Imperva: Hackers team-up to target low hanging fruitby Steve Ragan - Oct 17 2011, 13:30
In their latest intelligence report, Imperva examines one of the largest hacker forums online to see what the script kiddies, coders, and teachers were up to. According to the report, the forum - with about 250,000 members - focus on the basics, and tend to help one another out.
Using content analysis, Imperva leveraged the forum’s advanced search feature to analyze threads by topic using specific keywords. Based on the results, two topics are of the most interest to those looking for information: SQL Injection (SQLi) and DDoS methodologies.
Almost 20-percent of the topics on the forum center on SQLi, with another 22-percent focused on DDoS. The lines of discussions range from services and sales, to tutorials and recommended tools. In the middle of this are topics that include bots used to carry out these types of functions as well. After those two, Spam, Zero-Day releases and related chat, as well as Shell Code development and tools, were the other common topics.
When it came to the training and tutorials, beginning techniques, as well as tools and programs were the top two topics, followed by website and forum hacking.
“Hackers devote most of their time, 25%, towards discussing beginning hacking. The strongest category with nearly 25% of discussions was on hacking tutorials. This means there’s a strong, steady interest in content to learn hacking, ensuring a steady supply of new talent,” the report noted.
The report isn’t something that should shock the business world, and much of the topics in it are well-known to the InfoSec community. If there are lessons from the data, it is that organizations are facing basic attacks, from criminals who my have just learned the methods they are deploying.
With that said, the little gaps in the organization’s defenses are likely what will cause the most trouble, so don’t forget the basics.