Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/25/2009
11:15 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Message From Hackers: Enjoy The Summer Break Because Winter Attacks Will Be Harsh

More than 80 percent are more active over the winter holidays, according to newly released survey of hackers at Defcon17

In case you're worried about taking that last-minute summer vacation and leaving your IT staff a little short, relax (for now, anyway): Most hackers are taking a break now, as well, as they gear up for a busy winter season, according to a survey of hackers attending Defcon17 in Las Vegas this month.

Malicious hackers make up less than one-fourth of the overall hacker community, according to 70 percent of the respondents, who were surveyed by Tufin Technologies at the world's largest hacker conference.

And 70 percent say government security and privacy regulations don't make hacking into corporate networks any tougher. Another 15 percent say compliance initiatives have actually made hacking easier, while 15 percent say these programs have made it harder.

"These results further validate the reality that there is little common ground between compliance and security, but as an industry we have the collective knowledge and the resources to change that," says Michael Hamelin, chief security architect at Tufin. "While standards, such as PCI-DSS, provide a good baseline, organizations that assume achieving PCI compliance will solve their security woes are in for a rude awakening. With security and compliance budgets so deeply intertwined, it serves us as security professionals to make the two more synonymous. At the end of the day, the more accountable we are willing to be, the less we'll have to be."

Around 81 percent of hackers say they are more active around the winter holidays -- 56 percent say Christmas is the ideal time for corporate hacking, and 25 percent say New Year's Eve. Weekday nights are when they do most of their hacking, according to 52 percent of the respondents. More than 30 percent do so during business hours, and only 15 percent on weekends.

More than 85 percent say they can hack into a corporate network via the firewall: One-fourth say they could accomplish that within minutes, and 14 percent within a few hours. Another 16 percent say they won't bother hacking a firewall at all, even if they could get in that way.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing Writer,  5/28/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13817
PUBLISHED: 2020-06-04
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attac...
CVE-2020-13818
PUBLISHED: 2020-06-04
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
CVE-2020-6640
PUBLISHED: 2020-06-04
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.
CVE-2020-9292
PUBLISHED: 2020-06-04
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
CVE-2019-16150
PUBLISHED: 2020-06-04
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded ...