Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Increase in Business Logic Attacks

Imperva : 27 January, 2012  (Technical Article)
Automated hacking attacks on commercial organisations follow business logic to lead the user into revealing access information reports Imperva
Increase in Business Logic Attacks
Imperva has released the second Imperva Web Application Attack Report (WAAR), which revealed that web applications are subject to business logic attacks. The WAAR, created as a part of Imperva’s ongoing Hacker Intelligence Initiative, offers insight into actual malicious web application attack traffic over a period of six months, June 2011 through November 2011.

Imperva monitored and categorized attacks across the internet targeting 40 different applications. The WAAR outlines the frequency, type and geography of origin of each attack to help security professionals better prioritize vulnerability remediation.

“Business logic attacks are attractive for hackers since they follow a legitimate flow of interaction of a user with the application,” said Amichai Shulman, Imperva’s CTO.  “This interaction is guided by an understanding of how specific sequences of operations affect the application’s functionality. Therefore, the abuser can lead the application to reveal private information for harvesting, skew information shared with other users and much more — often bypassing security controls.”

Report Highlights

* Automated application attacks continue.  In the six month period from June – November 2011, the observed web applications suffered attacks in the range of 130,000 to 385,000 per month. At its peak, the application set was under attack at a rate of nearly 38,000 per hour or ten per second.

* Hackers are relying on business logic attacks due to their ability to evade detection:  Imperva also investigated two types of Business Logic attacks: Comment Spamming and Email Extraction. Comment Spamming injects malicious links into comment fields to alter search engine results and potentially defraud consumers.  Email Extraction simply catalogs email addresses for building spam lists.  These Business Logic attacks accounted for 14% of the analyzed malicious traffic.

The geographic origin of Business Logic attacks were:

- Email extraction was dominated by hosts based in African countries.
- An unusual portion of the Comment-spamming activity was observed from eastern-European countries.

* Hackers exploit five common application vulnerabilities: The five most common application vulnerabilities are: Remote File Inclusion (RFI), SQL Injection (SQLi), Local File Inclusion (LFI), Cross Site Scripting (XSS) and Directory Traversal (DT). Cross Site Scripting and Directory Traversal are the most prevalent classical attack types. Why are these vulnerabilities targeted? Hackers prefer the path of least resistance and application vulnerabilities offer a rich target.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo