Hackers are continuously chatting on hacker forums about attack techniques, and one new study is attempting to shed light on the threats to enterprises that matter most.
There hasn't been a whole lot of change on the defensive end, so why change the offense?
director of security strategy, Imperva Inc.
The most frequently discussed topics on hacking forums are denial-of-service (DoS)/distributed-denial-of-service (DDoS) attacks and SQL injection, according findings in Imperva Inc.'s Monitoring Hacker Forums: ADC Monthly Web Attacks Analysis, October 2012 (.pdf). DoS/DDoS attacks were the keywords in 19% of all threads, while SQL injection made up another 19%. Other popular topics were shell code, at 16%, and spam, a keyword on 14% of threads.
"There's a lot of energy focused on data theft," said Rob Rachwald, director of security strategy at Redwood Shores, Calif.-based Imperva Inc.
In the study, researchers at business security provider Imperva focused on one forum, monitoring it frequently. They used content analysis to assess what hackers were discussing on the forum, which has 439,587 threads.
Hackers aren't just talking about SQL injection and DDoS; they are also using tools and techniques to exploit these vulnerabilities, particularly in the case of SQL injection.
"It's a very target-rich area," Rachwald said.
Yet, enterprise security teams are not taking action to prevent the attacks, according to a report issued in September. SQL injection attacks rose 69% between the first two quarters of 2012, according to Texas-based secure cloud hosting firm, FireHost Inc. Rachwald said SQL injection is such a widespread issue because of the number of vulnerabilities on websites around the world, it is financially beneficial to attackers and there are plenty of automated attack tools and technology on the black market that exploit the vulnerabilities.
"The good guys aren't looking at or aware of what the bad guys are talking about," Rachwald said.
Imperva said less than 5% of security budgets are used to purchase products that mitigate SQL injection attacks. The majority of investments are being made on firewalls, antivirus and other security software that doesn't have a direct impact on mitigating SQL injection or DDoS. Compliance mandates and ignorance fuel the investments, Rachwald said.
Most attackers not changing methods
Many of the findings in the latest Imperva study are similar to the Monitoring Hacker Forums (.pdf) study issued by the security vendor last year. In 2011, DoS/DDoS attacks were discussed on 22% of the threads, while SQL injection was discussed on 19% of the threads. Rachwald said this is because the attacks continue to be profitable.
"There hasn't been a whole lot of change on the defensive end," he said. "So why change the offense?"
The study analyzed comments in a hacker forum that focuses on education and tutorials. The venue was "not a very hardcore forum," according to the report. Twenty-eight percent of the analyzed conversations were under a sub-forum called "Beginner Hacking," which revolved around training and learning, while 5% included tutorials for hacking methods.
The report also offered information on social media threats and mobile platforms. Facebook and Twitter were the most discussed social media at 39% and 37%, respectively. Android and iPhone were the most talked about mobile platforms, both at 34%.