The level of automation of attack tools continues to increase

The writers of the attack tools used more advanced techniques than before. The signatures of attack tools are increasingly difficult to discover through analysis and are increasingly difficult to discover through signature-based detection systems such as antivirus software and intrusion detection systems. The three key features of today's attack tools are anti-detection, dynamic behavioral features, and the modularity of attack tools.

1. Anti-detection. The attacker uses techniques that can hide the attack tools. This makes it more difficult and time-consuming for security experts to determine the process of new attacks through various analytical methods.

2. dynamic behavior. The previous attack tool launched an attack in a predetermined single step. Today's automated attack tools can change their characteristics in different ways, such as random selection, predetermined decision paths, or direct control by intruders.

3. modularity of attack tools. The new attack tool is able to change quickly, either by upgrading or by replacing parts of the module, compared to a previous attack tool that only implements an attack. Moreover, attack tools can be run on more and more platforms. For example, many attack tools use standard protocols such as IRC and HTTP to transmit data and commands, which makes it more difficult to analyze attack features from normal network traffic.

Most intrusion detection systems currently have limitations because they use signatures to identify whether there is an attack behavior. These systems use this approach to monitor specific attack patterns. They are based on identifying information stored in their database: similar to how antivirus software checks for known viruses. This means that these systems can only detect specific attacks that they have programmed to identify the program. Because " instantaneous attacks " are new and not widely known, they can circumvent these security systems before the new signatures are developed and installed and configured. In fact, only a slight modification of known attack patterns is required, and these systems do not recognize these attacks, providing intruders with the means to circumvent the signature-based defense system.

From the start of the new attack to the time of the development of the signature, it is a dangerous window of opportunity , and many networks will be compromised. At this time many fast intrusion tools are designed to be developed and the network vulnerable to attack. For example, why most security products are effectively ineffective during that period. This chart, developed by the CERT organization, illustrates the typical life cycle of a cyber attack. The crest of the curve is the first attack of the attack, which is when most security products are finally beginning to provide protection. However " instantaneous attacks " are those most experienced hackers in the earliest stages of the emphasis unfolded.

at the same time, the rapid attacks now take advantage of security vulnerabilities in widely used computer software to cause widespread damage. With just a few lines of code, they can write a worm to infiltrate a computer network, clone themselves with a shared account, and then start attacking your peers and users ' networks. In this way,the " Nimda worm " has spread to more than 100,000 Web sites in the United States only in the period when the vendor developed the signature and distributed it to the user . These distribution mechanisms allow " instant attacks " like Sircam and love Bug two viruses to sweep the computers of the million and 4000 , respectively, Without the need for a lot of human intervention. Some of these attacks even create a foundation for future destruction by installing a backdoor that allows opponents, hackers, and other unauthorized users to access an organization's important data and network resources.

for more information on computer security, please visit Computer Clinics .

The level of automation of attack tools continues to increase