3 Network Horror Stories that Keep IT Up at Night

Any horror fan knows that the best – not to mention most bone-chilling – stories are always rooted in truth.

The same is true for network attacks and breaches, which help to paint painful lessons for any company’s IT department. These are the frightening real-life tales that keep IT workers up at night, contemplating the best strategies to use for protection. Let’s take a look at the attacks that haunt network admins’ dreams:

1) The largest DDoS attack to date

In early 2016, one of the largest distributed denial-of-service attacks ever took place, impacting not one, but all of the sites belonging to the BBC. The Hacker News reported in January that the network invasion and subsequent attack prevented access to all BBC online platforms – from its flagship website to its iPlayer on-demand service – for three full hours on New Year’s Eve 2015.
Hackers here used a tool known as BangStresser to inundate the BBC’s network with a flood of traffic and user requests, preventing the platforms from operating as usual. According to a screenshot sent by the New World Hacking group – the organization claiming responsibility – the DDoS attack topped out at 602 Gbps, a huge jump from the previous DDoS record of 334 Gbps.

This type of attack is nightmare fuel for IT teams for one simple reason – the inability to access important online platforms can topple a business. Whether these are employee- or customer-facing, a company’s website and digital assets must be available whenever users need them.

2) Widespread theft of W-2 data

Network attacks that threaten user access are scary, but breaches that result in theft of incredibly sensitive information take things a giant step further. This is especially true if these stolen details include the personal data of employees, as was the case with the recent rash of fraudulent activity connected with ADP.

This year, payroll and human resources management firm ADP saw the creation of thousands of fake accounts after several ADP customers mistakenly published sensitive account information online. After stealing this information, hackers were able to create the fraudulent accounts and steal even more data, including employee W-2s. This was one of the largest and most widespread attacks of this kind seen, but it surely will not be the last.

“The W-2 hack has been popular with cybercriminals this year because the tax documents have all the information needed to file false returns and commit other identity-related crimes,” wrote Inc. contributor Will Yakowicz.

This hair-raising tale demonstrates the critical importance of understanding how to treat and safeguard employee information, an invaluable process in the current threat landscape.

3) Third-party services provide a bridge for corporate attack

Other horror stories that strike fear into the hearts of IT teams are those that involve breaches committed via third-party service providers. This is what happened with the infamous Target hack, as well as the more recent attack on fast food chain Wendy’s.

Network World reported that cybercriminals gained access to Wendy’s point-of-sale system through authentication credentials provided by the fast food giant to an unspecified third-party partner. This enabled hackers to install malware on the network that leaked customers’ names, payment card numbers and expiration dates, among other details.

Point-of-sale attacks have become increasingly common in recent years and don’t appear to be falling out of favor with malicious actors anytime soon.

For industry-leading tools and best practices to help ensure that your network doesn’t fall prey to attacks like this, contact Untangle today.