As social networking begins to shrink the world and attract users by the billion, you won’t be surprised to hear that the hacker sharks are out there amongst them, and that they are starting to indulge in a feeding frenzy.
Recent investigations have detected a huge black market for social network fraud. Moreover, about one third of discussions in one particular hacker forum focused on training and tutorials for data theft techniques, such as SQL injection (a technique often used to attack a website) – and yet industry analysts estimate that less than 5% of IT budgets include products to mitigate attacks in the data centre.
How does your organisation stack up against that percentage? And how much of a threat do these cyber criminals pose to you personally and, in the wider context, the business you work for? The answer has to be: a massive threat – especially when the hacker forum in question that was infiltrated contained around a quarter of a million members. This is a lucrative industry and, if your defences are less than 100%, you might well be one of the victims of their increasingly aggressive attacks.
The degree of sophistication underpinning these assaults is something else you should note, as business security solutions provider Imperva highlights in its October Hacker Intelligence Initiative report, ‘Monitoring Hacker Forums’. In this second annual analysis of a large hacker forum, it warns: “If organisations neglect SQL injection security, we believe that hackers will place more focus on those attacks.”
Which are the most popular attacks you need to be on the alert for? DDoS and SQL injection are top of the list: DDoS (distributed denial-of-service) and SQL injection remain the most widely discussed hacking topics. According to the analysis, DDoS (19%) and SQL injection (19%) were the most frequently discussed attack methods. And yet, according to global analyst Gartner’s ‘Forecast: Security Infrastructure Worldwide, 2010-2016, 2Q12 Update’, while $25 billion was spent on security software and network equipment in 2011, less than 5% of security budgets was allocated to products that mitigate SQL injection attacks. Something of an imbalance, you’d have to say.
Amongst the cyber criminals, the market for social network endorsements is on the rise. In a keyword search relating to social networks, Imperva found that Facebook (39%) and Twitter (37%) were the most frequently discussed social networks. In reviewing social network-related posts, a black market for buying and selling illegitimate social network likes, followers and endorsements was observed, with particular attention given to the origin of these likes and followers.
What else are the hackers targeting? Hacker education comprises a third of all forum conversations. Of the total conversations analysed, roughly 28% were related to beginner hacking and hacker training, while another 5% related to hacking tutorials.
Both aspiring and veteran hackers frequent forums to exchange techniques, build credibility and publish their hacking successes. It’s akin, in many ways, to the fledgling criminal getting his real education during his first spell behind bars. The army is growing and you need to know that, because the only way to defeat them is to win the battle to stay safe. And it’s a battle that will never end.
For more information on website security download the Symantec website security threat report