New report looks at hacking trends, warns that security firms are looking in all the wrong places

computer hackersImperva, a Web security firm, took a look at the most discussed hacking techniques during the month of October and analyzed one of the largest hacker forums and other smaller outlets. According to the research, there’s cause for concern given that security services aren’t focused enough on many of the new trends in hacking that Imperva has uncovered.

Both newbies and elite hackers are thriving in online communities that revolve around teaching and talking about hacking the Web. At the same time, security professionals are looking for these perpetrators in all the wrong places. “There’s a mismatch between what hackers are doing and what security professionals are doing,” Rob Rachwald, Director of Security Strategy at Imperva tells us.

What Imperva found was an increase in conversations about SQL injections, which tied DDoS as the most discussed topics in these hacker forums. Rachwald says the company scraped 19 forums, and that the largest hacker forum that Imperva scraped keywords from hosts 250,000 users. We asked him what site it was, although he declined to name names — but judging from the screenshots published in the report, and thanks to some personal lurking on the forum, we’re certain that the site is Hackforums.net.

You can compare the screen shot provided below with the forum’s website for yourself:

hackforums

SQL injections specifically are an alarming trend that few security professionals are recognizing. “Ironically, of the $25 billion spent on software security, we believe this means less than five percent of security budgets is allocated to products that cannot even recognize SQL injection attacks – let alone stop them,” the report states. DDoS is not surprisingly a popular method as it’s a relatively elementary tactic popularized by none other than Anonymous. On a mass scale, it has been extremely effective as each “hacker” can simply press a button on downloaded software to send a denial-of-service attack to take down Websites. 

On the other hand require, SQL injections require knowledge of SQL code not intended to be run that a hacker can input to retrieve pieces of data from a website. But despite the complexity of the technique, there’s been a noticeable increase in the conversation around them, which Imperva picked up on. So where does this sudden interest come from? “Anonymous has brought hacking to the forefront of people’s minds and it’s potent,” Rachwald explains. He adds that there are people with a lot of time on their hands to learn the ropes.

There also financial motivation. If you’ve visited a hacking site in the past like Hackforums.net, the forum is a hub for conducting transactions from hacked Twitter accounts, to AMAs and Q&As by hackers, and even tutorials for beginners. Of course there are also plenty of hackers looking for their next job, offering to hack email, IM, social media, and other Web accounts. Not everyone is like Anonymous: Some are in it to make a living, not just for the lulz. 

SQL injections take this a step further by giving hackers unprecedented access to the very private data, like bank accounts and social security numbers. “Data has value in black markets. There’s a financial system in place that supports the theft of data,” says Rachwald, meaning that the community is focusing on making money from their hacking exploits. There are many forum topics on “Making Money,” where threads are populated by users exchanging ideas on how to make their next quick buck. Rachwald points out the latest highly publicized SQL injection attack in South Carolina that exposed the Social Security numbers of the attack’s victims. 

SQL injections aren’t the only trending topics of discussion in hacker oriented forums. Social networks are becoming increasing vulnerable to attacks, while “E-whoring,” or “the practice of selling pornographic content, while pretending to be the person, usually a female” is becoming more of nuisance. 

For instance, last year scammers were “selling” luxury cars on a website and illicitly gained credibility by adding hundreds of thousands of followers on the website’s Facebook page. Potential shoppers would assume that due to the volume of “Likes,” the company was legitimate. In reality, the scammers were purchasing likes and selling cars online that never existed in the first place.

The report should be concerning considering that learning the ropes of SQL injections, DDoS, social media scams, and hundreds of other strategies can be done by anyone with access to the Internet. It’s beyond easy to get your hands on manuals for elementary guides to SQL injections, and various other hacking strategies that these communities are more than willing to share. Unfortunately for the security side, Rachwald says, they’re investing their efforts in all the wrong places to combat the growing popularity of new and innovative hacks.

Home Theater

Samsung Galaxy Buds first look: Are they ear candy or ear worm?

Samsung’s answer to the oddball design of Apple's AirPods is the new Galaxy Buds, which are cheaper, better looking, and bring some neat features. Can Galaxy Buds snuff out the AirPods?
Emerging Tech

This ridiculous new flamethrower makes Elon Musk’s look like a cigarette lighter

The XL18 Flamethrower is a flame-shooting beast on steroids, capable of firing off bursts of flame more than 110 feet in length. The best part? You can order it over the internet today.
Deals

Looking to upgrade? These are the best iPhone deals for February 2019

Apple devices can get expensive, but if you just can't live without iOS, don't despair: We've curated an up-to-date list of all of the absolute best iPhone deals available for February 2019.
Social Media

Periscope tool adds guests to feeds so streamers can become talk show hosts

Periscope users can now invite viewers to chime into the conversation with more than just the comment tool. By enabling the option to add guests, livestreamers can add guests to the conversation, in audio format only.
Photography

Crouching, climbing, and creeping, the perfect Instagram shot knows no bounds

Just how far will you go for the perfect Instagram? A recent survey shows just how willing Instagram users -- and Instagram husbands -- are to climb, lie down, embarrass themselves or let their food go cold for the perfect shot.
Social Media

Facebook’s long-promised ‘unsend’ feature arrives. Here’s how to use it

Send a message to the wrong person? Messenger now gives you 10 minutes to take it back. After an update beginning to roll out today, users can now retract messages if they act within the first 10 minutes after sending the message.
Social Media

YouTube boss admits even her own kids gave the ‘Rewind’ video a thumbs down

YouTube's 2018 Rewind video went down like a lead balloon at the end of last year, becoming the most disliked video in its history. And now YouTube's CEO has admitted that even her own kids thought it was pretty darn awful.
Social Media

Snapchat finally recovers from its redesign — so here comes an Android update

Snapchat's drop in users after launching a controversial redesign has finally stagnated. During the fourth quarter and 2018 earnings report, Snapchat shared that the company is rolling out an Android update designed to increase performance.
Social Media

Skype’s new ‘blur background’ feature could help keep you from blushing

Skype's latest feature for desktop lets you blur your background during video calls. The idea is that it keeps you as the focus instead of distracting others with whatever embarrassing things you might have on show behind you.
Social Media

Twitter users are declining but more people are seeing ads every day

Twitter's end-of-the-year report for 2018 is a mix of good and bad news. The good news is that more users are seeing adds daily, the metric the company will focus on moving forward. But the bad news is that monthly active users are…
Web

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. With so many subreddits, however, navigating the "front page of the internet" can be daunting. Here are some of the best subreddits to get you started.
Computing

YouTube beats Apple, Netflix as the most trusted brand by millennials

The popular video sharing website YouTube climbed up in an annual Mblm study, moving up from third place in 2018 and coming ahead of both Apple and Netflix in final 2019 rankings. 
Social Media

LinkedIn finally gets around to launching its own live video tool

Live video is coming to LinkedIn for businesses and individuals on the site. The livestreaming feature is launching in beta in the U.S. before rolling out to the entire community.
Computing

Make a GIF of your favorite YouTube video with these great tools

Making a GIF from a YouTube video is easier today than ever, but choosing the right tool for the job isn't always so simple. In this guide, we'll teach you how to make a GIF from a YouTube video with our two favorite online tools.