Imperva Analyzes High-Profile 'Anonymous' Attack
(Thomson Reuters ONE) -
Media Contact
Katherine Nellums for Imperva
Katherine.Nellums(at)imperva.com
415.321.2347
Report reveals details on methods employed by hacktivist group to attack high-
profile organizations
Redwood Shores, Calif. - February 26, 2012 - Imperva, Inc. (NYSE: IMPV), a
pioneer and leader of a new category of data security solutions for high-value
business data in the data center, released today a report that reveals details
on an attack by hacktivist group 'Anonymous' against a high-profile unnamed
target during a 25-day period in 2011.
The Hacker Intelligence Summary Report -The Anatomy of an Anonymous Attack
offers a comprehensive analysis of the attack, including a detailed timeline of
activities from start to finish, an examination of the hacking methods utilized
and insights on the use of social media to recruit participants and coordinate
the attack.
"Our research shows that Anonymous generally mimics the approach used by for-
profit hackers, leveraging widely known methods - SQL injection and DDoS - to
carry out their attack. We found that Anonymous, although it has developed some
custom attack tools, generally uses inexpensive, off-the-shelf tools as opposed
to developing complex attacks," said Amichai Shulman, Co-Founder and CTO of
Imperva. "Our research further shows that Anonymous will try to steal data
first and, if that fails, attempt a DDoS attack."
Highlights from the study of the Anonymous attack include:
* The attack was made up of three distinct phases: recruitment and
communication, reconnaissance and application layer attacks and, finally, a
distributed denial of service (DDoS) attack.
* Social media channels, especially Twitter, Facebook and YouTube, were the
predominant means for suggesting a target and justifying the attack, as well
as recruiting volunteers to participate in the hacking campaign, during the
first recruitment and communication phase.
* Sophisticated hackers made up only a small portion of the volunteers and
were primarily active during the reconnaissance and application attack
phase, tasked with probing for vulnerabilities and waging application
attacks like SQL injection to attempt to steal data from the targets.
* Laypeople were leveraged only in the third phase - to help carry out a DDoS
attack - since the attempt to steal data through application attacks failed.
* Anonymous has developed some custom attack tools - specifically the low
orbit ion cannon (LOIC) and a tool to enable the launch of a DDoS attack
from mobile browsers. However, the group also relies on widely available
tools for finding and exploiting web application vulnerabilities during the
reconnaissance and application attack phase.
* Unlike for profit hackers, Anonymous rarely relies on common hacking
techniques such as botnets, malware, phishing or spear phishing.
"Imperva's Application Defense Center (ADC) was able to witness and report on an
Anonymous attack from start to finish," continued Shulman. "The analysis of this
attack provides useful insight into how Anonymous recruits participants and
wages an attack. We believe these details will help organizations prepare for
and respond to a potential attack, as well as offer the greater security
community a deeper understanding of how hacktivists operate."
Online Resources
* Download a copy of the Anatomy of an Anonymous Attack.
* Download an illustrative infographic outlining the attack.
* Register to watch a webinar detailing the Anonymous attack.
* Visit the Imperva blog for moreinsight on the report.
About Imperva
Imperva is a pioneer and leader of a new category of data security solutions for
high-value business data in the data center. With more than 1,700 end-user
customers and thousands of organizations protected through cloud-based
deployments, Imperva's customers include leading enterprises, government
organizations, and managed service providers who rely on Imperva to prevent
sensitive data theft from hackers and insiders. The award-winning Imperva
SecureSphere identifies and secures high-value data across file systems, web
applications and databases. For more information, visit www.imperva.com, follow
us on Twitter or visit our blog.
Forward Looking Statement
This press release contains forward-looking statements, including without
limitation those regarding Imperva's belief that its report regarding the
Anonymous attack will help organizations prepare for and respond to a potential
attack, as well as offer the greater security community a deeper understanding
of how hacktivists operate. These forward-looking statements are subject to
material risks and uncertainties that may cause actual results to differ
substantially from expectations. Investors should consider important risk
factors, which include: the risk that our products may not be accepted by the
market as a solution to prepare for and respond to such a potential attack; the
risk that competitors may be perceived by customers to be better positioned to
help handle data security threats and protect their businesses from major risk;
and other risks detailed under the caption "Risk Factors" in the company's
prospectus filed with the Securities and Exchange Commission, or the SEC on
November 9, 2011 and the company's other SEC filings. You can obtain copies of
the company's SEC filings on the SEC's website atwww.sec.gov.
© 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and
SecureSphere are trademarks of Imperva, Inc.
This announcement is distributed by Thomson Reuters on behalf of
Thomson Reuters clients. The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and
other applicable laws; and
(ii) they are solely responsible for the content, accuracy and
originality of the information contained therein.
Source: Imperva Inc. via Thomson Reuters ONE
[HUG#1589041]
Datum: 27.02.2012 - 03:08 Uhr
Sprache: Deutsch
News-ID 118546
Anzahl Zeichen: 6797
contact information:
Kategorie:
Business News
Diese Pressemitteilung wurde bisher 171 mal aufgerufen.
Die Pressemitteilung mit dem Titel:
"Imperva Analyzes High-Profile 'Anonymous' Attack"
steht unter der journalistisch-redaktionellen Verantwortung von
Imperva Inc. (Nachricht senden)
Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).
