presentation title – arial 32 pt, bold, black · mass sql injection attacks google dorks ....
TRANSCRIPT
![Page 1: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/1.jpg)
Cyber Vigilantes Rob Rachwald
Director of Security Strategy
Porto Alegre, October 5, 2011
![Page 2: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/2.jpg)
Hacking: Industry Analysis
2
Hacking has become industrialized.
Attack techniques and vectors keep changing with an ever rapid pace.
Attack tools and platforms keep evolving.
![Page 3: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/3.jpg)
Hack Fact #1:
Hackers Know the Value of Data Better Than the Good
Guys
3
![Page 4: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/4.jpg)
Data is hacker currency
![Page 5: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/5.jpg)
Website Access up for Sale
- - 5
![Page 6: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/6.jpg)
Website Access up for Sale
- - 6
![Page 7: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/7.jpg)
Hack Fact #2:
Hackers—By Definition—Are Early Adopters
7
![Page 8: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/8.jpg)
Example: Mobile (In)Security
- - 8
Source: Imperva’s Application Defense Center Research
0
500
1000
1500
2000
2500
2007 2008 2009 2010
year
Growth of Discussion of Mobile Platforms by year
Android
Blackberry
Nokia
iPhone
![Page 9: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/9.jpg)
Hack Fact #3:
The Good Guys Have More Vulnerabilities Than Time, Resourcing Can Manage
9
![Page 10: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/10.jpg)
Situation Today
:
:
# of websites (estimated: July 2011)
# of
vulnerabilities
357,292,065
230
x
1%
821,771,600 vulnerabilities in active circulation
Source: http://news.netcraft.com/archives/2011/07/08/july-2011-web-server-survey.html
https://www.whitehatsec.com/home/resource/stats.
![Page 11: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/11.jpg)
Vulnerabilities by Industry
- - 11 Source: WhiteHat 2011
Top Vulnerabilities by Industry (2010)
![Page 12: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/12.jpg)
Hack Fact #4:
Attack Automation is Prevailing
12
![Page 13: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/13.jpg)
Automation is Prevailing
In one hacker forum, it was boasted that one hacker had found 5012 websites vulnerable to SQLi through automation.
Things to note:
•Due to automation, for only a few
dollars, hackers can be effective
in small groups – i.e. Lulzsec.
• Automation also means that
attacks are equal opportunity
offenders. They don’t
discriminate between well-known
and unknown sites.
![Page 14: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/14.jpg)
Studying Hackers
Why this helps + Focus on what hackers want, helping good guys prioritize
+ Technical insight into hacker activity
+ Business trends of hacker activity
+ Future directions of hacker activity
Eliminate uncertainties + Active attack sources
+ Explicit attack vectors
Focus on actual threats
Devise new defenses based on real data and reduce guess work
![Page 15: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/15.jpg)
Cyber Vigilantes
- -
![Page 16: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/16.jpg)
Approach #1:
Monitoring Communications
16
![Page 17: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/17.jpg)
Method: Hacker Forums
Tap into the neighborhood pub
Analysis activity
+ Quantitative analysis of topics
+ Qualitative analysis of information being disclosed
+ Follow up on specific interesting issues
- - 17
![Page 18: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/18.jpg)
Hacker Forum Analysis #1: General Topics Jan-June 2011
Source: Imperva
25%
22% 21%
8%
6%
5%
3% 3%
3% 2% 2% 0%
# Threads in Hacker Forums Beginner Hacking
Hacking Tools and Programs
Website and Forum Hacking
Botnets and Zombies
Hacking Tutorials
Cryptography
Social Engineering
Phreaking Cells Mobiles
Proxies and Socks
Wireless Hacking
IM Hacks
Electronic and Gadgets
![Page 19: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/19.jpg)
Hacker Forum Analysis #2: Tech Discussions Jan-June 2011
22%
19%
16% 12%
12%
10% 9%
Top 7 Attacks Discussed (# Threads with keyword)
dos/ddos
SQL Injection
spam
shell code
brute-force
zero-day
HTML Injection
![Page 20: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/20.jpg)
Approach #2:
Knowing Hacker Business Models
20
![Page 21: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/21.jpg)
Example: Rustock
- - 21
![Page 22: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/22.jpg)
Approach #3:
Technical Attack Analysis
22
![Page 23: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/23.jpg)
Getting Into Command and Control Servers
![Page 24: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/24.jpg)
No Honor Among Thieves
![Page 25: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/25.jpg)
And You Can Monitor Trendy Attacks
![Page 26: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/26.jpg)
And You Can Monitor Trendy Attacks
![Page 27: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/27.jpg)
Approach #4:
Traffic Analysis Via Honeypots
27
![Page 28: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/28.jpg)
Automated Attacks
Botnets
Mass SQL Injection attacks
Google dorks
![Page 29: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/29.jpg)
Finding#1: Automation is Prevailing
On Average:
27 attacks per hour
≈ 1 probe every two
minutes
Apps under automated
attack:
25,000 attacks per hour.
≈ 7 per second
![Page 30: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/30.jpg)
The Unfab Four
![Page 31: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/31.jpg)
Finding #2: Reputation Matters
29 percent of the attack events originated from the 10 most
active attack sources
- - 31
![Page 32: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/32.jpg)
Research Compared to Lulzsec Activity
Lulzsec was a team of hackers
focused on breaking applications and
databases.
Our observations have a striking
similarity to the attacks employed by
Lulzsec during their campaign.
Lulzsec used: SQL Injection, Cross-
site Scripting and Remote File
Inclusion.
![Page 33: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/33.jpg)
Lulzsec Activity Samples
1 infected server ≈ 3000 bot infected PC power
8000 infected servers ≈ 24 million bot infected PC power
![Page 34: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/34.jpg)
Conclusions
34
![Page 35: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/35.jpg)
Get Proactive
35
Quickly identify and block source of recent malicious activity.
Enhance attack signatures with content from recent attacks.
Identify sustainable attack platforms (anonymous proxies, TOR relays, active bots).
Identify references from compromised servers.
Introduce reputation-based controls.
![Page 36: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/36.jpg)
Fight Automation
Adjusted blocking
- Black-list IPs
- Keep lists reflective of real-time malicious sources
CAPTCHA
-Image
-Other methods exist (solving a riddle, watching a video, audio, etc.)
Adaptive authentication
- Alert the user
- Repeat password or answer previously recorded question
Client-side computational challenges
- Slow on the client, quick on the server
Disinformation
- Bogus links
- Hidden Links
36
![Page 37: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/37.jpg)
Conclusion
The top five security providers—led by Symantec and McAfee—accounted for
44 percent of the $16.5 billion worldwide security software market in 2010,
according to Gartner. That’s down from 60 percent in 2006.
- - 37
Source: http://www.bloomberg.com/news/2011-08-04/hacker-armageddon-forces-symantec-mcafee-to-search-for-fixes.html
![Page 38: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/38.jpg)
Conclusion
- - 38
![Page 39: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/39.jpg)
Conclusion
- - 39
Source: http://www.nytimes.com/external/readwriteweb/2011/08/23/23readwriteweb-mcafee-to-security-industry-are-we-really-p-70470.html?partner=rss&emc=rss
“The security industry may need to reconsider some of its
fundamental assumptions, including 'Are we really
protecting users and companies?’”
--McAfee
![Page 40: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/40.jpg)
Important Dtails
If you want slides, send: your credit card number, mother’s maiden
name and an email to:
- - 40
![Page 41: Presentation Title – Arial 32 pt, Bold, Black · Mass SQL Injection attacks Google dorks . Finding#1: Automation is Prevailing On Average: 27 attacks per hour](https://reader034.vdocuments.mx/reader034/viewer/2022042709/5f4db4b43329ac41db294540/html5/thumbnails/41.jpg)
Thank You
41