Imperva Data Security Blog

Parasitic Drag: The Hidden Cost of Bots

2012-05-15T13:44:16-07:00

Incapsula (full disclosure: Incapsula is a subsidiary of Imperva) today released a great bit of research. They asked: "What is the overhead of all the automated bot traffic?" Today, most people think that a cost is incurred from bad bots only when a breach occurs. Not true if more than up to 80% of your total web traffic comes from machines. The automated traffic has a drag-like effect seen in aerodynamics. They write: Most of this traffic is automated and is entirely unrelated to the website’s real human traffic. Basically, each website spun up by a hosting provider will suffer...

Hackers Hacking Hacker Money

2012-05-14T08:46:18-07:00

Or is law enforcement behind it? Can’t say who compromised the Bitcoin site, but it has been compromised. It looks like the database was stolen: Reminder again: Please do not reuse your Bitcoinica passwords as the database server was compromised. For reference, here’s the leaked memo from the FBI expressing concern over the Bitcoin site. Ironically, this news comes as hacktivists lament tougher times: First, there’s this interview from Canada where fugitive hacker, Christopher Doyon, a.k.a. Commander X, states, “I think it’s a stalemate at the moment.” Though he does go onto predict that Anonymous will be the most...

Lessons from Today's Amnesty Hack

2012-05-11T06:09:49-07:00

Amnesty International UK's website was hacked courtesy a backdoor dropped on visitors systems. Most likely done by a foreign government, many speculate that it's the Chinese. Websense's blog gives a good technical overview of the attack. But what does it mean for security teams? In some cases, hackers don’t want to steal the data from the website but rather want to infect the users who are visiting. This can lead to more access to business critical data which, for example, is often stored as files on a fileserver. In the Amnesty case, the real prize isn't Amnesty's data per se,...

The Malware Hotel

2012-05-10T13:41:32-07:00

IC3's warning about malware in hotels is interesting because of it fails to identify who the aggressor is with clarity. The key passage is this: The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection. What does this mean? This warning is targeted to academics and government officials traveling abroad because state-sponsored actors use the malware installed via these networks to steal intellectual property and/or government secrets. The main concerns? China and Russia. What can travelers do? There are two options: Use a temporary...

WAF Wars

2012-05-10T13:05:04-07:00

Two articles are out today on WAFs: one from Imperva's Noa Bar Yosef and the other a blog from our partner Acunetix. Let's start with the Acunetix blog. The basic argument is this: WAFs are being used as a band aid that substitutes for a more comprehensive approach that primarily consists of vulnerability scanning (note that Acunetix is a vulnerability scanner). Two points: A truly comprehensive appsec program, though necessary, is neither easy or nor always an option. We profiled an attack against a temporary website, for example, that had little time to develop a secure website. And the WAF...

[Webinar] The Insider's Guide to Insider Threats

2012-05-09T05:00:00-07:00

Did you know 70% of employees plan to take sensitive business data with them when they leave their job? Further, did you know over 50% feel they have rights to this data? If you think your organization has avoided the insider threat, you may need to look deeper. Pinpointing the source and scope of data theft is often hard to quantify, especially since your largest internal threat may actually be one of your most loyal employees. This webinar presents findings from the first-ever global insider threat study that catalogs common practices used by leading organizations across numerous verticals. Speaker: Rob...

CVE List Surpasses 50,000 CVE Identifiers

2012-05-09T04:53:16-07:00

And no one should be surprised. With all the automated vulnerability scanning tools, finding web apps is easy and profitable. Specifically: Google: We've written extensively about Google Dorks. Here's an example of what hackers can find. Automation: We wrote a report on it last month. Not only are tools automated, they're getting better.

Hacktivism 101

2012-05-07T09:37:36-07:00

Great interview with Imperva's Tal Be'ery on the motivators, process and technologies behind hacktivism. The podcast is here.

Application DDoS 102

2012-05-04T00:00:00-07:00

Late last year, we described how DDoS attacks were moving up the stack, targeting applications themselves. How does this work in reality? In our February report on hacktivism, we mentioned how DDoS is the last resort after data theft. Traditionally, DDoS has focused on the network layer. Note that LOIC has an HTTP capability, as well (click to BIGGIFY): How does this work in reality? In our profile of a hacktivist attack, we noticed that hackers conducted reconnaissance focused on the search engine. Why the search engine? Simple: to maximize computational intensity on the back end. How doest his work?...

LOICversary

2012-05-03T14:23:16-07:00

The DDoS tool, Low Orbit Ion Canon (LOIC), has hit a milestone this week: cumulative downloads for 2012 have surpassed cumulative downloads for 2011. In 2011, there were 381,976 total downloads. This week, total LOIC downloads exceeded the total downloads from last year. It only took four months or, more precisely, 112 days. The actual break even date was 22 April (Vladimir Lenin’s birthday, incidentally). What does this mean? There were about 3,432 downloads per day. 142 downloads per hour. 2.3 downloads per minute. There was a large burst of downloads early in the year driven by attacks on the...