Channels ▼
RSS

Tools

Intruders Automating Threats



On the heels of IBM's X-Force Risk Report, Imperva has released a new security report of its own, warning that intruders have become industrialized and represent an exponentially increased threat to individuals, organizations, and government. Imperva's report, entitled The Industrialization of Hacking says the emerging industrialization of intrusion parallels the way in which the 19th century revolution advanced methods and accelerated assembly from single to mass production. The result is that today's cybercrime industry has transformed and automated itself to improve efficiency, scalability and profitability.

As an example of this "industrial revolution", Imperva claims to have discovered a new scheme that is infecting educational servers worldwide with Viagra ads. According to Imperva, cyber-criminals are using industrialized methods to automate an as-yet unreported scheme that has infected hundreds, possibly thousands of .edu servers worldwide with Viagra ads.

"This attack on academic institutions highlights how hacking has become industrialized infecting servers from major institutions including UC Berkeley, Ohio State and more. Ironically, this technique is the most prevalent method used to create havoc in cyberspace, yet remains virtually unknown to the general public," explained Imperva's Amichai Shulman.

Key findings in the report include the organizational structure and technical innovations for automating attacks:

  • Organization structure. Over the years, a clear definition of roles and responsibilities within the hacking community has developed to form a supply chain that resembles a drug cartel. The division of labor in today's industrialized hacking industry includes:

    • Researchers: A researcher's sole responsibility is to hunt for vulnerabilities in applications, frameworks, and products and feed their knowledge to malicious organizations for the sake of profit.
    • Farmers: A farmer's primary responsibility is to maintain and increase the presence of botnets in cyberspace through mass infection.
    • Dealers: Dealers are tasked with the distribution of malicious payloads.

  • Technical innovations. Intrusion techniques once considered cutting-edge and executed only by savvy experts are now bundled into software tools available for download. Today, cybercrimminals typically deploy a two-stage process designed to proliferate botnets and perform mass attacks:

    • Search engine manipulation. This technique is the most prevalent method used to spread bots, yet remains virtually unknown to the general public. Essentially, attackers promote Web-link references to infected pages by leaving comment spam in online forums and by infecting legitimate sites with hidden references to infected pages. For example, an intruder may infect unsuspecting Web pages with invisible references to popular search terms, such as "Britney Spears" or "Tiger Woods." Search engines then scour the websites reading the invisible references. As a result, these malicious websites now top search engine results. In turn, consumers unknowingly visit these sites and consequently infected their computers with the botnet software.
    • Executing mass attacks through automated software. To gain unauthorized access into applications, dealers input email addresses and usernames as well as upload lists of anonymous proxy addresses into specialized software, the same way consumers upload addresses to distribute holiday cards. Automated attack software then performs a password attack by entering commonly used passwords. In addition, today's industrialized hackers can also input a range of URLs and obtain inadequately protected sensitive data.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video