In Austria, a 15-year-old boy has been arrested
for hacking into 259 companies during a 90-day spree. In other words,
during the last quarter he successfully attacked an average of three
websites per day. In a broader view, cloud-security provider Incapsula
published a study showing that 31 percent (!) of website traffic was malicious traffic.
Script kiddies? Yes. But what makes the Austrian incident
interesting is the speed and effectiveness of the hacks. How was it
achieved? Automation.
Automated hacks are not new. However, recently, we have noticed increased sophistication.
The purpose of this month’s Imperva’s latest Hacker Intelligence
Initiative report is to give a "state of the union" when it comes to
automated attacks. Specifically, we describe the key tools and
processes hackers use to automate SQL injection and RFI/LFI attacks. We
believe these are the two most deployed attack methods and—as in any
industry—automation is a key indicator that someone wishes to achieve an
economy of scale. Further, the automated tools being developed are
sophisticated. This means:
- The script kiddies are hitting puberty. In other words, their attacks will be more effective and through.
- The pool of hackers is likely to increase. The ease of use of these tools is a key component of their appeal. During the California Gold Rush in the mid 1800s, few made money. The real winner? Levis. They sold jeans to all prospectors. In the same way, hacking tools is a cottage industry trying to appeal to those hoping for a few online thrills.
- Commonly used automated SQL injection and RFI/LFI tools.
- How to identify them when they hit your website.
- Some strategies needed to stop them.
Fuente: blog.imperva.com
No hay comentarios:
Publicar un comentario