Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Higher Levels Of Hacking Attacks Against Retailers

Dell : 12 October, 2011  (Technical Article)
Dell Secureworks reports on the high levels of web exploit and SQL injection attacks targeted at the retail trade industry
Higher Levels Of Hacking Attacks Against Retailers
Dell SecureWorks has reported that hacker attacks targeting its retail customers increased 43 per cent between the last nine months of 2010 and the first nine months of 2011.

From January through until September 2011, Dell SecureWorks blocked an average of 91,500 attacks per retail customer, as compared to 63,581 attacks per retail customer April through December 2010.

“Based on the attacks we detected in the first nine months of this year, criminals are more aggressively using the web as a primary attack vector for both clients and servers,” said Jon Ramsey, Dell SecureWorks CTO. “We saw a significant increase in SQL Injection attacks against servers and exploit packs hosted on web sites, which contributed to the overall rise in retail attacks.”

“Server protection requires strong secure software development practices, as well as detection and prevention controls,” continued Ramsey. “Client protection requires good system hygiene and detection and prevention controls that limit exposure to attacks from malicious websites.”

Top attempted retail attacks

SQL Injection attack – A technique that exploits security vulnerabilities in Web applications by inserting malicious SQL code in Web requests. “Although this attack is very well known, it is not surprising that we continue to see a high incidence of this threat, as hackers will use any technique that proves to be successful over and over, and sadly it continues to be,” said Ramsey. Just this spring, it was reported that a hacker in Georgia used SQL Injection attacks to steal 675,000 credit card accounts, resulting in $36 million in fraudulent transactions. Cyber thieves also used SQL Injection attacks in the widely publicised breach of Heartland Payment Systems, Hannaford Brothers and three other retailers, where they made off with 130 million credit card and debit cards.  

Web-based Exploit Kit attacks – Dell SecureWorks also blocked its retail customers from a large number of Web-based Exploit Kit attacks. Exploit kits are tools that cyber criminals use to distribute a wide variety of malware, and this year we saw an increase in attacks from one of the most popular exploit kits on the underground, Blackhole. Generally computer users are unknowingly redirected to exploit kits through malvertisements (poisoned text ads),  compromised sites or spam email messages that contain a malicious, embedded link. When a computer user encounters an exploit kit, the kit invisibly probes the visitor’s browser or browser plug-ins (eg: document viewers, music and video players, rich content applications, etc.) for known security vulnerabilities. If vulnerable applications are found, they are used as a vehicle to silently install malicious software. Often, this malware consists of banking Trojans such as ZeuS or SpyEye; Downloader Trojans; DDoS or Spam Trojans; or Rogue Anti-Virus.

“The fact that a large number of Exploit Kit attacks were blocked indicates not only an increase in these attacks but also that there are unpatched security vulnerabilities in the retail employees’ third-party applications, such as Java and Adobe. All organisations, including retailers, should continually assess their patching policies, ensuring that their applications and operating systems are kept up to date and patched in a timely fashion,” said Ramsey.

Downloader Trojan attacks – Another prevalent attack type attempted against Dell SecureWorks’ retail customers were Downloader Trojans. These are relatively small, highly obfuscated, malicious programme. Their primary mission is to bypass and disable a computer’s host-based security programmes like anti-virus and firewalls so that other malicious payloads can be downloaded and installed on command without tripping security alerts. Downloader Trojans are primarily distributed by rogue pay-per-install (PPI) affiliates using malvertisements, misleading links, or redirects to Web Exploit Kits. They can also be disguised as fake codecs for viewing video, pretend to be updates to browser plug-ins, piggyback on files shared via P2P (peer-to-peer) shared networks or arrive as attachments to emails. The PPI operator sells access to the download functionality of his bots (infected machines) to other botnet operators and purveyors of adware, spyware, and other malicious code.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo