Blog|Login|中文Deutsche日本語
April 25, 2012
 Automated Attacks
Pin It

In Austria, a 15-year-old boy has been arrested for hacking into 259 companies during a 90-day spree. In other words, during the last quarter he successfully attacked an average of three websites per day.  In a broader view, cloud-security provider Incapsula published a study showing that 31 percent (!) of website traffic was malicious traffic.

Script kiddies?  Yes.  But what makes the Austrian incident interesting is the speed and effectiveness of the hacks.  How was it achieved?  Automation. 

Automated hacks are not new.  However, recently, we have noticed increased sophistication.

The purpose of this month’s Imperva’s latest Hacker Intelligence Initiative report is to give a "state of the union" when it comes to automated attacks.  Specifically, we describe the key tools and processes hackers use to automate SQL injection and RFI/LFI attacks. We believe these are the two most deployed attack methods and—as in any industry—automation is a key indicator that someone wishes to achieve an economy of scale.  Further, the automated tools being developed are sophisticated.  This means:

  • The script kiddies are hitting puberty.  In other words, their attacks will be more effective and through.
  • The pool of hackers is likely to increase.  The ease of use of these tools is a key component of their appeal.  During the California Gold Rush in the mid 1800s, few made money.  The real winner?  Levis.  They sold jeans to all prospectors.  In the same way, hacking tools is a cottage industry trying to appeal to those hoping for a few online thrills.

Our report can be downloaded here

The report details:

  • Commonly used automated SQL injection and RFI/LFI tools.
  • How to identify them when they hit your website.
  • Some strategies needed to stop them.

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

« Why Hacktivists Are Winning | Main | Automated Cyber Attacks Graphic »

Find Us Online
RSS Feed - Subscribe Twitter Facebook iTunes LinkedIn YouTube
Authors
Monthly Archives
Email Subscription
Sign up here to receive our blog: