Home Business IT Security Using business logic as a hacking vector

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Job Function:
Australian State:
Email marketing by Interspire
weebly statistics

Imperva's latest analysis of the hacking landscape shows that the bad guys know as much about your business as you do.

Based on surveys and analysis from the second half of 2011, "Imperva's Web Application Attack Report" paints either a glowing or a dismal assessment of the hacking landscape, depending on your perspective.

If you're a hacker, you should pat yourself on the back for a job well done.  It is becoming increasingly clear that you have studied your target and are prepared to focus clearly and accurately upon the way they do business.

According to the report, "We also investigated two types of Business Logic attacks: Email Extraction and Comment Spamming. Comment Spamming injects malicious links into comment fields to defraud consumers and alter search engine results. Email Extraction simply catalogs email addresses for building spam lists. These Business Logic attacks accounted for 14% of the analyzed malicious traffic. Email Extraction traffic was more prevalent than Comment Spamming. A full anatomy of BLAs is described in this report."

It is unfortunate (for the spammers and hackers) that most office workers are becoming wise to the typical intrusion attempts.  With this in mind, these same intruders are forced to understand their targets in more detail in order to complete their nefarious activities.

For instance, how many office workers would refuse to open an email from their boss?  Especially when it contains a spreadsheet called "bonus calculation."

The malware this email contains may-well be entirely unique in the history of malware - other vendors have told iTWire that according to their scanning systems in excess of 50% of malware is unique, that no other copy of the intrusion has ever been observed.

This IS an arms race and it is clear that in the past few months there has been a clear escalation.  In response to the rapid deployment of "next generation firewalls" by a number of vendors, the naughty lads of the Internet are becoming much more focused in their attacks.

May the joy of the Internet be upon you.


Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!



Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup


David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.