Business Technology

What really happened to TalkTalk – and how your firm can avoid falling trap to a similar scam

6 min read

04 November 2015

Following the breaking news of the TalkTalk cyber-attack, Kevin Foster, testing services manager at MTI Technology, explains how the company was hacked – and how SMEs can avoid falling prey to the same attack.

TalkTalk has been hit by several security breaches in the last year. In December 2014, the company saw customers hit by India-based scam calls after a data breach. It happened again in February 2015, when attackers stole customer information from TalkTalk’s internal systems via a third-party that had access to its network.

Its customers were also affected by an attack on Carphone Warehouse systems, in which the personal information of up to 2.4m customers was obtained.

The sheer number of breaches has raised concern, with many claiming that TalkTalk hasn’t kept pace with the quick evolution of hacking techniques – nor the set standards for data protection. 

This was echoed by David Emm, principal security researcher at Kaspersky Lab, who said: “What is worrying is that this is the third time TalkTalk has been compromised this year, with no apparent changes to their internal policies and security strategies.”

And according to cyber security experts, the 11 separate vulnerabilities found in the company’s website may have enticed criminals to target it. In fact, prior to the most recent hack, one of the company’s customer service representatives tweeted information that indicated the company stored customer’s login credentials in an unencrypted format.

As such, TalkTalk has been accused of several security failings. Taking this criticism on board, however, the company appointed PwC to carry out an independent investigation into whether the company could have done more to protect its customers – as well as to determine how it could be better shielded in the future.

Read more about cyber crime:

Kevin Foster, testing services manager at MTI Technology, told Real Business that a DDoS attack was used to overwhelm the TalkTalk perimeter security solutions.  He said: “In other words, the attacker sent large volumes of Internet traffic to the website to overwhelm perimeter security, such as firewalls and IDS/IPS, which are in place to scan and protect a website from malicious traffic. When the firewall is weak, the attacker is able to extract sensitive data.“

Such attacks are on the rise, having grown seven per cent since the last quarter and a staggering 132 per cent compared to this time in 2014.

This is according to the latest “State of the Internet Report” from Akamai, which found that while China was marked once again as the top source for producing DDoS attacks, the US and UK came in second and third as sources of attacks.

So how vulnerable is critical national infrastructure (CNI) to a similar attack? Foster explained that it has the potential to experience a similar remote attack if hosts are accessible directly over the Internet, via an intermediary (for example, a third-party support company) or through a private network. 

“Applications developed quickly or during a time with less robust coding practice, are also more vulnerable to attack,” he said. “The impact of a similar attack to the CNI could involve anything from disrupting energy supplies at a power station to disrupting traffic/transit control and monitoring systems. The effect would not be personal identity theft or fraud like it is with TalkTalk.”

As such, Foster presented five tips for bosses to increase their cyber protection.

(1) Code any web applications 

He explained that firms needed to use a secure software development lifecycle, such as those described in the OWASP top ten and SANS/CWE top 25 to code any web-based applications. If applications are incorrectly coded, it is impossible to guarantee that data is secure. 

(2) Test applications 

Use an external penetration testing organisation to regularly test web applications and external hosts, suggested Foster. He said: “External penetration testing will highlight any flaws in the network that could potentially be used as an access point for a hacker. If any issues are flagged during testing, the organisation should address these immediately.”

(3) Protect yourself

It is crucial to use Web Application Firewalls (WAFs), Intrusion Detection and Prevention (IDP/IPS) and Data Leakage Prevention (DLP) solutions to help protect both individual computers and shared networks against external security threats. 

(4) Encrypt important and sensitive information 

“Any sensitive information stored in shared files or databases should be encrypted,” said Foster. “This adds an additional layer of security and often protects an organisations most valuable assets such as credit card details.”

(5) Separate computer functions and access 

Doing so will prevent direct access to multiple files. It also means that if one file is hacked, another is not automatically at risk.