Over 500 South African business and home websites have already been defaced this year, as hacking becomes increasingly prevalent on the local front.
The attacks were carried out in roughly 40 separate incidents on a slightly lower number of servers, says ISDN Networks MD Barry Cribb. "These defacements were carried out by about 20 different attackers.
"While I do not want to single out any specific sites, it is noteworthy that four of the defaced sites had a government-type suffix."
Other victims ranged from personally operated servers to those managed by ISPs and large companies, says Cribb, adding that the majority of attacks appeared to have been carried out by "script kiddies".
"These are relatively low-skilled people who simply run downloadable scripted exploits at vast ranges of IP addresses until they hit one that works."
The attacks are totally random, he says, but are successful simply by virtue of the scale of the operation, as they are able to sweep massive blocks of addresses often running into many thousands.
Put into context, approximately 500 defaced sites out of all the South African domain sites is about average, although hacking appears to be growing locally, says Afrihost MD Gian Visser.
"This is probably because hackers are gaining access to more programmes that scour the Internet for vulnerabilities. It is still very seldom that we see high-level attacks, though."
Who is vulnerable?
Because most hacks are carried out randomly, it is important that people realise any site could be attacked, says Cribb. "You may believe that no one is interested in your system or that your data is of no value, so why would anyone attack your site? It is as much these systems that the 'script kiddie` will try to exploit.
"If not to simply deface a website and claim 'street cred` by posting it on a defacement mirror, then to use it as a platform from which to attack the next system," he says.
Some hackers have many thousands of attacks to their name, which are most likely run from numerous compromised machines that are employed to multiply their efforts, adds Cribb. "Why use your own bandwidth or disk space or processing power when you can use somebody else`s?"
Not only does this allow the attacker more resources, it also hides the origin of the attack.
If the scans are detected, it is the owner of the source of the attack who will have to answer questions from the authorities, not the hacker.
According to Cribb, attackers look mostly for soft targets. "The best way to counter attacks from a script kiddie is to ensure that your systems are not vulnerable to known exploits. Vulnerability testing can achieve this."
Visser adds that Web hosting companies are taking precautions to counter hackers. "I have spoken to a number of hosting companies and they generally do all they can to keep things secure. We have employed a guy full-time who looks for vulnerabilities."
Related stories:
200 SA sites defaced
Share
