As was heard throughout the speeches, sessions and networking chatter at the recent RIMS 2012 Annual Conference & Exhibition in Philadelphia, the biggest worry to business owners, CEOs and managers is that of cyber threats. And rightly so. It seems like each day we are inundated with reports of a new way hackers can gain control of company information and/or take down systems. Today is no exception.
This morning, Prolexic Technologies released a threat advisory on the use of booter shells, which allow hackers to readily launch DDoS attacks without the need for vast networks of infected zombie computers.
“Increased use of techniques such as booter shells is creating an exponential increase in the dangers posed by DDoS attacks,” said Neal Quinn, chief operating officer at Prolexic. “For hackers, DDoS attacks have never been easier to launch, while for their victims, the power and complexity of attacks is at an all-time high. The threat of a DDoS attack has never been more likely or its potential impact more severe. We’ve entered the age of DDoS-as-a-Service.” The increased use of dynamic web content technologies, and the rapid deployment of insecure web applications, has created new vulnerabilities — and opportunities — for hackers to use infected web servers (instead of client machines) to conduct DDoS attacks. Traditional DDoS attacks make use of workstations infected with malware, typically infected through spam campaigns, worms or browser-based exploits. With these traditional tactics, hackers needed multitudes of infected machines, to mount successful DDoS attacks.
Where boot scripts differ is in the fact that they are standalone files, meaning DDoS attacks can be launched more readily and can cause more damage, with hackers using far fewer machines. Even more alarming, people don’t need as much skill to launch such attacks. A DDoS booter shell script can be easily deployed by anyone who purchases hosted server resources or makes use of simple web application vulnerabilities (i.e., RFI, LFI, SQLi and WebDAV exploits). This, in essence, puts attacks within reach of even novice hackers. Companies should take note, especially financial firms.
According Prolexic’s quarterly global DDoS attack report released a few weeks ago, there was an almost threefold increase in the number of attacks against its financial services clients during Q1 compared to Q4 2011. “This quarter was characterized by extremely high volumes of malicious traffic directed at our financial services clients,” said Neal Quinn, Prolexic’s vice president of Operations. “We expect other verticals beyond financial services, gaming and gambling to be on the receiving end of these massive attack volumes as the year progresses.”
So what should companies do to protect their information and IT infrastructure? Though organizations can never be 100% protected from an attack, they can help by continuously testing proprietary web applications, as well as constantly testing known vulnerabilities in commercial apps.