In recent years, network attack technologies and attack tools have developed new trends, making organizations that rely on the Internet to run businesses face unprecedented risks. This article will analyze the new trends in network attacks. To enable readers to recognize, assess, and reduce these risks.
Trend 1: Increased automation and attack speed
The automation level of attack tools continues to increase. Automated attacks generally involve four stages, with new variations emerging at each stage. Scan for possible victims. Since 1997, extensive scanning has become commonplace. Currently, scanning tools utilize more advanced scanning modes to improve scanning results and increase scanning speed. Compromising fragile systems. Previously, security vulnerabilities were only exploited after extensive scans were completed. Attack tools now exploit these security vulnerabilities as part of scanning campaigns, speeding up the spread of attacks. Spread the attack. Before 2000, attack tools required humans to launch new attacks. Currently, attack tools can launch new attacks on their own. Tools like Code Red and Nimda are able to spread themselves, reaching global saturation point in less than 18 hours. Coordinated management of attack tools. With the emergence of distributed attack tools, attackers can manage and coordinate a large number of deployed attack tools distributed across many Internet systems. Currently, distributed attack tools are more effective at launching denial-of-service attacks, scanning for potential victims, and compromising systems with security risks.
Trend 2: Attack tools are becoming more and more complex
Attack tool developers are using more advanced technologies to arm attack tools. Compared with before, the characteristics of attack tools are harder to find and more difficult to use for detection. Attack tools have three characteristics: anti-detection, in which attackers use techniques to hide the characteristics of attack tools, which increases the time it takes for security experts to analyze new attack tools and understand new attack behaviors; dynamic behavior, in which early attack tools are based on a single determination Executing attack steps sequentially, today's automated attack tools can change their patterns and behavior based on random selection, predefined decision paths, or direct management by the intruder; the maturity of attack tools, unlike earlier attack tools, currently Attack tools can change rapidly by upgrading or replacing part of the tool, launching rapidly changing attacks, and multiple different forms of attack tools will appear in each attack. Additionally, attack tools are increasingly commonly developed to execute on multiple operating system platforms. Many common attack tools use protocols such as IRC or HTTP (Hypertext Transfer Protocol) to send data or commands from the intruder to the attacked computer, making it increasingly difficult to distinguish attack characteristics from normal, legitimate network traffic. The more difficult it is.
Trend 3: Security vulnerabilities are being discovered faster and faster
The number of newly discovered security vulnerabilities doubles every year, and managers continue to patch these vulnerabilities with the latest patches, and every year Discover new types of security vulnerabilities. Intruders often find targets before vendors patch these vulnerabilities.
Trend 4: Increasing firewall penetration rates
Firewalls are the main protection measure used by people to guard against intruders. However, more and more attack technologies can bypass firewalls. For example, IPP (Internet Printing Protocol) and WebDAV (Web-based Distributed Authoring and Translation) can be used by attackers to bypass firewalls.