01 May 2012
- SQL injection and RFI/LFI attacks
April 25, 2012 - "... cloud-security provider Incapsula published a study* showing that 31 percent of website traffic was -malicious- traffic
... interesting is the speed and effectiveness of the hacks. How was it achieved? Automation. Automated hacks are not new. However, recently, we have noticed increased sophistication... this month’s Imperva’s latest Hacker Intelligence Initiative report** is to give a "state of the union" when it comes to automated attacks
. Specifically, we describe the key tools and processes hackers use to automate SQL injection and RFI/LFI attacks
. We believe these are the two most deployed attack methods and, as in any industry—automation, is a key indicator that someone wishes to achieve an economy of scale. Further, the automated tools being developed are sophisticated. This means:
• The script kiddies are hitting puberty. In other words, their attacks will be more effective and through.
• The pool of hackers is likely to increase. The ease of use of these tools is a key component of their appeal... hacking tools is a cottage industry trying to appeal to those hoping for a few online thrills.
Our report can be downloaded here**. The report details:
• Commonly used automated SQL injection and RFI/LFI tools.
• How to identify them when they hit your website.
• Some strategies needed to stop them
PDF file - 12 pgs. - "... Summary and Conclusions
: With automation, the odds of cyber attack are close to 100%. How can security teams prepare and stop malicious, automated site traffic in order to:
› Block attacks early and efficiently.
› Defend against 0 days.
› To save analysis resources by clustering all attack vectors related to the same attack to a single group. Detecting automation require abilities greater than plain signatures. Moreover, detecting bad automation must also allow non-malicious automation...
Contending with automated attacks requires:
› Rate-based detection mechanism: Automated tools often interact with sites at inhuman speeds. Signatures, however, are usually confined to single event. The ability to detect inhuman interactions is a key step.
› Missing or unique headers: Signatures are good at detecting existing pattern not in detecting missing pieces. Automated tools often lack headers, divulging their ulterior intentions. But malicious automation can be distinguished by its use of unique headers or payloads
› Identify by using the experience of others (reputation): Automated attacks sources tend to attack many targets."