New research shows that hackers are becoming increasingly lazy in their search for online exploits, with 98% of Remote File Inclusion and 88% of SQL injection attacks now being fully automated.
It comes as no surprise whatsoever to DaniWeb administrators and moderators that your average cybercriminal is looking for the easiest way to earn a dishonest buck. After all, we have recently completely re-coded the DaniWeb forum from the ground up partly in order to deal with the increasing number of spambot attacks that were being launched against us across much of last year. Spammers have long since used software to automate both the spam-posting process but during the past few years we have seen them increasingly turning to software solutions that automate the forum registration process as well, including breaking the various CAPTCHA-based security systems that forum operators put in place to stop just such occurrences.
The Hacker Intelligence 'Automation of Attacks' report published today by security specialists Imperva suggests that this highly automated approach to law-breaking is rife within the hacking community. The report is a detailed analysis of data collected between January and March 2012, and reveals that as much as 98% percent of Remote File Inclusion (RFI) and 88% of SQL injection attacks are automated, including by two software tools: Havij and sqlmap.
With making money the driving force behind most web application attacks, why would hackers want to waste time actually studying vulnerabilities and learning how to exploit them when they can use tools developed by others with more technical ability to do the job for them? The 'Script Kiddies' are well and truly back on the scene it would seem.
The report highlights how traffic characteristics such as attack rate, attack rate change and attack volume can be used to identify automated attacks and reveals how the automated tools used leave fingerprints that can be extracted from the source code to identify an automated attack with a high degree of certainty.
“Using automated software tools, even an unskilled attacker can attack applications in a short period of time, potentially collect valuable data and move on to the next target,” said Amichai Shulman, CTO at Imperva. “Automated tools can be used to evade an enterprise’s security defenses.”