In Information Technology, a hack can either mean a quick non-standard fix to make something work OR to modify a program to gain access that otherwise would be unavailable. As an aside, there is a bit of controversy over the term hack/hacker as they have evolved over the years and some don’t like the connection between ‘hacker’ and ‘security cracking.’ Once the mass-media started identifying those who had criminal intents as ‘hackers,’ the general population added it to their vernacular and didn’t distinguish between white or black hats much to the dismay of the computer community.
Now to the numbers. Even back in 2001, Gartner mentioned that 75% of cyber attacks & Internet security violations are generated through Internet applications. Today, probably 70% of the attacks are now specifically targeting Layer 7. Malware is mostly about stealing and harvesting data. During the height of the economic downturn, especially during October & November 2008, the financial crisis was fueling online crime – not to mention the disgruntled workers who had gotten laid-off. In 2008, Data theft Trojans increased 1,559% and Malware increased 582% with many of the attacks aimed at the energy/oil industry and transportation sector. Yes, we hear about the retail and financial attacks but energy and transportation could be considered infrastructure, to some extent, and those areas are attractive to those who want to disrupt basic services. One of the best stories I’ve read was from IBM. Their Internet Security Systems said they were seeing 450,000 web-infecting SQL injections a day. That’s a lot but not the whole story. During the first 5 months of 2008, they were only blocking around 5,000 SQL attacks a day. By June, that number was up to 25,000 a day and just before Halloween, 450,000 SQL injection attempts were made a day. The June full day numbers were now happening every hour. The most common ways of delivering malware is either through pdfor flash initiated with XSS or SQL injection. Jeremiah Grossman of WhiteHat lists his Top Ten Web Hacking Techniques of 2008 here.
About Peter Silva Peter Silva covers security for F5’s Technical Marketing Team. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.
Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.
Bringing the slightly theatrical and fairly technical together, he covers training, writing, speaking, along with overall product direction and evangelism for F5’s security line. Prior to joining F5, he was the Business Development Manager with Pacific Wireless Communications. He’s also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others. He earned his B.S. from Marquette University, and is a certified instructor in the Wisconsin System of Vocational, Technical & Adult Education.
Reader Feedback: Page 1 of 1
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
.gif)
