Latest news
As much as 98 percent of Remote File Inclusion (RFI) attacks are automated, and as much as 88 percent of SQL injection attacks are automated, including by two software tools: Havij and sqlmap, say the results of Imperva's April Hacker Intelligence Report which focuses on the automation of attacks.
Automatic tools generally enable hackers to attack more applications and exploit vulnerabilities more efficiently than manual methods, and as they are available online, they save hackers the trouble of studying vulnerabilities and learning how to exploit them.
"Using automated software tools, even an unskilled attacker can attack applications in a short period of time, potentially collect valuable data and move on to the next target," points out Amichai Shulman, CTO, Imperva. "Automated tools can be used to evade an enterprise's security defenses."
"For example, such a tool can periodically change the HTTP User Agent header that is usually sent in each request to an application and that may be used to identify and block malicious clients. As another example, sophisticated automatic tools can split the attack between several controlled hosts, thus evading being blacklisted," states the report.
Traffic characteristics, such as attack rate, attack rate change and attack volume, can be used to identify automated attacks. Also, automated tools can leave 'fingerprints' or patterns that can be extracted from the source code to identify an automated attack with high certainty.
According to Imperva, contending with automated attacks requires:
Rate-based detection mechanisms: Automated tools often interact with sites at inhuman speeds. Signatures, however, are usually confined to single event. The ability to detect inhuman interactions is a key step.
Identification of missing or unique headers: Signatures are good at detecting existing pattern not in detecting missing pieces. Automated tools often lack headers, divulging their ulterior intentions. But malicious automation can be distinguished by its use of unique headers or payloads.
Identification by using the experience of others (reputation): Automated attacks sources tend to attack many targets.
In the report, the company provides analysis of multiple real-world attack vectors, highlighting characteristics security professionals can use to define malicious traffic, enabling black lists of suspected IP addresses.
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
