SYDNEY – March 2, 2010. Imperva, the data security leader, today released a new report warning that hackers have become industrialised and represent an exponentially increased threat to individuals, organisations and Government.
The report, The Industrialisation of Hacking, can be downloaded at: http://www.imperva.com/ld/industrialization.asp
“The emerging industrialisation of hacking parallels the way in which the 19th century revolution advanced methods and accelerated assembly from single to mass production. The result is that today’s cybercrime industry has transformed and automated itself to improve efficiency, scalability and profitability,” explained Imperva CTO Amichai Shulman.
Key findings include the organisational structure and technical innovations for automating attacks:
Organisation structure—Over the years, a clear definition of roles and responsibilities within the hacking community has developed to form a supply chain that resembles a drug cartel. The division of labour in today’s industrialised hacking industry includes:
· Researchers: A researcher’s sole responsibility is to hunt for vulnerabilities in applications, frameworks, and products and feed their knowledge to malicious organisations for the sake of profit.
· Farmers: A farmer’s primary responsibility is to maintain and increase the presence of botnets in cyberspace through mass infection.
· Dealers: Dealers are tasked with the distribution of malicious payloads.
Technical innovations—Hacking techniques once considered cutting-edge and executed only by savvy experts are now bundled into software tools available for download. Today, the hacking community typically deploys a two-stage process designed to proliferate botnets and perform mass attacks:
· Search engine manipulation. This technique is the most prevalent method used to spread bots, yet remains virtually unknown to the general public. Essentially, attackers promote Web-link references to infected pages by leaving comment spam in online forums and by infecting legitimate sites with hidden references to infected pages. For example, a hacker may infect unsuspecting Web pages with invisible references to popular search terms, such as ‘Britney Spears’ or ‘Tiger Woods’. Search engines then scour the websites reading the invisible references. As a result, these malicious websites now top search engine results. In turn, consumers unknowingly visit these sites and consequently infected their computers with the botnet software.
· Executing mass attacks through automated software—To gain unauthorised access into applications, dealers input email addresses and user names as well as upload lists of anonymous proxy addresses into specialised software, the same way consumers upload addresses to distribute holiday cards. Automated attack software then performs a password attack by entering commonly used passwords. In addition, today’s industrialised hackers can also input a range of URLs and obtain inadequately protected sensitive data.
About Imperva
Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organisations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognised for its overall ease of management and deployment. For more information, visit www.imperva.com.
Media queries
Grenadine Lau, Imperva
Phone: +65.6749 4482
Mobile: +65.9666 1886
Email: Grenadine.Lau@Imperva.com
David Frost
PR Deadlines Pty Ltd, for Imperva
Phone: +61.2.4341 5021
Mobile: +61 (0) 408 408 210
Email: davidf@prdeadlines.com.au