LulzSec was 'the canary in the coal mine' for enterprise security

Notorious hacking group LulzSec announced last week that it had officially ended its months-long hacking campaign and formally disbanded.

The group left a trail which includes high-profile denial-of-service (DoS) attacks and data breaches leading to the details of tens of thousands of people being posted online and the trashing of several chief security officers' reputations.

LulzSec grabbed headlines for its brazen attacks on targets including Sony, the US Senate, the CIA and the NHS.

The group's most lasting impression, however, may not be made on the victims of the attacks, but in the minds of those who watched the hacking spree unfold.

IT and security industry analysts believe that LulzSec's legacy will be the fundamental flaws in so many systems that the group was able to expose, rather than the breaches and DoS attacks.

Rob Enderle, founder and principal analyst at the Enderle Group, told V3.co.uk that LulzSec's actions may well serve as the "canary in the coal mine" that warns of a much larger threat.

The attack techniques were relatively simple. Using SQL injection, which has been around for years, the group was able to access systems run by some of the largest electronics and technology vendors in the world.

"I think it woke up an awful lot of folk and put them on notice," said Enderle. "They showed that it was easy to penetrate these companies that were not as secure as everyone thought."

And LulzSec may not be the only group which has been able to find and exploit these holes to harvest user data.

Enderle noted that, while LulzSec made its breaches publically known for the sake of 'lulz', attackers looking to harvest and resell user data could already be covertly breaching systems and harvesting data with similar techniques.

Johnnie Konstantas, director of cloud security marketing at Juniper Networks, told V3.co.uk that lot of LulzSec's activities were designed to "laugh at others" but that, in combination with the other hacks, it is "putting firms on notice".

"What we are seeing is a combination of complacency and not well-configured security being taken advantage of," she said.