Recently, hacking attempts have become more sophisticated as an emerging trend, according to a study by IT firm Websense . Although the attacks are not customized to the extent that the software itself is new every time, the software used in attacks have become more sophisticated than previous versions, and often the exploits are personalized enough to bypass most security features and stay one step ahead of security.

"Of the more than 4.1 billion live attacks that Websense technology prevented in 2013, nearly all exhibited techniques to bypass traditional defenses, compromise systems, and persist throughout infected networks in pursuit of confidential data," according to the Websense 2014 Threat report.

The report demonstrated other features of current cyberattacks, such as the fact that in most hacking attempts that involve website reroutes, the number of different websites used averages to four. Website reroutes help to disguise a hacker's true location. The greatest number of redirects used in a Web-based attack was 20. Additionally, contrary to popular belief, the majority (85 percent) of malicious links used in Web attacks come from ordinary websites that had been hacked, rather than from a hacker's own website.

Hackers Modify Old Tools to Keep Them Effective
In one example of a hacking program that was changed slightly and used again, Websense sites the Trojan called Zeus, which was designed for keylogging, which meant it kept track of the keystrokes that a user made on his or her computer to try to identify credit card numbers and other information that could be used to hack into a banking account. But Zeus was changed and has begun to be used for other purposes, such as hacking the services and manufacturing sectors in attacks.

Another recent malware has appeared on the scene, . It changes DNS routers within a network so hackers can break further into the system. This is an advanced version of a previously existing program called Win32Sality, which is another Trojan. This program is modular, which is what allowed hackers to change it and make it more effective. And it is also digitally signed, which allows the program to resist protocol manipulation and cloaks it as a legitimate application.

Typically, Trojans like Zeus or Win32Sality work via hacking an ordinary website. The hackers set up the website server so that it will automatically exploit bugs in many Web applications in order to download itself in the background, eliminating the need to make a user click on a link or download and run an application.

Mark McCurley is information security advisor at IDT911 Consulting.

Leave a Reply