Hacker Intelligence Initiative (HII)
Issued approximately six times a year, the Imperva Hacker Intelligence Initiative (HII) reports go inside the cyber-underground to provide in-depth, forward-looking analysis at trending hacking techniques and interesting attack campaigns. These provocative, creative and innovative research papers aim not to solely understand what has happened in the past, but to deep dive into what is ahead and what’s needed to proactively stay ahead of hackers’ next moves.
Assessing the Threat Landscape of DBaaS
This report does an in-depth analysis of malware that used a shared hosting database for its Command and Control and drop server, Imperva analyzes a new malware platform for cybercriminals: Database as a Service (DBaaS). The report concludes that by bringing data one step closer to hackers, DBaaS makes it possible for hackers to compromise an organization's database without accessing its network -- ultimately increasing the risk of a data breach.
Get What You Give: The Value of Shared Threat Intelligence
The Imperva Defense Center analyzed real-world traffic from sixty Web applications in order to identify attack patterns. The report demonstrates that, across a community of Web applications, early identification of attack sources and attack payloads can significantly improve the effectiveness of application security. Furthermore, it reduces the cost of decision making with respect to attack traffic across the community. Here's how, based on the traffic analyzed by the Imperva Defense Center:
- Multiple target SQL attackers generated nearly 6x their share of the population.
- Multiple target comment spam attackers generated 4.3x their share of the population.
- Multiple target RFI attackers generated 1.7x their share of the population (this amounted to 73% of total attacks).
Lessons Learned From the Yahoo! Hack
On December 2012, a hacker claimed to have breached Yahoo!'s security systems and acquired full access to certain Yahoo! databases, leading to full access on the server for that domain. Technically, we found that the hacker was able to determine the allegedly vulnerable Yahoo! application and the exact attack method, a SQL injection. This attack underscores the security problem posed by hosting third-party code as is often done with cloud-based services. Our report explains:
- How to protect third-party Web applications against SQL injection and other Web attacks.
- Why security should always assume third-party code coming from partners, vendors, mergers and acquisitions contains serious vulnerabilities.
- Putting in place legal requirements in a contract for what you will and will not accept from a security perspective and incorporating security due diligence for any merger or acquisition activity.
Assessing the Effectiveness of Antivirus Solutions
How good is antivirus? How should enterprises invest in endpoint protection? Imperva collected and analyzed more than 80 previously non-cataloged viruses against more than 40 antivirus solutions. Imperva found:
- Antivirus solutions have a difficult time detecting newly created viruses While antivirus vendors may constantly work to update their detection mechanisms, the initial rate of detection of new viruses by antivirus solutions in the study was less than 5%. Antivirus solutions in the study were unable to provide complete protection since they are unable to keep up with virus propagation on the Internet.
- Antivirus solutions lag in updating signatures In some cases in the study, it took anti-virus solutions up to four weeks following the initial scan to detect a virus.
- Investment in antivirus is misaligned In 2011, Gartner reported that consumers spent $4.5 billion on antivirus while enterprises spent $2.9 billion, a total of $7.4 billion or more than a third of the total of $17.7 billion spent on security software. In addition, certain freeware solutions in the study proved equally or more effective than paid solutions.
Monitoring Hacker Forums
The Imperva second annual hacker forum analysis detects black market for social network fraud. By examining what information hackers seek out or share in forums, security teams can better understand where hackers are focusing their efforts. One thing is unmistakable: If organizations neglect SQL injection security, we believe that hackers will place more focus on those attacks.
The Anatomy of an Anonymous Attack
This Imperva Defense Center report details the never-before-seen details on an attack by hacktivist group 'Anonymous' against a high-profile unnamed target during a 25 day period in 2011. The Hacker Intelligence Summary Report - The Anatomy of an Anonymous Attack - offers a comprehensive analysis of the attack including a detailed timeline of activities from start to finish, an examination of the hacking methods utilized as well as insights on the use of social media to recruit participants and coordinate the attack.
Security Trends 2012
Hacking is inherently innovative and constantly changing. As 2012 approaches, security teams will need to adapt to a changing threat landscape as cyber security remains one of the most dynamic and fluid disciplines worldwide. The Imperva Defense Center, led by Imperva CTO Amichai Shulman, is exclusively focused on advancing the practice of cyber security to help companies shield themselves from the threat of hackers and insiders. For 2012, the Imperva Defense Center has assembled a comprehensive set of predictions designed to help security professionals prepare for new threats and attacks in cyber space.
Monitoring Hacker Forums
As a part of the Imperva hacker intelligence initiative, we monitor hacker forums to understand many of the technical aspects of hacking. Forums are the cornerstone of hacking - they are used by hackers for training, communications, collaboration, recruitment, commerce and even social interaction. Forums contain tutorials to help curious neophytes mature their skills. Chat rooms are filled with technical subjects ranging from advice on attack planning and solicitations for help with specific campaigns. Commercially, forums are a marketplace for selling of stolen data and attack software. Most surprisingly, forums build a sense of community where members can engage in discussions on religion, philosophy and relationships.