Websites are becoming intelligent, so are website hackers
Who would have thought that making a website will be as easy as giving a list of URL’s, images, text and videos to an engine. Yes, simply giving whatever you want in a website and a website is made out of it. This might sound a bit far fetched, but you’ll be surprised to learn that this tech is already out. The Grid apart from making a website from scratch, evolves the website with time . All this happens due to handshake of web development and Artificial Intelligence. Apart from this ahead of its time technology, websites in-general are becoming more intelligent these days. This intelligence is data driven and is used to give more accurate information to a user. Since websites are becoming so advanced how can hackers stay behind.
Website hackers are automating vulnerability detection, exploiting 0-days and using intelligent malware to lure users into giving their personal information out. Over the last few years, even hacking has become more intelligent. Sitting in-front of the system and manually auditing a web app is just a small part of it. A lot of work is now done by automated tools.
LET’S DISCUSS A FEW METHODS USED BY WEBSITE HACKERS TO MAKE HACKING EVEN MORE INTELLIGENT:
- Automated Bots: Whenever a new exploit becomes known, attackers code an automated script which traverses all the possible websites to check if the website is exploitable or not. Saving hackers a lot of time and effort. What might have taken them years, now simply gets done in a couple of days. The script simply returns them with a list of websites where the newly released exploit can be exploited. On the other hand website owners now they have very less time to fix the issue. Making this game of cat and mouse chase even more proactive. Here’s a screenshot of one such bot from China, detected by ASTRA:
- Intelligent Malware: Earliest known walware were simple batch files and then to vb scripts followed. But now malwares have become very sophisticated. Right from compromising average Joe’s system to nuclear power plant, malware are capable of everything. We all have heard about Stuxnet and how it was able to compromise nuclear plant. Hackers often spread malware via infected websites, torrents, songs download sites, email attachments etc. Once infected, victim machine is completely in the hands of a hacker. Miss Teen USA Cassidy Wolf’s Sextortion by a hacker is a recent example where a celebrity fell victim to a malware attack.
- Cracking Isn’t that Difficult now: In early 2000’s if an attacker had password hashes and wanted to crack them, the amount of resources required were massive. But today, with abundant computational power available on cloud cracking of passwords isn’t that difficult. Moreover, for attacks like SQL Injection construction of queries and figuring our the database structure used on the website was a big problem. A problem which earlier caused hackers to leave their hacking attempt mid-way even though they have found vulnerabilities. Now, the tools available you just need to give them the vulnerable URL. The tool throws out the entire database.
To sum up, over the years hackers have simplified the process of exploitation. Now exploiting a website has become easier, faster and something which even script kiddies can do. Which puts a lot of weight on the shoulders of website owners to have top notch security for their website. We’ve built an intelligent Web Application Firewall ASTRA which is like your in-house information security team, only available 24x7 unlike the infosec team. It takes 5-minutes to install and is refreshingly easy to use. Do check it out here.
