 24/7 then at least accept that you might lose the connection during a denial of service attack but at least your data remain secure. Take care to maintain, on a regular basis, every single machine that has access to the server as well as the server itself. Document EVERYTHING because you never know when you might need to roll something back. And finally backup your data offsite!
No matter how big or small your business is the last thing you need keeping you up at night is the possibility that you might be negatively featured in tomorrow’s news stories.
Read more about Adobe’s current security issues here from Wired.
Contact us for a free network security audit.