Network security

What the Twitch hack tells us about network security

Cyber ​​attacks are carried out for a variety of purposes, including overcoming competition, extortion and political agendas. Lately, the gaming platform owned by Amazon Twitch has been the target of a massive cyber attack.

Estimated reading time: 4 minutes

An anonymous hacker claims to have disclosed all of Twitch, including its source code and user payment information. The user posted a 125GB torrent link on 4chan on Wednesday, saying the leak was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic sump” .” according to Video games chronicle, who first reported the hack.

One of the biggest data breaches in history

Twitch confirmed the breach on October 6, 2021 by tweeting: “We can confirm that a violation has occurred. Our teams are working urgently to understand the extent of this. We will update the community as more information becomes available. Thanks for being with us.On their official username.

A popular hacked app or service is nothing new. In fact, DoorDash, Facebook, Linked In, MoviePass, Words With Friends, etc. have all been hacked in the past three years. However, the Twitch hack is a pretty unique disaster: the reason is that the attacker was able to access all of Twitch and disclose it in a 125 GB torrent link to 4chan.

The leaked data contains the full source code of Twitch – dating back to commits created in its early years. The hack also revealed data about its console, desktop and mobile clients, internal services, and proprietary SDKs. The leak also included data from other Twitch-owned properties like CurseForge and IGDB. And if that’s not enough, the creators’ payment reports have also been leaked.

This is why this hack has become one of the biggest data breaches in history. “This level of hacking” would make any hardened infosec professional tremble, “said Archie Agarwal, founder and CEO of New Jersey cybersecurity firm ThreatModeler. Guardian.

What we can learn about network security

The magnitude of this particular breach raises many questions about network security practices. The esports streaming service said the breach was due to a server configuration change, which exposed some data. “Poor security configurations are one of the most common loopholes that hackers seek to exploit. According to a recent report from Rapid 7, internal penetration testing encounters a misconfiguration of the network or service more than 96% of the time,” according to IT governance.

While the investigation is still ongoing internally at Twitch, it is possible to assume that Twitch was not following industry standards for cybersecurity best practices, including network security practices.

Internet security refers to the set of hardware and software solutions and configurations, processes and rules used to ensure the accessibility, confidentiality and integrity of computer networks. Network security encompasses most of cybersecurity. If an organization’s entire network can be protected, an attack inside and outside the network can be detected and blocked by network security solutions.

For example, if a malicious internal actor compromises a system and plans to take control of the entire network, a security solution will prevent the actor from scanning the entire network, thereby protecting other systems on the network. Likewise, if a malicious actor attempts to access the network from outside the network, a network firewall or web application firewall will detect, block, and alert the intrusion.

cybersecurity security breach data breach

Combat network security breaches

Network security solutions deploy multiple layers of security, with each layer using different sets of controls and barriers. It ensures that only authorized users can cross these barriers while cybercriminals or other malicious actors are stranded outside the network infrastructure.

In a way, network security works like cops on roadblocks keeping bad traffic out of them. That said, there are many solutions that help protect a network, all offering different sets of security configurations and features. Of course, a good security posture uses several solutions to provide comprehensive security to the network infrastructure. For example, common network security solutions include firewall, network segmentation, untrusted network access, data loss prevention, email security, sandboxing, cloud network security, etc.

Network security is essential for every public and private network infrastructure, especially for networks behind popular services like Facebook, Google, Instagram, Twitch, Twitter, etc. It preserves the integrity and confidentiality of information by deploying layers of defense against any malicious element. threats. Although one type of network security solution typically works for specific purposes, organizations typically use a set of network security solutions to achieve comprehensive protection for their network infrastructure and users. In the case of Twitch, the Amazon-owned company surely missed one of them, unfortunately.

What do you think of the Twitch hack? Please share your thoughts on one of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.

Last updated October 13, 2021.

medical cybersecurity technology


Source link