According to the report, 2010 Top Cyber Security Risks, web exploit toolkits are rapidly growing as the weapon of choice by attackers due to ease of use and high success rate. Web toolkits are traded online, enabling attackers to access enterprise IT systems and steal sensitive data.
“It’s no longer necessary using these toolkits for hackers to persuade somebody to visit their website. Instead, they are placing malware on high traffic volume websites where they know they will get a lot of people visiting those websites”, explained Simon Leech, manager of solution architects EMEA at HP TippingPoint.
“So it makes the distribution of attacks a lot easier. Once people start downloading the malware, those people will invisibly install some software on their machines, and they will get added to a botnet. Once they are in a botnet, the possibilities are limitless for the people controlling that botnet”, he told Infosecurity.
Another aspect of the toolkits is that they are being used more for financial gain, Leech said. The supplier of the toolkits makes money by selling the toolkits to hackers, and then the supplier makes additional money by selling updates to the toolkits on a “subscription” basis, he noted.
The report also found that the number of reported vulnerabilities increased 10% in 2010 to 7,900 from 7,260 in 2009. In addition, the number of attacks against these vulnerabilities increased dramatically, according to the report.
“Although the number of discovered vulnerabilities is staying stable, we are finding that the majority of attacks are taking place against known security vulnerabilities. What this is highlighting is that the guys that are carrying out these attacks are not really in a position to do their own vulnerability research. So they are relying on vulnerabilities that have already been discovered and on the fact that companies still don’t have a good patching strategy for their organizations”, Leech observed.
The report found that web application vulnerabilities represent half of all security vulnerabilities and identified third-party plug-ins to content management systems as a leading cause of web application vulnerabilities. Blog-hosting and online discussion forum applications, such as Wordpress, Joomla and Drupal, are among the most frequently attacked systems.
“Ten years ago, attacks focused on making a point or causing denial of services. We were seeing many more attacks around the SMB protocol, taking down the server or workstation of the person being attacked. What we are seeing now is that half of the security vulnerabilities are based around the web application server. To that end, many more of the attacks are web-based. So SMB as a vehicle for attacks has become practically nonexistent, whereas the web-based attacks are becoming the tool of choice for attacks”, Leech said.
Leech recommends that an organization hosting a web server make sure that the server has been adequately secured, such as setting up firewalls and monitoring and patching vulnerabilities. In addition, users should make sure they are using an up-to-date web browser that has been patched, as well as up-to-date anti-virus software.