Study Says Hackers Becoming Advanced
August 14, 2006 — (WEB HOST INDUSTRY REVIEW) — Security consultant Mandiant (mandiant.com) announced last week that its latest research has found that hackers are more frequently using rogue active server pages as a way into a Web server in order to remotely view, copy or delete files, according to a report by Information Week.
Kevin Mandia, president of Mandiant, spoke at a Black hat conference in Las Vegas, Nevada where he shared research results that proved attackers are using increasingly sophisticated methods to evade detection and make life difficult for security incident response teams.
Mandia says the sophistication of hackers’ tools are outpacing that of investigators’ forensic tools, and one of the consequences is that incident response teams charged with investigating attacks on networks are taking between five and eight days to find malicious code.
As incident response teams search for the malicious code, the most common assumption is that a hacker has used kernel level rootkits to access sensitive internal data. Rootkits are software tools designed to hide running processes, files or system data and enable attackers to maintain control over a system without the user’s knowledge. A kernel level rootkit takes this a step further by adding or modifying part of the kernel code. Although Windows security breaches make up the majority of security incidents, the kernel level rootkits Mandia has come across thus far have been Linux-based.
Mandia says the main reason hackers aren’t running kernel level rootkits as much anymore and are choosing the ASP route is because rootkits can make systems unstable, which could blow their cover.
The report adds that profit-motivated attackers usually operate by hacking a victim’s PC and installing a keystroke logger or by getting their victims to fall for phishing scams. Mandia says these attacks are tough to stop because the attackers tend to work quickly and leave little evidence behind.
About theWHIR.com
Since 2000, The Web Host Industry Review has made a name for itself as the foremost authority of the Web hosting industry providing reliable, insightful and comprehensive news, interviews and resources to the hosting community. TheWHIR is an iNET Interactive property. For more information on iNET Interactive, visit http://www.inetinteractive.com
No related posts.
