Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.

Wednesday, November 11, 2009

War beneath the web

A new article in the Guardian talks about the state of website hacking. Hacking websites used to be a way to show off. Now, it's a lucrative crime – committed on an industrial scale.

You can read the entire article here.

And here are some highlights from the article:
Experts agree that the change is due to one critical factor: money. Hackers generally don't now aim to make a mess; they do it to get cash.

"The difference is that in about 2003 people realised they could use these weaknesses to make money," explains Richard Clayton, a security researcher at Cambridge University. "There are three ways they do it: drive-by downloads, which enlarge a botnet [which can be hired to send spam, assist in the theft of personal details, or attack websites to extort their owners]; hosting a phishing site, so they can collect login details; and putting spam links on the site to raise the spam's search engine ranking." The hacking of Free Our Data and the other sites had the latter purpose.

...

Clayton and his team have done extensive research into phishing sites hosted on cracked web servers. "We found the same sites would get hacked. Our insight was that people were using Google to find websites to break into, by doing specific searches for particular versions of software that they knew had particular vulnerabilities – Wordpress 1.3.1 or Drupal or whatever. So they'd do a Google search, find those sites and then hack all 50 sites using the same method."

...

"It's a big problem and getting worse," says Dave Jevans, chief executive of IronKey and chair of the Anti-Phishing Working Group. "When I have tracked website attacks, I've found it convenient to look at the Zone-H statistics. Zone-H.org reports on website breach defacements, as reported by bragging hackers. The exact same attack methodologies are used to make a website host malware or a phishing site.

"Today they reported 1,110 defacements so far. For the month of October 2009 they reported 47,560. So that's about half a million defaced websites per year. Now keep in mind that this is reporting by hackers themselves. Imagine the number of sites that are attacked and breached that are not reported to Zone-H."



Sounds scary, but shouldn't be any new news for a savvy IT administrator. All these points just reiterate the need for a proxy acting as web security gateway in your network.

No comments: