Hackers lurking around your website for possible vulnerabilities to be exploited not only want to gain an unauthorized entry to your website but to control your entire infrastructure further creating passage to make an entry to the system of third-party organizations associated with your business. The attacks on web applications are now turning to be more sophisticated to target entire supply chain of an organization rather than just stealing saved data or acting as a malware distribution hub. Last month’s attack on Norsk Hydro set a new normal for corporate cyber security landscape. The attack originated from one of Norsk Hydro’s website and quickly moved on to take control of its entire network across multiple countries which forced the aluminium giant to shut down its operation for days. According to initial estimation provided by the company after an week of the attack they had financial loss of over $40M which does not include several indirect costs including brand reputation damage which obviously will keep adding to the figure for months to come.
Magnifying the quantum of damage, an infection or intrusion to an web application now aims to make lateral entry to the intranet and local network of an organization and make further entry to application and network of other organizations connected through a supply chain. A study conducted by La Manguste among 34 managed application security providers shows that web application intrusion now targeting an organization’s application security services provider to attack targets through their connections within the supply chain. Over 30% respondent affirmed that within past 6 months they have witnessed one or more application targeted attacks that have attempted to get spread into the other assets under or not under control of the application owner. Also 70% of the respondent confirmed that they faced intelligence of counter incident response techniques just as log destruction, firewall manipulation, and auxiliary cover attacks to misguide incident response team. Security researchers said that now the attackers are behind the capacity to turn off antivirus, firewall, automated log monitoring or anything else that may send a notification to incident response team.
More interestingly even you knock out an attacker from the system these days he will often use secondary techniques for lurking around the system and eventually getting back into it. 25% of the participant appsec providers affirmed that for atleast one case they have identified presence of secondary CnC server to be used to launch a secondary attack while the primary intrusion attempt has been successfully countered. Another increasing popular technique to provide smoke cover to sophisticated attacks is being DDoS, which would keep incident response team engaged and overwhelm log monitoring by abnormal number of records.
Sector wise Financial (Banking, Insurance & Microfinance) companies are taken most of the hit closely followed by hospitality sector. Among attacks classified as dangerous, 23% targeted financial companies while 21% targeted the travel & hospitality sector. These was trailed by healthcare(15%), manufacturing (13%), real estate (10%), government (8%) and services (6%).
With increased intelligence, sophistication and resources in hand attackers now fighting back to regain control over whole system even when being quickly countered. The motivation is quite clear. By default, a business on the blink of losing control over its operation is much more profitable than a batch of stolen records.