This article describes how WordPress has become a huge target for massive brute force attacks, due to many WordPress users not using strong credentials. Recently, sites using WordPress have been subjected to attacks by botnets of massive proportions. This is due to many administrators just making their username “admin” and using a simple password such as “123456”, therefore making it easy for a botnet to log into many administrator accounts by using a brute force method of attack on many websites. Solutions to this problem are simple: all WordPress users have to do is change their username and password, if they are simple/not strong, and implement a form of two-factor authentication. The problem with this though, is that many people overlook the importance of internet security and just assume “oh, well that would never happen to me.”
I think this article shows that it is vital that it is made aware that basic security is very important and should not be disregarded. I believe that many people hosting these websites have little knowledge of internet security and need to be informed of its importance before they are hijacked and end up unknowingly contributing to a botnet that could adversely affect many people. This is a simple problem that requires a simple solution, but a solution cannot be formed if people do not know of the problem in the first place. Hopefully the blog’s administrator account credentials are not “admin” and “123456”…
This post is kind of in response to the CyberBunker post. I saw this article somewhere. I don’t remember where?? Anyway, the article mentions how the CyberBunker attack at 300 gigabits per second is being considered the biggest cyber attack in history. However, according to the article three men in Egypt tried to take down 1.28 terabits of the Internet – four times as much bandwidth – with nothing but an axe. Their identities and motives are unknown at the time of the article, but according to Reuters the Egyptian coastguard intercepted three men trying to cut the SEA-ME-WE 4 undersea cable. It’s one of the major cables connecting Europe to North Africa to Asia.
It’s important to remember that the Internet is not some abstract thing that exists in the cloud always. The connections between countries are very real concrete things. These connections are hundreds of cables that exist beneath the sea floor, and they are susceptible to damage. There are multiple of these connections between countries and continents, but when one is cut the others have to pick up the traffic. This causes congestion.
I think this is an important story. It really shows how fragile somethings we as a modern society are. If I was a bad guy, all I need to do is go into the Atlantic where the ocean isn’t very deep. I just trawl the ocean, find the cable, and make the cut. A few more of those cuts and boom. It’s all over, and that’s not a quick and easy fix. I would imagine that would take quite a while to get things back to normal. We need to make sure we protect our Internet.
TechNewsWorld recently posted an article in which it states that US cybersecurity has shaky foundations and it is not reliable that our “critical information technology systems will work under attack from a sophisticated opponent with good resources.” The Office of Management and Budget (OMB) has just released its 2011 fiscal year report on the implementation if the Federal Information Security Management Act (FISMA) in which it makes the claim that our U.S. Military has major cybersecurity gaps. OMB reports that controlled incidents of attack in 2011 were only detected 49 percent of the time compared to 70 percent in 2010, a staggering decrease. They also report that only 58 percent of the agencies surveyed used email validation technology, compared to 46 percent the in 2010.
This article makes me shudder to think how much more vulnerable the cybersecurity of the U.S. government has become since the span of this report (it only covers through 2011 so I am assuming they release these reports a year late). We spend absurd amounts of money on the defense department, so why is it that we are so digitally compromised? Shouldn’t every government agency be using email validation technology? What are the downfalls of using the technology as this report shows that only a little over half of the agencies are using it? Maybe you guys can answer some of these questions as I am not the most informed in this subject, but this article has definitely made me start to worry what countries like China and North Korea could do if they attempted to penetrate our defenses over the web.