Automated attack process and rapid update of attack tools

The level of automation of attack tools continues to increase. The four phases involved in an automated attack have changed.

1. scan for potential victims. A large number of scanning activities have been occurring since the 1997 year. New scanning tools are now using more advanced scanning techniques to become more powerful and speed-increasing.

2. intrusion into a vulnerable system. Previously, attacks on vulnerable systems occurred after a wide range of scans. The attack tool has now designed the vulnerability intrusion design as part of the scan activity, which greatly speeds up the intrusion.

3. attack proliferation. The attack tool requires one person to initiate the rest of the attack process before the year. Now, the attack tool can automatically initiate a new attack process. For example, the red code and the NIMDA virus have spread across the globe within the first hour.

4. Collaborative management of attack tools. Since 1999 years, with the advent of distributed attack tools, attackers have been able to launch attacks against a large number of attack tools distributed over the Internet. Attackers are now able to launch a distributed denial of service attack more effectively. Synergy leverages a number of popular protocols such as IRC (Internet Relay Chat),IR (Instant Message), and more.

The constant complication of attack tools

The writers of the attack tools used more advanced techniques than before. The signatures of attack tools are increasingly difficult to discover through analysis and are increasingly difficult to discover through signature-based detection systems such as antivirus software and intrusion detection systems. The three key features of today's attack tools are anti-detection, dynamic behavioral features, and the modularity of attack tools.

1. Anti-detection. The attacker uses techniques that can hide the attack tools. This makes it more difficult and time-consuming for security experts to determine the process of new attacks through various analytical methods.

2. dynamic behavior. The previous attack tool launched an attack in a predetermined single step. Today's automated attack tools can change their characteristics in different ways, such as random selection, predetermined decision paths, or direct control by intruders.

3. modularity of attack tools. The new attack tool is able to change quickly, either by upgrading or by replacing parts of the module, compared to a previous attack tool that only implements an attack. Moreover, attack tools can be run on more and more platforms. For example, many attack tools use standard protocols such as IRC and HTTP to transmit data and commands, which makes it more difficult to analyze attack features from normal network traffic.

The vulnerability was found faster

each year is reported to the number of vulnerabilities in CERT/CC has multiplied. cert/cc published the vulnerability data of 1090 ,2001 year for 2437 ,2002 year has increased to 4129 , which means that more than 10 new vulnerabilities are found every day. As you can imagine, it is difficult for an administrator to keep up with the pace of the patch. Moreover, intruders are often able to identify these vulnerabilities before software vendors fix them. With the automated trend of tools that uncover vulnerabilities, the time to patch is getting shorter. In particular, the vulnerability of buffer overflow types, which is very harmful and ubiquitous, is the greatest threat to computer security. In CERT and other international cyber security agencies, this type of vulnerability is the worst consequence of a server.

for more security information, please visit the security Sand Box .

Automated attack process and rapid update of attack tools