'Net Features : hacking

Web Hacking and Malware

Pete Prestipino — Mon, 17 Aug 2009 14:55:00 GMT

Breach Security announced a steep rise in attacks against social networking sites, according to the Web Hacking Incidents Database (WHID) 2009 Bi-Annual Report.

Social networking sites, accounting for 19 percent of hacking incidents, were the most targeted vertical market in the first half of 2009. Key findings from the WHID 2009 Bi-Annual Report include:

• Drivers for Web Hacking — Defacement, which combines both planting of malware and standard overt changes, remains the most common outcome of web attacks (28%), while leakage of sensitive information is a close second (26%, up from 19% in 2008). Disinformation is a distant third (19%), mostly due to the hacking of celebrity online identities.

• Most Prevalent Attack Vectors — SQL Injection remains the number one attack vector, accounting for nearly one-fifth of all security breaches (19%). Attack vectors exploiting Web 2.0 features such as user-contributed content were also commonly employed: authentication abuse was the second most active attack vector (11%), and Cross Site Request Forgery (CSRF) rose to number five with 5% of the reported attacks.

• Vertical Markets Under Attack — Social networking sites emerged as the most targeted vertical market with 19% of the incidents, a dramatic increase from prior years when this sector was not represented, and displacing government/law enforcement from the number one spot in 2008.

“The dramatic rise in attacks against social networking sites this year can primarily be attributed to attacks on popular new technologies like Twitter, where cross-site scripting and CSRF worms were unleashed,” said Ryan Barnett, director of application security research for Breach Security. “Looking back at 2008, a notable election year, government-related organizations were the top-ranked attack victims and have now dropped to number three. The WHID report demonstrates that hackers can be fickle, following popular culture and trends to achieve the most visible effect for their efforts, which means that companies must be vigilant in implementing web application systems and monitoring application activity.”

The WHID project compiles and analyzes application-related security incidents, focusing exclusively on publicly reported web application security attacks that have an identified outcome. The WHID 2009 Bi-Annual report analyzed global security incidents that occurred from January 1 through July 31, 2009, a 30 percent increase in overall web attacks compared to 1H 2008.

Looking to Accelerate Your Web Success?
Request a pro-level membership at WebsiteMagazine

WordPress Firewall Plugin

Pete Prestipino — Tue, 20 Jan 2009 03:10:00 GMT

SEO egghead Jamie Sirovich just posted about his new WordPress Firewall Plugin. Getting hacked creates a lot of work, so using a firewall (any firewall) is going to save you a lot of headaches down the road - especially if you're working with multiple blogs or managing WP installs for others. The plugin "investigates web requests with simple WordPress specific hueristics to identify and stop most obvious attacks."

While it may not stop the more sophisticated hackers from gaining access, something is most certainly better than nothing.

In addition to blocking common attacks, other features let you set up an automatic email to notify that a potential attack has been detected and blocked (with the offending IP and parameters) and let you whitelist your IP (as well as a page, a variable in a page or a variable on every page).

The WordPress Firewall plugin can be downloaded here.

Sample of the email sent when an attack occurs and is blocked:

Hacker Attacks Increasing

Pete Prestipino — Fri, 05 Dec 2008 15:48:00 GMT

SecureWorks reports they have seen a 161% increase in the number of attempted hacker attacks they are blocking for their retail clients. Attempted attacks increased from an average of 56,000 per client per month in the first six months of the year to 133,000 per client per month for the last five months. The attack statistics represent the attack activity for 36 major retail corporations located across the country.

"We saw a large increase in hackers looking for open ports, as well as those trying to identify the applications and other services our retail clients were running," said Wayne Haber, director of architecture for SecureWorks. "An increase in network scans is often a red flag because many times it is followed by attacks specifically targeted at the organization's services," said Haber." "Attempted network scans against our retail clients increased 61% in 2008 going from an average of 56,000 per client per month in the first six months of the year to 90,000 per client per month in the last five months of the year," continued Haber.