Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Imperva Launches Hacker Intelligence Initiative

July 2010 by Emmanuelle Lamandé

Imperva announced its hacker intelligence initiative (HII), a research effort focused on providing deeper insight on how cybercriminals conduct large scale cyber attacks as well as shedding light on the evolution of the underground business of cybercrime.

Part of Imperva’s Application Defense Center (ADC), the hacker intelligence initiative will investigate the anatomy of attacks as well as key hacking trends by exploring the cybercrime industry utilizing techniques including hack-back, forum monitoring and internet traffic surveillance.

Imperva’s HII researchers will conduct and release research on attacks as they are uncovered. To date, the HII has released research on four significant cybercrime activities, among others:

- Pyramid-Scam Phishing Scheme: Employing simple hack-back techniques, Imperva uncovered a pyramid scam-style phishing scheme where a sophisticated hacker siphons data from individual phishing attacks through a backdoor in a phishing kit; the attack also capitalizes on a second drop-server to store stolen data.

- Start-to-Finish Execution of a Cross-Site Scripting Attack: By observing the hacker’s own vulnerable code, Imperva was able to witness a XSS attack impacting 3000 individuals; Imperva found that XSS attacks require little expertise and less than an hour to carry-out when using readily available tutorials and free hosting sites.

- New Type of DDoS Attack: By monitoring a TOR, Imperva traced DDOS attacks to find that, unlike traditional botnets made up of infected PCs, the attacks were leveraging a botnet of infected servers, creating a stronger, more effective and less-discoverable attack.

- The publication of 32 million passwords: By monitoring hacker forums, Imperva uncovered a list of user passwords for the popular site RockYou and provided analysis of the most commonly used words and phrases.




See previous articles

    

See next articles