Issue link: https://maltatoday.uberflip.com/i/1191618
12.12.19 7 FEATURE biggest hacks in history In 2018, the largest hotel chain in the world reported that up to 500 million user accounts had been compromised on its servers. If the high number of us- ers affected wasn't enough, an internal investigation revealed that the hacker had had unchallenged access for four years. Upon reporting the breach, the Marri- ott set up a dedicated website to provide affected customers with information, as well as a year-long subscription to a fraud-detecting service. e hack was caused by a RAT, which is a piece of malware that gives the hack- er a "backdoor" into a network or serv- er. RATs are usually downloaded from malicious websites or phishing emails — they have to be "allowed in" from the inside, such as an employee falling for a phishing email and downloading an at- tachment from it, for example. With a backdoor created, a hacker can get into the network and use another program, such as MiniKatz, to gain access to us- ernames and passwords and be treated as an administrator. It sounds so simple, but ensuring your staff are trained and aware of simple cyber attack attempts such as phishing emails can avert larger-scale attacks. Ensure that your employees know how to recognise a phishing email. ey should not trust an email just because it claims to be from a reputable brand or known name. Phishing emails will usually use panic-inducing language, threatening account closures or worse. Staff should be taught to contact the sender to establish the legitimacy of a claim before cooperating. Most im- portantly, they should not click internal links in an email, or download attach- ments, unless they are 100 per cent cer- tain of its legitimacy. LinkedIn data breach Date of breach: 2012 Date breach was reported: 2012 Type of cyber attack: Initial attack method not disclosed, but the collected passwords were cracked quickly due to reliance on very basic security meas- ures by LinkedIn. Damage: LinkedIn reported a hack in 2012 that had exposed its users' pass- words. To start with, the company thought the breach had affected 6.5 million us- ers. However, in 2016, LinkedIn an- nounced that this initial estimate was inaccurate — over 110 million user accounts had been compromised, and their passwords were found listed on a forum for people to crack. e passwords had been stolen from the LinkedIn severs as "hashed" pass- words. A hashed password is a scram- bled version of itself, formed from the password itself and a key that only the website knows. "Salt" data is also added, which is essentially random data added to each individual password to further scramble the hashed password and make it harder to decipher. However, in this case, experts noted that LinkedIn had failed to use salting, meaning that once one password was cracked, the rest followed the same method to crack as they were all scrambled the same way. After cracking a few passwords, hackers noticed a large number of the passwords had a variation of the phrase "linkedin" within them. With this ob- vious choice of phrase used to scram- ble so many passwords, the rest were cracked easily. LinkedIn learned its lesson quickly, and so must all businesses — basic se- curity measures are not enough. Linke- dIn now uses salting, along with other enhanced security measures, to protect its passwords now. It is important for businesses to remain up to date with all the latest security measures and defenc- es available, especially if it is handling user data. If the company doesn't have the know-how to do this, consulting with a third-party IT security provider is vital to ensure data is protected. 500 million customer records were accessed, with encrypted payment card information and possibly the key to decrypt it