Feeds

CISPA row: Slurped citizen data is ENORMO HACK TARGET - infosec boss

US cyber-spook hub ultimate trophy for miscreants

Reducing security risks from open source software

The ability to identify common patterns in real-world attacks makes crowd-sourcing threat intelligence extremely useful, according to a study from security tools firm Imperva.

The report arrives just as a privacy row rages over the new Cyber Intelligence Sharing and Protection Act (CISPA) law in the US.

But the head of the security firm said the legislation could create several problems, not least of which was the equivalent of sticking a giant 'Hack Me' sign on the government's info stores.

The US cybersecurity bill, which passed through the US House of Representatives last week, would allow the US government to share "cyber threat intelligence" with private-sector entities. Crucially, the proposed law would also allow the firms to share their customers' web traffic information - among other things - with the Feds.

CISPA's critics also argue that the law would create a mechanism for private businesses to share intelligence with government, including private data, without judicial oversight. Privacy activists are concerned that the risks of this massive trawling exercise more than outweigh security benefits. The bill has not yet passed through the Senate.

Amichai Shulman, CTO at Imperva, said that the policy would theoretically create more repositories of data for government to analyse but warned that the gathering of threat data would be accompanied by the potential risk of hacker attacks against the newly established info hubs. Shulman also spoke of the possibility of bureaucratic creep (ie, data on info hubs being used for purposes other than security analysis, Big Data number crunching) and said the info hubs were a potential target for attack.

While Shulman didn't comment on the bill as it stands, he did insist that more information sharing needs to happen in order for defenders to stay abreast of security threats and that government involvement was a "broadly positive" development.

Stopping these assaults shouldn't be rocket science

Imperva's latest Hacker Intelligence Initiative report shows businesses can reduce risk by identifying and blocking attackers targeting multiple sources. The study analysed real-world attack traffic against 60 web applications between January and March 2013 to identify common attack patterns. Businesses can reduce the risk of successful attacks against their organisations by identifying and blocking attack sources, payloads and tools that are prevalent in targeting multiple websites.

The security firm said these attack sources - which can best be identified by analysing crowd-sourced attack data from a broader community - made up a disproportionate amount of the overall traffic against corporates.

Imperva researchers analysed the behaviour of the most common web application attacks (SQL injection, remote and local file inclusion, and comment spam attacks) over time and across targets, cross-referencing this data with the three most prevalent attack characteristics (attack source, payload, and tool), against known attack signatures.

The study - which covered data from the first three months of 2013 - revealed that several attacks are responsible for a disproportionate amount of attack traffic. Attacks targeted SQL injection attacks and RFI attacks were particularly prominent in the treat landscape.

Imperva argues that crowd sourcing and sharing information about attacks improves collective protection against large-scale attacks. Identifying a “noisy” attack source - an attacker, payload or tool that repeatedly attacks – is important.

"Our report shows that businesses can greatly reduce the number of successful attacks against their organisations by identifying and blocking attack sources that are known to target multiple sites or applications," Shulman explained.

The full Imperva report, Get What You Give: The Value of Shared Threat Intelligence, can be found here.

The security tools firm launched the survey at the same time as it announced the addition of ThreatRadar Community Defense, a crowd-sourced threat intelligence service, to its SecureSphere 10.0 Web application firewall (WAF) platform. The service is designed to aggregate and validate attack data from WAFs to protect against hackers, automated clients, and zero-day attacks.

Shulman compared the service to the sharing of anti-malware intelligence between security researchers. He said Imperva's service would create "actionable intelligence" broader than just IP addresses linked to attacks, providing early warnings about a spate of RFI-style attacks, for example. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
L33t haxxors compete to p0wn popular home routers
EFF-endorsed SOHOpelessly Broken challenge will air routers' dirty zero day laundry
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.