http://www.theregister.co.uk/2012/04/24/crackers_tools/
By John Leyden
The Register
24th April 2012
Infosec 2012 - Hackers are increasingly turning to automated software
tools to launch attacks.
According to research from Imperva, more than 60 per cent of SQL
injection attacks and as many as 70 per cent of Remote File Inclusion
attacks (the two most common attack types) are automated. Remote File
Inclusion attacks allows hackers to plant back doors on PHP-based
websites.
Tools like Havij and SQLMap are used by miscreants to probe for
vulnerabilities and execute SQL injection attacks. These tools also
employ techniques to evade detection, such as periodically changing
headers or splitting attacks through controlled hosts to avoid
black-listing. In the past, using attack tools was purely for script
kiddies but these attitudes are changing, according to Rob Rachwald,
director of security strategy at Imperva.
Automatic attack tools aren't just for the clueless anymore, he says.
These tools can be used to attack more applications and exploit more
vulnerabilities than any manual method possibly could, making them a
useful adjunct for even skilled attackers. "Automated tools are becoming
better quality. Both experienced and inexperienced hackers use them but
experienced hackers use them with more finesse," Rachwald explained.
[...]
_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
