Πολλοί είναι αυτοί που λένε ότι οι ιστοσελίδες τους είναι ασφαλείς. Γιατί; "Ποιος θα κάνει τον κόπο να επιτεθεί στο site μου;" ή "Η επιχείρησή μας είναι πολύ μικρή για να επιτεθεί κανείς".
There is perhaps this myth that cyber attackers always target specific pages. They do not. Yes, there are some who do, but most attacks are made by bots who know nothing about you, your business or your page.
Σύμφωνα με την εταιρεία ασφαλείας Imperva, οι μισοί επισκέπτες μιας ιστοσελίδας είναι bots. Από αυτά περίπου το 29% όλων των "επισκεπτών" σας έρχονται για να επιτεθούν στον ιστότοπό σας, όπως αναφέρει ο Steven J. Vaughan-Nichols του ZDNet.
Contrary to those who believe that their site is too small, the security company Imperva tried to examine sites with the least traffic. According to the company, the less traffic a page has, the more likely it is to be attacked.
"Στα λιγότερα διαδεδομένα domains - εκείνα που συχνάζουν από δέκα επισκέπτες (άνθρωποι) την ημέρα ή λιγότερο - τα "κακά" bots αντιστοιχούσαν στο 47,7% των επισκέψεων, ενώ η συνολική κίνηση των bot ήταν στα 93,3%."
Indeed, "bad bots will try to hack [your site] no matter how popular it is, and bots will continue to visit a domain even if there is no human traffic."
Sounds crazy to you? For humans they may be, but bots are not humans. They are constantly scanning the web for attacks over and over again.
Consider data from Honeynet, an international nonprofit research organization that, with the help of students at Holberton School, recently set up a honeypot to monitor security attacks on a cloud web server (PDF).
The server was running Amazon Web Services (AWS), and there was no service that would be useful to someone else. It did not even have a domain name.
Shortly after starting the server, they started recording network packets for a 24-hour period with the best network traffic analysis tool available today, the Wireshark.
They then analyzed the packet capture file with Wireshark. the Computer Incident Response Center (CIRCL), the Border Gateway Protocol (BGP) ranking API, and p0f, a passive TCP/IP traffic fingerprinting application.
In one day, in just 24 hours, this anonymous and almost invisible server received more than 250.000 attacks. Think about it and start locking your page.
Of these attacks, the vast majority, 255.796 attempts to connect, were made through Secure Shell (SSH).
The researchers then set up a honeypot, on the server designed to look like a real site, to collect attack data. To maintain the project functional, chose to open HTTP (Hypertext Transfer Protocol), SSH, and Telecommunications Network (Telnet) to attacks.
Telnet; Who Uses Telnet Anymore? Thanks to the poorly designed devices of the Internet of Things (IoT), το telenet ζει και βασιλεύει. Μερικά Gadgets of IoT use Telnet for management and Telnet has never been secure.
Most of the HTTP attacks were done on PHPMyadmin, a popular MySQL and MariaDB management system. Many web content management systems, such as WordPress, use these databases. The vulnerable plug-ins of WordPress also offer a good port of entry for malicious bots.
Many of the attack attempts use old malware, known configuration problems, and common combinations of usernames and passwords from previously known attacks. For example, the attackers attempted to hack the server with Shellshock, although it was patched in 2014 and the Apache Struts vulnerability, which was fixed in March 2017. attack.
"Το 99,99% των συμβάντων ασφάλειας είναι από ευπάθειες που επιλύθηκαν".
As for SSH, most of the attacks were brute-force attacks, which used lists of commonly used usernames and passwords on TCP ports.
Is it a coincidence that Imperva found that one in three visitors to a website is from an attacking bot?
These attacks are not sophisticated. They are made by bots and botnets and hit as many pages as they can find. These automated hackers target weak, unprotected sites.
The lesson of this story is that if you have an internet presence you should follow basic safety rules. Using a firewall, instant updates, and disabling services you do not use should become a habit, as each website receives thousands of attacks on a daily basis.
