Blog

Penetration Testing

November 7th, 2016 by Mark Daly in Industry News No Comments »
Penetration Testing ilicomm Technology Solutions

Penetration testing or ‘pen testing’ is the most effective way of demonstrating that exploitable vulnerabilities within your company’s internet-facing resources have been identified, allowing suitable patches to be applied.

The aim is to identify browser exploits, unpatched software, unsecure coding practices and weak encryption algorithms. A penetration test must be conducted by a certified ethical penetration tester, who will use their expertise to identify specific weaknesses within an organisation’s security arrangements. This involves simulating a malicious attack on an organisation’s information security arrangements, often using a combination of methods and tools.

Threats are constantly evolving and changing.

It’s not a question of if you will be attacked, but when.

Even if you are a relatively unknown organisation of little apparent interest to an attacker, criminals’ automated scans will find your presence online.

  • More and more applications are directing traffic by default through http to bypass firewall rules.
  • Malware can be downloaded automatically.
  • Websites can be infected by code injection, cross-site scripting and other similar black-hat hacking techniques.
  • Your website traffic can be hijacked.
  • Blacklisting by major search engines can cause you to lose business.

It is easy for new vulnerabilities to be identified and exploited by criminal hackers. In many cases, you won’t even know that your defences have been successfully breached until it’s too late.

Which test best suits my organisation?

Here at ilicomm Technology, we present the vulnerabilities and risks to the organisation once the test has been conducted, along with recommendations for remedial action, which are displayed as facts in an easily understandable report.

Our bespoke penetration tests deliver cost-effective and practical solutions that will help you meet your legal, regulatory and contractual requirements.

Still not convinced?

The volume of data breaches and cyber attacks that marked 2015 could be appropriately described as a ‘cascade’ or ‘torrent’, or perhaps ‘maelstrom’.

There have been breaches of highly sensitive data (including that of children), targeted attacks on government agencies such as the US’s OPM and Germany’s Bundestag, and an alarming number of well-orchestrated DDoS attacks.

Money has been stolen, data has been swiped and lives have been ruined.

However, I must not fail to mention the fantastic work law enforcement agencies around the world have been putting in to bring justice down on the cyber criminals causing havoc this year. As Stuart Winter-Tear recently called it, 2015 has been the year of collaboration, and we can only hope to see the same in 2016.

By our calculations, which is counting up all of the available numbers on the stories that we have reported each month, we are at 487,731,758 leaked records in 2015.  It’s very likely that the final number is significantly higher, but we know that there’s been at least 487,731,758.

Below we have listed the most significant events of each month; to view the full list for each month, please click that month’s heading.

Note: The total number alongside each month is not the definitive number, please take it as the minimum number of records leaked in each month – not the total.

JANUARY – 2,057,199

Aussie Travel Cover data breach – thousands of policyholders not informed that records were stolen

Unpatched vulnerability leaves millions of Moonpig customers at risk for 17 months

19,000 French websites suffer cyber attack in ‘unprecedented surge’

Wingstop announces payment card data security incident

Park ‘N Fly confirms data breach affecting customer’s payment cards

Chick-fil-A investigates payment card data breach

Thieves target American and United airlines, dozens of free trips booked

Minecraft data breach – usernames and passwords leaked online

Wisconsin chiropractic clinic notifies 3,000 patients of insider breach

Malware infects payment card system at French Lick Resort

FEBRUARY – 102,223,313

Credit card information stolen in Big Fish Games site compromise

Banks link credit card fraud to Marriott hotels

Yet another online parking hack: Book2Park loses card data in data breach

18.8 million non-customers could be affected by Anthem breach

Russian dating site Topface pays ransom to stop 20 million hacked records being made public

MARCH – 11,342,576

Bulk Reef Supply website compromised, credit cards at risk

Malware installed at California burger joint, payment cards at risk

Hilton HHonors Awards accounts exposed by security flaw

New health care data breaches: another 11 million customer records exposed

Amazon’s Twitch game-streaming service hacked

Jamie Oliver’s website found spreading malware… again

APRIL – 2,306,312

“Dyre Wolf” online banking campaign bypasses two-factor authentication – $1 million stolen

Belgium’s biggest French-speaking newspaper goes offline after cyber attack

Data compromised in Linux Australia server breach

Costa Coffee Club members wake up and smell the data breach

Russian hackers accessed President Obama’s emails

Hyatt Gold Passport breached – user passwords reset

160,000 students compromised in Metropolitan State University data breach

370,000 Social Security numbers exposed in Auburn University data breach

MAY – 1,512,825

Bundestag cyber attack confirmed

How the Washington Post was hijacked by the Syrian Electronic Army (again)

Cyber criminals steal $3.8 million from Alaska Native corporation

Anonymous hackers steal terabyte of passwords from Italy’s Expo 2015

Jamie Oliver serves up a third helping of malware 

Adult FriendFinder website breached; compromising data leaked online

Harbortouch POS malware attack – customer card data stolen

Sally Beauty data breach

Hard Rock Hotel loses customer card data over seven months

JUNE – 22,446,450

Microsoft’s anti-surveillance site hacked

US Army website hacked

Aussie Internet provider Westnet breached – over 30,000 customers affected

FBI looks at Cardinals in Astros’ data breach

Second data breach at OPM confirmed

LastPass warns of data breach

Millions of US government workers hit by data breach

Polish airline forced to ground planes after “IT attack”

JULY – 64,713,144

Hacking Team hacked – cyber surveillance company tells customers to stop using its software

Nursery webcam accessed by stranger to speak to parent and child

Coordinated cyber attack hits four New Jersey gambling sites

Digital media streaming service Plex hacked, forum held for ransom

Canadian Security Intelligence Service website taken offline

Detroit Zoo, eight others across the county experience POS breach

CVS and Walmart Canada Are Investigating a Data Breach

Donald Trump hotel chain hit with credit card data breach

AUGUST – 2,841,114

Ashley Madison 9.7GB data dump posted online

Carphone Warehouse hack: 2.4 million customers affected

Mumsnet founder ‘swatted’, site attacked – users urged to change passwords

Users of dating site Plenty of Fish targeted by cyber attack

Russia launches “sophisticated cyberattack” on Pentagon computers

UVA shuts down servers after cyber attack

GitHub Again Hit by a new DDoS attack

New York magazine confirms outage was result of cyber attack

SEPTEMBER – 17,085,880

London’s 56 Dean Street clinic leaks HIV status of 780 patients

800,000 fans of the Kardashians left exposed after privacy blunder

Malware sneaks into the iOS App Store. What you need to know about XcodeGhost

NCA website falls foul of Lizard Squad DDoS attack

Imgur suffers DDoS attack on 4chan and 8chan servers

Banks: Card Breach at Hilton Hotel Properties

Thousands of Lloyds Premier Bank customers have had their data “stolen” in security breach

OCTOBER – 39,754,915

Police force blames hacker after #CyberAware tweet sent out containing bogus security advice

CIA boss has his personal email account hacked… and yes, it’s on AOL

Hacked Shopping Mall CCTV Cameras Are Launching DDoS Attacks

Payment card breach at The Commons Hotel in Minnesota

EyeBuyDirect announces website breach, payment cards affected

Payment card breach at Peppermill Resort Spa Casino in Reno

NOVEMBER – 11,415,000

Eclipse staggers to feet, gets smacked by second DDoS

Norwich International Airport website hacked

ProtonMail hit by mystery DDoS attack, preventing customers from accessing their secure email

JPMorgan Hackers Breached Anti-Fraud Vendor G2 Web Services

Extortionists target CCN in a DDoS attack; 5 bitcoins bounty

U.S. Government Officials Targeted by Iranian Hackers

UK pummelled with DDoS after ISIS cyber attack warning

VTech hacked: nearly 5 million parents’ and 200,000 children’s details exposed

Breach at Securus Technologies exposes 70 million prison phone calls

Hilton Hotels admits hackers planted malware and stole customer card details

Payment card data breach affects 54 Starwood Hotels

DECEMBER – 210,033,030

JD Wetherspoon data breach 300% bigger than TalkTalk incident

Elephant Bar data breach includes 8 Bay Area sites since August

FBI: MaineGeneral Health Victim of Data Breach

13 Million MacKeeper Users Exposed

Database of 191 Million U.S. Voter Records Left Exposed Online

Threats are happening all of the time, do not wait until its too late.  Get your network checked as soon as possible.

Leave a Reply

NEED MORE INFORMATION?Contact us to see how we can help your business

Call our Sales Team on: +44 (0)121 289 3434
or email us at: hello@ilicomm.com