Protecting yourself from GhostShell and other cyberattacks

An infamous hacker group,Team GhostShell, has made a recent comeback, claiming it successfully hacked over 300 websites in 24 hours and has posted over 13,000 users' personal details online. 

Team GhostShell is using its Twitter feed to link to lists that include a number of database information dumps, including database and server details from a variety of victims sites, ranging from educational institutions in Australia to Korean music services. Some of the files appear to have leaked sensitive information including names, email addresses, physical addresses, Skype names, phone numbers, and dates of birth.

GhostShell was mainly active in 2012, claiming responsibility for a series of high profile strikes on the world’s top 100 universities that year. The attacks saw the GhostShell group post 120,000 students' information online. In December of that same year, the group dumped 1.6 million accounts and records from numerous US government departments including ESA, NASA, Pentagon, Federal Reserve, and the FBI.

Business Insider reports that if the current GhostShell group’s claims are true, the end number of victims will likely range in the millions according to estimates by Symantec researchers.

Symantec also reports that while some of the data dumps appear to show passwords which are salted and hashed (a code used to disguise the password), others are stored in plain text. And yes, the much-mocked, but still apparently oft-used password "123456" can be found on this list!

While it will take time to know the full impact of the GhostShell hack, there are several best practices provided by Symantec that can be implemented immediately to help protect from GhostShell and other cyber-attacks:

  • Always use strong passwords and never reuse them across other websites. That way, if one of your passwords does get breached, at least you won’t have to worry about other accounts being accessed with the same password. (See Sinu blog, How Secure is your Password, for more info.) 
  • Enable two-factor authentication on websites that provide it. (See Sinu blog, Two-factor authentication 'no longer optional' for more info.) 
  • Keep systems patched and up-to-date. (Sinu already does this as part of our all-inclusive subscription service.)

To help determine the risk of attacks such as from GhostShell to your own website, ask the company who is hosting your website if they are aware of these recent cyberattacks and how vulnerable they are to such breaches. Ask them what steps they have taken to address their exposure. If you don't get clear answers and/or they do not take responsibility, your website may be vulnerable.

Contact Sinu for more information about how you can reduce your risk and keep your organization's data safe from cyberattacks.