FREAK stands for Factoring RSA Export Keys. It’s a way of forcing a lower level of encryption on a website, browser or app data exchange. The lower level of security can be broken with a few hours of public cloud computing time, allowing an attack to be launched from a website, server or device thought to be secure. Passwords, personal and financial information, and other sensitive data are at risk.
The weakness that a FREAK attack exploits originated in the 1990’s when U.S. Government rules prevented the export of strong encryption technology in a misguided effort to facilitate spying on overseas targets. Compatible software, designed to allow a connection with weaker encryption keys has persisted, largely unnoticed, until the recent attacks prompted researchers to reveal the vulnerability on March 3.
Anyone with an unpatched TLS/SSL supporting server or mobile device is vulnerable to the attack. Once a server is compromised, hackers can hijack website functionality to capture passwords, personal and financial information and other valuable data. If your website is compromised, your customers’ data is at risk.
The vulnerability is widespread, up to 5 million websites have the weaker SSL encryption connection technology. The number of actual attacks is unknown. It takes a hacker just a few hours to crack a vulnerable website’s encryption key. Once he has access, malware can be loaded to cause damage or capture sensitive data.
The way to prevent a FREAK attack is straightforward. Businesses should immediately disable support for TLS export cipher suites and other cipher suites that are known to be insecure, and update devices and browsers with a patch for the vulnerability. If you receive regular security updates for your servers the patch should be included in the next update.
Patches must be applied to have any effect. Proactive patch management, available with eMazzanti’s eCare managed services and accomplished through regular, automated updates, is the best way to guard against a FREAK attack. Our trained and certified IT security experts can help concerned companies evaluate their exposure to FREAK and other online threats with an IT security evaluation.
Organizations can also get more information about susceptible servers and learn if their browser is vulnerable to FREAK at the FREAK Attack
website.
For mobile devices, check with your carrier or manufacturer to see if browser updates are downloaded automatically. This is true for supported Windows 8 devices but not for some other well-known mobile operating systems.
Developers must also update their apps to close all possible avenues of attack. Since a variety of products must be repaired to eliminate the FREAK vulnerability completely, businesses should make sure that all of their business servers, websites and apps have been patched.
Conscientious patch management should prevent a FREAK attack, but new threats emerge every day. Organizations must develop a security-first mindset and partner with IT security experts to maximize protection.
While hackers may be thought to target primarily large companies, the National Small Business Association recently reported that 44% of companies surveyed had been hacked. Small businesses invest less in security technology than large companies, making them attractive targets.
When choosing the level of protection for their networks and data, companies can opt for greater security, customer satisfaction and peace of mind by partnering with an IT security expert for managed security services, or they can choose to go it alone to implement data security measures.
Businesses should, as a minimum, follow these basic steps to protect their networks and devices from threats:
Unexpected cyberattacks and other threats can strike at any time. eMazzanti recommends that companies employ the latest advanced security technologies by contracting for managed IT security services.
Companies with inadequate data security are putting themselves at risk by increasing the likelihood of a successful attack. They may suffer the costs of a security breach, including the loss of customer data, revenue and reputation.
eMazzanti is ready to show business leaders how proactive patch management will protect customer data and safeguard valuable business assets from FREAK attacks and other online threats.
Strengthen network security and defend your business from loss of revenue and reputation with eCare managed data security services. To explore the options, contact eMazzanti Technologies at info@emazzanti.net or call 1-866-EMAZZANTI.
In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…
An email signature accomplishes much more than simply telling readers who you are and how…
Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…
My job is to manage my law office’s cloud servers here at Justice Freaks. As…
My worst nightmare would be to date someone who isn’t who they say they are.…