Over the last several weeks, we have all become conditioned to mega leaks. 117 million from LinkedIn, 360 million from MySpace, 68 million from Tumblr and 127 million from Badoo. That’s over a half a billion emails and usernames up for grabs! This is a gold mine for hackers. Researchers are not the only ones that obtain and analyze leaked databases. Often times, hackers will keep databases for themselves so they can conduct malicious activity with the credentials.
Denial of Service (DoS) has reigned as the most headline-grabbing network attack over the past three years. However, the truth is that attacks come in all different flavors ranging from Distributed DoS (DDoS) to low-volume application-layer attacks that target user credentials, financial information, trade secrets, or abuse of services to commit fraud. At the application layer we most often think of HTTP, however, there are almost an immeasurable number of Layer 7 applications available for exploit.
Nearly every one of us has had some sort of social engineering or "Phishing" scam attempted on us and some of us, unfortunately, have even learned the lessons from the scam the hard way. I know how excited I was the first time somebody wanted to share $8M dollars with me from my long lost Uncle Frederick Hobbs IV, heir to the estate of the late Frederick the Great or some other nonsense. I immediately daydreamed about what color the new cool car I would buy with cash would be.