LulzSec could spark wave of follow-up hacks on vulnerable firms

Security experts are warning that a wave of malicious attacks could hit vulnerable organisations as copycat cyber criminals monitoring the LulzSec hacks try to exploit those whose security has already been found wanting.

Eddy Willems, security evangelist at German vendor G-Data, told V3.co.uk that the black hats will have been watching and learning from the LulzSec hacks, using these to discern which are the more vulnerable organisations.

"If police forces around the world can't cope then we will see a second wave of these kind of attacks and they will be much more problematic because many more people will be carrying them out," he said.

"I'd say to the FBI, CIA, Soca: ‘Please do what you have to do because you can trace these attacks back'."

Willems argued that high-tech crime units and law enforcers across the globe too often have their hands tied by conflicting national legal systems and jurisdictions.

"I've always advocated a worldwide cyber crime unit to handle communication between national cyber crime units and to co-ordinate international laws," he said.

"There is some communication but it's not enough at the moment. Botnet servers are all over the world, not just in one or two countries."

Martin Lee, senior software engineer at Symantec.cloud, added that unlike LulzSec, those who wish to profit financially from hacking do all they can to ensure the attacks don't hit the headlines.

"Professional criminals don't brag, they quietly and efficiently compromise systems, steal resources, and make money," he told V3.co.uk.

"Companies that have high-value information on their systems need to make doubly sure that they know where the information is, who has access to it and in what circumstances. They also need to make sure that the information is wrapped up in layers of protection so that attacks can easily be repulsed and suspicious activity can be immediately detected and investigated."

Robert Rutherford, managing director of IT consultancy QuoStar Solutions, disagreed that professional cyber criminals are likely to go after those firms exposed by LulzSec as having security holes.

However, he said the high-profile activities of LulzSec itself could encourage others to join the growing hacker population.

"To be honest, there isn't a huge amount that can be done out of the ordinary to stop them. All companies need to take IT security extremely seriously," he added.

"This isn't just about big businesses being hacked – the land of the SME is where these guys train and learn their trade. Business leaders and IT teams need to remember this and need to perform proper risk assessment and audits on their environments."