Ransom, SQL-injection, DDoS: Perfect storm hits company

TalkTalk, a British telecom giant, was nailed by a huge attack that incorporated DDoS, SQL-injection, and now, apparently, a ransom attempt to collect Bitcoins in order not to release the stolen information.

It started (as many attacks do) with a DDoS that was likely meant to distract and overwhelm IT’s defenses. From there, it appears, an SQL-injection attack on the videos hosted on the company’s website allowed access to sensitive data.

Result: The attacker made off with names, addresses, dates of birth, telephone numbers, email addresses, bank account information and potentially more.

Arrest made

One arrest has been made so far in connection with the attack: a 15-year-old boy living in Northern Ireland.

And Talk Talk’s chief executive has also revealed he was contacted by someone demanding a ransom in exchange for not releasing stolen data online. No word on whether the two are one and the same.

Lessons learned

There’s still more to come on this story, and likely much more.

But for the time being, IT should heed two old warnings:

  1. DDoS isn’t always the end your troubles. Denial of Service attacks are pesky and may seem like a minor annoyance on the level of an epic prank. But as this and so many other cases show, it’s often a way for hackers to divert attention or preoccupy defenses as they go after the real high-value targets.
  2. Prepare to be bribed. Ransomware and just plain holding data hostage are popular ways for hackers to turn their craft into a quick buck. Most companies opt not to pay (or at least would never admit to it publicly), but you should be prepared and have your own course of action mapped out ahead of time.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy