What do Wells Fargo, Tumblr and GoDaddy all have in common? Over the last year, they were all victims of targeted web attacks. These types of high profile attacks headlines were covered by breaking headlines and received widespread mainstream media coverage there are still very few breaches where the full details of the attacks emerge for public analysis and deeper understanding. So we decided to break down three of the major types of attacks we saw in the last year. This is by no means comprehensive, but certainly gives food for thought.
Distributed denial of service (DDoS) was a popular technique used against the websites of Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank by the Islamist group Izz ad-Din al-Qassam to point thousands of high-powered application servers at the targeted banks. Due to the volume of traffic to these sites, this attack doubled the previous record for the worst denial of service attack. The same technique was used by Anonymous to attack GoDaddy’s website and bring down one of the world’s largest Internet domain registrars and web hosts.
DDoS attacks are, in effect, simple and unsophisticated, easy to execute, relatively inexpensive to organize, and more of a nuisance or protest, rather than a true security breach. They are a method to exhaust the resources of the website’s infrastructure and effectively “occupy the building” of the organization’s website. Put another way, if you organized a flash mob to fill the entire shop floor of a department store, so that nobody could move within the store, effectively preventing anybody from purchasing anything and, therefore, damaging the business by preventing real customers from gaining access to the store, you would create a denial of service for a brick and mortar retail store.
Breaches like those that compromised LinkedIn, eHarmony and Lastfm.com users’ when millions of encrypted passwords were hacked and posted on a Russian hackers Internet forum, prove that SQL injection attacks are still a problem, even for security focused organizations.
A trend in recent attacks, like the one on Tumblr, show that attackers are becoming more sophisticated and are reaching for newer, more creative and increasingly advanced techniques. The reason for this is that much of the low hanging fruit for more basic attacks is drying up, and as applications become more complex, new attack vectors exploiting the applications themselves are being developed.
The world of hacking is becoming more sophisticated and it is safe to assume that there is a finite group of malicious hackers exploiting websites and web applications around the globe but there is no clear picture of where they are located, what they are attacking and what techniques they use.
This week at RSA, we are announcing a new strategy to protect against these increasingly popular types of attacks in a much more definitive way. Our new set of products will provide better protections against web-based attacks and DDoS attacks on the datacenter with more definitive intelligence about attackers.
Discussing a wide range of topics impacting enterprises and
data center security.