• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Web Hacking Incident Database Shows DoS Attacks On The Rise

March 17, 2011

Views: 14,326

It seems like the formidable Anonymous army has managed to change the weighting of stats collected by the Web Hacking Incident Database (WHID) with it’s vast array of DDoS attacks.

We’ve reported on a couple of them like back in December when the WikiLeaks Attacks Caused Rival DDoS Retaliation. There have been a whole lot of other attack types going as usual though with SQL Injection and XSS (Cross Site Scripting) making up the to the top 3 with DDoS Attacks.

But if you haven’t worried about it before, perhaps now is the time to look into prevention/protection against denial-of-service attacks.

Driven by the hacktivism of the loose-knit Anonymous group, denial-of-service attacks surged to the top of the list of Web incidents, outpacing SQL injection and cross-site scripting, according to a survey of publicly disclosed attacks.

The ongoing survey, known as the Web Hacking Incident Database, categorized 222 incidents in 2010 and found that attackers aimed to take down the Web sites in a third of the incidents, while defacement accounted for 15 percent of attacks and stealing information was the goal in 13 percent of incidents. Unsurprisingly, the popular goal of causing downtime meant that denial-of-service attacks accounted for about a third of attack types, followed by SQL injection (21 percent) and cross-site scripting (9 percent).

In many industry reports, denial-of-service is not even on the list, but companies should worry about such brute-force tactics, says Ryan Barnett, a senior security researchers with security firm Trustwave’s SpiderLabs, who manages the WHID project. “You need to re-prioritize because Web servers are actively being targeted with denial-of-service attacks,” says Barnett.

Simple tools like Slowloris can give even the most robust web sites a big headache. Of course you also have to make sure you are secured against SQL Injection and any other kind of web attacks that can comprise your up-time or data.

According to the data different industries need to be prepared for different kinds of attacks, obviously skilled attackers will focus different ways of compromising hosts in different sectors.

Yet, different industries should also worry about different types of attacks, he says. Attackers focus on stealing money from financial firms using stolen credentials, according to the WHID data. They also tend to focus on defacing government sites and stealing credit-card numbers from retailers, using SQL injection in both cases, according to the WHID. The latter two relationships are weaker, however: While those are the most popular goals for attackers, each only accounts for a bit more than a quarter of attacks against the particular vertical. Money is the goal in two-thirds of attacks against financials.

“The outcomes and attacks and weaknesses are different, so depending on what market you are in, we have a pool of attacks that worked,” says Barnett. “So CSOs should pick out examples in their market because those are most applicable to them.”

Attackers’ focus on downtime means that corporate CSOs need to make sure that they can handle Web-specific denial-of-service attacks. Many times such attack focus on flooding the Web servers, but low-and-slow attacks are becoming more popular and require a different defense.

“Many of these organizations foolishly think that the network security gear that they have to handle the lower level DOSing floods will take care of this and it won’t,” Barnett says. “The overall amount of traffic that you have to send to take down the Web server is a lot less, and it looks legitimate.”

Downtime has gotta be one of the worst types of attack, especially for e-tailers or online vendors. Yah theft of credentials is bad, but honestly – most of the time those attacks aren’t even disclosed and no-one knows about them.

And from what I’ve seen most companies seem to think sticking a mid-range firewall in front of whatever they are doing is the be all and end all of security – it’ll protect their applications, their data, their organisation…and so on.

How misguided they are.

Source: Network World

Share
Tweet20
Share3
Buffer
WhatsApp
Email
23 Shares

Filed Under: Networking Hacking Tools, Privacy Tagged With: anonymous, defacement, hacktivism, Privacy, spiderlabs, sql-injection



Reader Interactions

Comments

  1. nosperantos says

    March 17, 2011 at 4:50 pm

    In addition to SlowLoris, R.U.D.Y can also cause a lot of damage to SCADA web services and virtually any website with forms.
    Download at:
    http://hybridsec.com/tools/rudy/

  2. Praful Agarwal says

    March 22, 2011 at 8:51 am

    Truly.. DoS attacks are increasing indefinitely..

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 288

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 493

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 490

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Shell3r - Powerful Shellcode Obfuscator for Offensive Security

Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Views: 690

If antivirus and EDR vendors are getting smarter, so are the tools that red teamers and penetration … ...More about Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Views: 8,476

Introduction: How Much of the Internet Can You See? You're only scratching the surface when you … ...More about Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

DataSurgeon is an open-source Linux-based data extraction and transformation tool designed for forensic investigations and recovery scenarios.

DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux

Views: 469

DataSurgeon is an open-source Linux-based data extraction and transformation tool designed for … ...More about DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (227)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (73)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,291,665)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,069)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,614)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,675)
  • Password List Download Best Word List – Most Common Passwords (933,462)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,130)
  • Hack Tools/Exploits (673,286)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,143)

Search

Recent Posts

  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025
  • Shell3r – Powerful Shellcode Obfuscator for Offensive Security May 2, 2025
  • Understanding the Deep Web, Dark Web, and Darknet (2025 Guide) April 30, 2025
  • DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux April 28, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy