Feeds

CISPA row: Slurped citizen data is ENORMO HACK TARGET - infosec boss

US cyber-spook hub ultimate trophy for miscreants

Internet Security Threat Report 2014

The ability to identify common patterns in real-world attacks makes crowd-sourcing threat intelligence extremely useful, according to a study from security tools firm Imperva.

The report arrives just as a privacy row rages over the new Cyber Intelligence Sharing and Protection Act (CISPA) law in the US.

But the head of the security firm said the legislation could create several problems, not least of which was the equivalent of sticking a giant 'Hack Me' sign on the government's info stores.

The US cybersecurity bill, which passed through the US House of Representatives last week, would allow the US government to share "cyber threat intelligence" with private-sector entities. Crucially, the proposed law would also allow the firms to share their customers' web traffic information - among other things - with the Feds.

CISPA's critics also argue that the law would create a mechanism for private businesses to share intelligence with government, including private data, without judicial oversight. Privacy activists are concerned that the risks of this massive trawling exercise more than outweigh security benefits. The bill has not yet passed through the Senate.

Amichai Shulman, CTO at Imperva, said that the policy would theoretically create more repositories of data for government to analyse but warned that the gathering of threat data would be accompanied by the potential risk of hacker attacks against the newly established info hubs. Shulman also spoke of the possibility of bureaucratic creep (ie, data on info hubs being used for purposes other than security analysis, Big Data number crunching) and said the info hubs were a potential target for attack.

While Shulman didn't comment on the bill as it stands, he did insist that more information sharing needs to happen in order for defenders to stay abreast of security threats and that government involvement was a "broadly positive" development.

Stopping these assaults shouldn't be rocket science

Imperva's latest Hacker Intelligence Initiative report shows businesses can reduce risk by identifying and blocking attackers targeting multiple sources. The study analysed real-world attack traffic against 60 web applications between January and March 2013 to identify common attack patterns. Businesses can reduce the risk of successful attacks against their organisations by identifying and blocking attack sources, payloads and tools that are prevalent in targeting multiple websites.

The security firm said these attack sources - which can best be identified by analysing crowd-sourced attack data from a broader community - made up a disproportionate amount of the overall traffic against corporates.

Imperva researchers analysed the behaviour of the most common web application attacks (SQL injection, remote and local file inclusion, and comment spam attacks) over time and across targets, cross-referencing this data with the three most prevalent attack characteristics (attack source, payload, and tool), against known attack signatures.

The study - which covered data from the first three months of 2013 - revealed that several attacks are responsible for a disproportionate amount of attack traffic. Attacks targeted SQL injection attacks and RFI attacks were particularly prominent in the treat landscape.

Imperva argues that crowd sourcing and sharing information about attacks improves collective protection against large-scale attacks. Identifying a “noisy” attack source - an attacker, payload or tool that repeatedly attacks – is important.

"Our report shows that businesses can greatly reduce the number of successful attacks against their organisations by identifying and blocking attack sources that are known to target multiple sites or applications," Shulman explained.

The full Imperva report, Get What You Give: The Value of Shared Threat Intelligence, can be found here.

The security tools firm launched the survey at the same time as it announced the addition of ThreatRadar Community Defense, a crowd-sourced threat intelligence service, to its SecureSphere 10.0 Web application firewall (WAF) platform. The service is designed to aggregate and validate attack data from WAFs to protect against hackers, automated clients, and zero-day attacks.

Shulman compared the service to the sharing of anti-malware intelligence between security researchers. He said Imperva's service would create "actionable intelligence" broader than just IP addresses linked to attacks, providing early warnings about a spate of RFI-style attacks, for example. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.