This is retired Major Bruce Jenkins of the USAF commenting on cyber attacks originating from the Middle East.

Companies with even the remotest connections to the Middle East should be on guard against a malware or similar cyber-attack as a result of the ongoing conflict between Israel and the Palestinians.

Our observations suggest that a large number of Web sites have been defaced by a variety of hacker groups from Iran, Lebanon, Morocco and Turkey, and the trend is accelerating.

In the past, attacks were focused on the Department of Defense and other government organizations. But as the government, led by the US Air Force, have built up their cyber defenses, hackers need to move to less suspecting targets. Basically this means that any company with an Internet connection and which has perceived or rumoured connections with the two countries involved in this conflict - or has links with allegedly partisan firms who are also connected - could find their Web site and/or Internet- connected systems under active attack.

As a result, many tens of thousands of companies on the Web could find their hacker attack profile raised significantly, often for no good reason other than rumour and innuendo.

These sorts of attacks are random and reflect a hacker herd mentality. As a result, companies of all sizes should take extra precautions to protect their IT resources.

These precautions include ensuring your IT security, operating system and software patches are up to date, and monitoring the firm's network traffic for any unusual activity.

Given the fact that many Western leaders are urging all sides in the current Middle-Eastern conflict to stage a cease-fire and open diplomatic negotiations, most countries are now in the hacker firing line.

Given the fact that the Internet is so pervasive, I think we could see some very driven hacking and cracking attacks on all manner of targets. Companies of all types need to take precautions, especially as the Internet wakes up after the holiday period. Go here for an article on this subject.

So, apparently there have been little if any repercussions for the recent Monster.com breach. Society at large is starting to suffer from "security breach" a fatigue and customers are being told to believe breaches don't matter if SSNs aren't exposed. What will it take to finally get these companies to be accountable for AVOIDABLE losses?

This quote in particular sums it up: "And yet Monster might suffer little fallout - because the overall state of computer security is so bad anyway."

That kind of sentiment wouldn't be acceptable in any other industry. Oy!

http://www.google.com/hostednews/ap/article/ALeqM5g_bw5CTl4CQJz0y50UE_ebQRfJ8QD964UTIG0

Technorati Tags: security hack monster.com wtf fail