The Alibaba Cloud Security team has detected more and more database hit attacks recently. As Big Data sees more and broader application, it would be foolish to discount the significance of these attacks.
What is a database hit attack? What negative effects does it have? More importantly, how can companies who focus on service development neutralize the threats to information security? In this article, we will address these questions in detail.
Database hit attacks are not very complex. For example, you may have an email account with the username firstname.lastname@example.org, and the password is x6!00AL5y@ (which is complex and secure). However, for the sake of convenience, you registered for accounts on Facebook, Ctrip, Taobao, WeChat, etc. with the same account. Using the same mailbox account and password poses security risks. This is a common practice because remembering different account/password combinations can be annoying.
As a result, the account is stolen by a hacker, probably because your mailbox leaked personal information or out of carelessness. The hacker can log in to all your accounts with the same information. Then, all information across your accounts will be stolen.
The above consequences are from the perspective of a user. The effects from a database hit are far greater from the perspective of a company. When a database hit occurs, hackers start to maintain a "community worker library". These libraries save a large amount of accurate and paired user name/password information. When the hackers decide to take action on a website, they brute force the log in to the website using each entry in the library. If the information in the library is sufficient, from quantitative to qualitative changes, then the hackers can make off with a huge number of accounts.
Websites suffering a database hit are often hit by accident. Especially for startup enterprises, they don't have enough security preparation to deal with sudden database hit attacks. Consider the following scenarios:
According to statistics collected by our security team, hundreds of attacks are detected every day. Each attack includes hundreds of database hit login requests on average. Even after removing duplicates, there are still hundreds of thousands of username/password combinations in these daily attacks. More seriously, combinations of these accounts and passwords are like "ammunition depots" for hackers. They are kept updated by leeching more and more company databases.
Embarrassingly, the cost and technological threshold for the database hit attacks are low. Hackers only need to download a community worker library from a forum and run a script. Currently, no laws and regulations are provided to punish this behavior.
Yes, you can use the Alibaba Cloud Security Web Application Firewall (WAF). WAF provides a "10-minute solution" to help users deal with database hits. First, a WAF user takes 5 minutes to complete the online access. The new configuration rules are only valid for 2 minutes. The web application is under the protection of Cloud Security 10 minutes. You can defend against common attacks such as SQL injection, XXS, and Trojans with only a click of a button.
WAF 3.0 has recently developed a new kind of "black technology" called Data Risk Control. It combines cybersecurity protection capability with Alibaba Cloud Security's service security risk control to easily resolve the following issues.
• User information leakage caused by a database hit attack and brute-force cracking
• Scalpers, fake tickets, fake coupons, and fake red packets and other malicious behavior
• SMS fees generated from malicious fake SMS verification codes and SMS interfaces
• Malicious registrations of spam accounts
• Malicious interference by sniping bots
Hackers are also lazy. They don't submit billions of pieces of database hit information manually. Instead, they use automated tools (like bots) to work for them, and employ a large number of agents called zombie computers. In order to circumvent traditional security devices, some hackers even use rate limiting during their attack to avoid being tagged by security policies.
From the moment when a request accesses your website, WAF fits a complex human-computer recognition model to analyze whether the visitor meets a normal user's behaviors. For example, a normal user does not directly submit a login request when there is no page access or login portal, but the database hit attack will. In addition to analyzing behaviors, WAF combines traffic information and users' browser information with Alibaba Cloud big data information (including zombie computers, malicious IPs, malicious scripts, malicious software, etc.) to ultimately determine whether the request is normal and reliable.
When a normal user accesses the site, they aren't aware of the analysis process. They log in, register, verify, or snipe products just as they normally would. However when a user is suspected of unnatural behavior, WAF performs human-computer recognition and verification at key interfaces (such as registration and login) of Data Risk Control until the user is confirmed to be normal. This means that protection is precise and targeted, avoiding negatively impacting normal users as much as possible.
Alibaba Clouder - July 8, 2019
Alibaba Clouder - July 12, 2019
Alibaba Cloud Security - January 3, 2020
Alibaba Clouder - November 28, 2018
Alibaba Clouder - December 11, 2019
Alibaba Clouder - April 26, 2020
A cloud firewall service utilizing big data capabilities to protect against web-based attacksLearn More
This solution helps you easily build a robust data security framework to safeguard your data assets throughout the data security lifecycle with ensured confidentiality, integrity, and availability of your data.Learn More
A SaaS-based website vulnerability and threat detection service.Learn More
A cloud-based security service that protects your data and application from DDoS attacksLearn More
More Posts by Alibaba Clouder