In Austria, a 15-year-old boy has been arrested for hacking into 259 companies during a 90-day spree. In other words, during the last quarter he successfully attacked an average of three websites per day. In a broader view, cloud-security provider Incapsula published a study showing that 31 percent (!) of website traffic was malicious traffic.
Script kiddies? Yes. But what makes the Austrian incident interesting is the speed and effectiveness of the hacks. How was it achieved? Automation.
Automated hacks are not new. However, recently, we have noticed increased sophistication.
The purpose of this month’s Imperva’s latest Hacker Intelligence Initiative report is to give a “state of the union” when it comes to automated attacks. Specifically, we describe the key tools and processes hackers use to automate SQL injection and RFI/LFI attacks. We believe these are the two most deployed attack methods and—as in any industry—automation is a key indicator that someone wishes to achieve an economy of scale. Further, the automated tools being developed are sophisticated. This means:
- The script kiddies are hitting puberty. In other words, their attacks will be more effective and through.
- The pool of hackers is likely to increase. The ease of use of these tools is a key component of their appeal. During the California Gold Rush in the mid 1800s, few made money. The real winner? Levis. They sold jeans to all prospectors. In the same way, hacking tools is a cottage industry trying to appeal to those hoping for a few online thrills.
Our report can be downloaded here.
The report details:
- Commonly used automated SQL injection and RFI/LFI tools.
- How to identify them when they hit your website.
- Some strategies needed to stop them.