Imperva: Hackers Use Automated Tools in Most Attacks

The latest report issued by data security solutions firm Imperva for the first quarter of 2012 reveals that in most of the attacks launched by hackers tools that automate the process, such as Havij and SQLmap, are being utilized.

The figures provided by the company show that 98% of Remote File Inclusion (RTF) attacks and 88% of those that leverage SQL Injection vulnerabilities are in fact automated.

Veteran hackers catalogue those who use automated tools as being “Script Kiddies,” but in practice, those who rely on these pieces of software don’t seem to be discouraged. The fact is that a lot of damage can be caused with these applications to systems whose administrators fail to patch them up properly.

"Using automated software tools, even an unskilled attacker can attack applications in a short period of time, potentially collect valuable data and move on to the next target. Automated tools can be used to evade an enterprise's security defenses," Amichai Shulman, the CTO of Imperva, said.

The report reveals that beside Havij and SQLmap, which are used for automated SQL Injections and data theft, hackers also use application scanners such as Acunetix and Nikto.

Imperva advises website owners to be on the lookout for certain clues that can indicate an attack which relies on automated tools.

The first thing that hints the presence of automation is the attack rate. In case of an automated attack, the interaction with the site will be made at “inhuman speeds,” this being a clear indicator of an operation that uses specialized software.

Another important factor that can help admins and owners detect such a hit is the lack of headers, or the use of unique headers.

When it comes to the origins of SQL Injection and RFI attacks, China tops the chart (30%), being closely followed by the United States (24%). The list is completed by countries such as Netherlands, Morocco, Egypt, Luxemburg, Brazil, France, Indonesia and Russia, but these locations are responsible for only 3% or less of the hosts that send attacks.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.