Automation Works for Hackers

Wednesday, April 25, 2012 @ 11:04 PM gHale


For hackers, it is all about automation.

More than 60 percent of SQL injection attacks and as many as 70 percent of Remote File Inclusion attacks (the two most common attack types) are automated, according to a new report from Imperva,. Remote File Inclusion attacks allows hackers to plant back doors on PHP-based websites.

RELATED STORIES
IT Security Education Needed
Security Lapses at Electricity Supplier
Secure Grid from Turbine to Toaster
Utility Cyber Security Trends

Attackers use tools like Havij and SQLMap to probe for vulnerabilities and execute SQL injection attacks. These tools also employ techniques to evade detection, such as periodically changing headers or splitting attacks through controlled hosts to avoid black-listing. In the past, using attack tools was purely for script kiddies but these attitudes are changing, said Rob Rachwald, director of security strategy at Imperva.

Automatic attack tools aren’t just for the clueless anymore, he said. These tools can attack more applications and exploit more vulnerabilities than any manual method possibly could, making them a useful adjunct for even skilled attackers.

“Automated tools are becoming better quality. Both experienced and inexperienced hackers use them but experienced hackers use them with more finesse,” Rachwald said.

By contrast, organizations still struggle to embrace automatic defenses, often deploying technologies such as intrusion prevention systems in “alert only” mode. Rachwald said too much focus was on attacks based on spear-phishing and malware at the expense of overlooking more commonplace assaults, such as SQL injection attacks.

Automated attacks have specific traffic characteristics such as rate, rate change and volume, all factors that act as a fingerprint and block automated attacks. For example, it is possible to block IP addresses associated with automated attacks.



Leave a Reply

You must be logged in to post a comment.