Inside the black market for social network fraud
In its analysis of a large hacker forum containing roughly 250,000 members, Imperva detected a black market for social network fraud.
In addition, about one third of discussions in the hacker forum focused on training and tutorials for data theft techniques such as SQL injection, but industry analysts estimate less than five percent of IT budgets include products to mitigate attacks in the data center.
“By examining what information hackers seek out or share in these forums, we can better understand where they are focusing their efforts,” said Amichai Shulman, CTO, Imperva. “If organizations neglect SQL injection security, we believe that hackers will place more focus on those attacks.”
DDoS and SQL injection are the most popular attack methods
DDoS and SQL injection remain the most popularly discussed hacking topics. According to the analysis, DDoS (19 percent) and SQL injection (19 percent) were the most frequently discussed attack methods.
However, Gartner’s Forecast: Security Infrastructure Worldwide, 2010-2016, 2Q12 Update shows $25 billion was spent on security software and network equipment in 2011, and we believe that less than five percent of security budgets is allocated to products that mitigate SQL injection attacks.
Market for social network endorsements are on the rise
In a keyword search relating to social networks, Imperva found that Facebook (39 percent) and Twitter (37 percent) were the most frequently discussed social networks. In reviewing social network related posts, Imperva observed a black market for buying and selling illegitimate social network likes, followers, and endorsements, with particular attention given to the origin of these likes and followers.
Hacker education comprises a third of all forum conversations
Of the total conversations analyzed, roughly 28 percent were related to beginner hacking and hacker training, while another 5 percent related to hacking tutorials. Both aspiring and veteran hackers frequent forums to exchange techniques, build credibility and publish their hacking successes.
The complete report in PDF format is available here.