Given the amount of sensitive and financial information that is transmitted over the Internet every hour, it would be an obvious choice for cyber criminals to conduct their illegal activities. Yet in addition to the amount of traffic, the proliferation of insecure web applications makes web based hacking attacks even more attractive, and even more profitable.
Breaking into computer systems for malicious intent is nothing new. Since the early eighties skilled computer enthusiasts, or hackers, have used their knowledge to break into systems with no redeeming intent. However with the advent of web based applications, the sophistication of hacking attacks has dramatically increased while the amount of skill required to carry out these attacks has proportionately lessened.
Malicious hackers nowadays can make use of a number of tools that help them automate their attack. Using scanning tools the attacker is able to perform the first step of their attack, enumeration. In this phase information is gathered regarding the intended target. With specific tools, the attacker can scan multiple computers, routers, servers, and web sites at once looking for specific information that will help them easily attack the machine. Add to this the ability for the attacker to conduct the enumeration process with an army of zombie computers and the number of vulnerable systems that they can identify rises exponentially depending upon the size of the botnet they control.
Once the targets have been identified the attacker continues to analyze the targets looking for known vulnerabilities. Depending on what the overall goal of the attacker is, they could be searching for any number, or combination, of vulnerabilities in which to exploit. These can include, but are not limited to:
* Cross-Site Scripting
* SQL Injection
* Remote File Execution
* Denial of Service
* Path Traversal
* And many others
Once the vulnerabilities are identified, the attacker can move into the last stage of their attack, exploiting the computers.
Using the information found in the vulnerability analysis, the attacker then attempts to exploit the target computers. Again, this process can be automated like the others, and when launched from a large botnet army the attacker can exploit thousands of victims with minimal effort on their part.
Effects of Hacking Attacks
Hacking attacks can have detrimental effects on the victim. These
effects vary according to the type of attack the hacker launched and
what the target of their attack is. Unfortunately for many Web Sites,
there are multiple ways to exploit them. |
| Hacking Attack |
* Malware that infects desktop computers can reveal administrator
credentials or FTP credentials. These credentials can then be used to
access the web site, web server, and even other resources on a companies
network.
* Web applications that power dynamic web sites present multiple ways for an attacker to exploit a site and connect to the web site’s data base. Data bases that contain financial or personal information can then be farmed to later be used for credit card fraud or identity theft.
* Denial of Service attacks can cause a disruption in web services. If any essential business processes are run over the Internet, these can cease to function as well.
The Need to Protect Against Hacking Attacks
When a web site or network is attacked, the blame falls on the owner. It is their responsibility to ensure that any service or application that they are running is protected against the vulnerabilities that can be used to exploit their property, and that includes their web site.
To protect customers and employees from having their financial or private information from being stolen, both industry and governments have implemented regulations with the intent of securing against common hacking attacks. To combat credit card fraud, the Payment Card Industry created the Data Security Standard that requires merchants who process credit cards to take specific measures that help protect against hacking attacks. The European Union, United Kingdom, United States, and Canada are among the governments that have also instituted privacy acts meant to regulate how businesses protect their customer and employee data from malicious hackers.
 |
| Password |
How Does dotDefender Helps to Protect Against Hacking Attacks?
IBM’s X-Force Trend report stated that, “Web applications remain the
Achilles heel for the security industry”. With over 80% of all web sites
having contained at least one vulnerability, web application security
needs to be addressed by any company with a web presence as protecting
web applications not only helps to protect your web site from attack,
but also can protect your web servers and any other network resources
that access them.dotDefender enables companies to address challenges facing their web site in a straightforward and cost-effective manner by utilizing a Security as a Service solution. dotDefender offers comprehensive protection against the vulnerabilities that hacking attacks use against your web site every day.
The reasons dotDefender offers such a comprehensive solution to your web application security needs are:
* Easy installation on Apache and IIS servers
* Strong security against known and emerging hacking attacks
* Best-of-breed predefined security rules for instant protection
* Interface and API for managing multiple servers with ease
* Requires no additional hardware, and easily scales with your business
 |
| Hackers |
No comments:
Post a Comment