SQL injection and cross-site scripting are the top venues for mischief.
2009 social networks were at the greatest risk, malware and defacement remained the most common outcome of Web attacks, and SQL injection was the most common attack vector.
Perhaps not surprisingly, analysis of Web hacking incidents reveals that social network sites such as Twitter and Facebook are becoming premier targets for hackers. One in five incidents (19 percent) between January and June 2009 targeted social network sites, making them the most commonly attacked market.
InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute Webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros.
Many attacks on social networks involve cross-site scripting (XSS) worms. Additionally, insufficient anti-automation controls permit hackers to brute force attack login credentials. In one incident, an attacker accessed a Twitter Admin account that had a password reset tool and compromised 33 high-profile accounts, including President Obama’s.
Web attacks are driven by crime. Most occur because the hacker wants money, not glory. However, in some instances, the attacks are performed by professionals seeking to advance a cause.
In 2009, defacement of Web sites was still the number one driver for Web hacking (28 percent). Defacement includes visible changes and covert changes, such as the planting of malicious code. Criminals exploit Web application vulnerabilities to plant malware that subsequently infects clients who visit the Web site. The hacked sites become the hacker’s primary method of distributing viruses, Trojans and root kits.
On the other end of the spectrum, ideologists use the Internet to express themselves using Web hacking to deface Web sites. The majority of defacement incidents are of a political nature, targeting political parties, candidates, and government departments, typically with a specific message related to a campaign.
Web defacements are a serious problem and a critical barometer for estimating exploitable vulnerabilities in Web sites. Defacement statistics are valuable since they are one of the few incidents that are publicly facing and thus cannot be easily swept under the rug.
SQL injection tops the attack methods
SQL injection remains the No. 1 attack vector, accounting for nearly one-fifth of all security breaches (19 percent). These attacks alter the contents of the back-end database and inject malicious JavaScript. Interestingly, the overall attack more closely resembles a XSS methodology, as the end goal of the attack is to have malicious JavaScript execute within victim’s browsers to steal login credentials to other Web applications.
While not a new attack vector, attacks that take advantage of insufficient authentication are increasingly severe due to the proliferation of user-contributed and managed Web sites. This is closely related to CSRF, a vulnerability that was recognized several years ago as a potent attack vector. While it took longer for CSRF to appear than expected, the rise in CSRF incidents is in line with authentication abuse, since it provides an alternative mechanism for performing actions on behalf of a victim.
What you think about this guys. Pls share you views here. Awaiting Comments..!!
0 Visitor Reactions & Comments: