Last week, Christopher Weatherhead and Ashley Rhodes became the first cyber attackers to be imprisoned for carrying out DDoS attacks in the UK. Part of the Anonymous hacker group, the pair were sentenced to 18 and seven months respectively for their part in the distributed denial of service (DDoS) attacks that paralysed the computer systems of PayPal and other companies. The attack on PayPal alone reportedly cost the company £3.5m.
This comes hot on the heels of news that popular code-sharing site GitHub experienced a severe vulnerability that exposed private files, including the private encryption keys of coders. It is thought that this vulnerability could allow attackers to hack sites or alter programs silently.
Jason Steer, EMEA Product Manager and Architect at FireEye made the following comment: “This verdict and subsequent prison sentence follows the increasingly heavy-handed approach that we are seeing against hackers and the companies that fail to protect private information. It is definitely a stark warning to would-be hackers that we are beginning to fight back more forcefully in the war on cybercrime – and that this is finally receiving the priority it deserves.
“While it seems that the courts are beginning to take cybercrime more seriously, this does not mean that organisations can become complacent when it comes to their own cybersecurity strategies. It is still the responsibility of each and every company to proactively protect themselves – and the intellectual property & digital assets that they hold – with the most robust security tools that continuously monitor and defend networks. Unfortunately, this doesn’t seem to resonate, given the stream of breaches that we are continuing to see. Organisations such as GitHub, a critical hub for developers, sadly demonstrates the knock-on effect that poor security can have – as a great number of outgoing consumer and business applications may now be infected with malicious code, leaving them open to attack at any stage.
“The bottom line is that sophisticated malware is so prevalent today that hackers are able to execute advanced, targeted attacks on a whim – often with great ease due to the feeble defences put up by so many organisations. The era of traditional perimeter defences are over, and the only way to ensure bulletproof protection is to start thinking like a cybercriminal and ensuring that organisational IT security evolves in line with the threat and that this diligence extends to all third party providers.”