One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8304162 |
| Date de publication | 2023-01-26 11:00:00 (vue: 2023-01-26 11:08:13) |
| Titre | Predicting which hackers will become persistent threats |
| Texte |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the authors in this article. This blog was jointly written with David Maimon, Professor at Georgia State University.
Website defacement
Websites are central to business operations but are also the target of various cyber-attacks. Malicious hackers have found several ways to compromise websites, with the most common attack vector being SQL injection: the act of injecting malicious SQL code to gain unauthorized access to the server hosting the website. Once on the server, the hacker can compromise the target organization's website, and vandalize it by replacing the original content with content of their own choosing. This criminal act is referred to as website defacement. See Figure 1 for examples of past website defacements.
  Figure 1. Examples of past website defacements.
While the act of vandalizing a website may seem trivial, it can be devastating for the victimized entities. If an e-commerce site is publicly compromised, for example, they suffer direct and indirect financial loss. The direct losses can be measured by the amount of revenue that would have been generated had the website not been compromised, and by the time and money spent to repair the damaged site. Indirect losses occur because of reputational damage. Potential customers may be deterred from providing their banking information to an organization portrayed and perceived as incapable of protecting their assets.
Threat actors
Unlike most forms of hacking, website defacement has a public facing component. Assailants are eager to get credit for their success in compromising websites and are notorious for bragging about their exploits across various platforms, including general social media (e.g., Facebook, Twitter, Youtube, etc.) and hacking specific sites. The most popular platform on which hackers report successful defacements is Zone-H. Users of the platform upload evidence of their attack, and once the attack is verified by the site’s administrators, it is permanently housed in the archive and viewable on Zone-H’s webpage. Zone-H is the largest hacking archive in the world: over 15 million attacks have been verified by Zone-H thus far, with over 160,000 unique active users. The archive, as depicted in Figure 2, includes the hackers’ moniker, the attacked website's domain name, and an image of the defacement content (resembling the images depicted in Figure 1).
Figure 2. Zone-H: The largest hacking archive in the world.
Hackers tend to use the same moniker across platforms to bolster the reputation and status of their online identity, which allows for the gathering of digital artifacts and threat intelligence pertinent to the attack and attacker, respectively. Indeed, we have been systematically gathering data on active malicious hackers who report their successful defacements to Zone-H since 2017 and, in doing so, have uncovered several interesting findings that shed light on this underground community. For example, and in direct contrast to Hollywood’s stereotype of the lone actor, we observed an interconnected community of hackers who form teams and develop their skills through collaboration and camaraderie. We also found variation in hackers’ attack frequency: some hackers are extremely prolific and can be classified as persistent threats, while others only engage in a few attacks before disappearing. These finding |
| Envoyé | Oui |
| Condensat | 000 160 2017 241 428 @dr about access acknowledgements across act active activity actor actors administrators adopt advance after aimed allows alongside also amount analytic analyzed any archive archives are article artifacts assailants assets at&t attack attacked attacker attacks author authors banking based because become been before began begin being believe blog blue boil bold boldness bolster bored bragging brand building built business but camaraderie cameron can capabilities capable career careers cause central choosing classified code collaboration commerce commitment: committed common community completion component compromise compromised compromising conducted constructive contact content continual continue contrary contrast conversely could create credit crime criminal customers cutting cyber cybercrime cybersecurity cyberspace damage damaged data dataset david decreased deemed defaced defacement defacements defacing demonstrate depicted desisting determine deterred devastating develop development different digital direct directly disaggregate disappearing disclosed does doing domain down driven each eager early edge edu/ educational emerge emerged employed endorse engage engagement entities equation etc evidence evolution example examples exist expectation experience exploits extracted extracted and extremely facebook facing far figure filling finally financial findings first follow following form forms found four frequency frequency: frequent from gain gathered gathering general generated georgia get green group gsu h’s hacker hackers hackers’ hacking hacktivists had has have high hoffman hollywood’s hosting housed how https://ebcs identified identifying identity image images incapable includes including increase increase the increased increasingly indeed indicate indicated indirect information initiated injecting injection: insight intelligence interconnected interesting intervention intuitive involvement joining jointly knowledge labeled laboratory largest latent launch learns least left light line litany lived logical lone lose loss losses low maimon malicious many may measured media members million model modeling models money moniker more most motivation move multiple name nation’s naturally new next not notorious novice number observed occur odds offer once one online only onset open operations organization original other others over own past patterns patterns: peers perceived perkins permanently persistent pertinent platform platforms plot plotting political politically popular portrayed positions post posted posting potential predict predicting presented proactive professor programs progress project prolific protecting provided providing public publicly recently recorded recruiting red redirecting referred regression remain removing repair replacing report reporting reputation reputational research researchers resembling respectively responsibility results revenue rewarded risk robert safer same sample scene see seem series served server several shed short shortage sight simply simultaneously since site site’s sites skills social solely solutions some something source specific spent sql state status step stereotype study success successful suffer surprise suspect systematically tagging taken talent target team teams tend thank then these those threat threats through thus time together total toward tracked trajectories trajectory trivial twitter unauthorized uncovered underground unique university unlike upload upon use used users valuable vandalize vandalizing variation various vector velocity verified very victimized viewable views virtual visit ways webpage website websites week weeks when where whether which who will within work world world: would written year yellow yet young youtube zone |
| Tags | Threat Prediction |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.