SecureWorks' security researchers attribute the overall increase to a rise in attempted authentication attacks, SQL Injection attacks and network scans.
"We saw a large increase in hackers looking for open ports, as well as those trying to identify the applications and other services our retail clients were running," said Wayne Haber, director of architecture for SecureWorks. "An increase in network scans is often a red flag because many times it is followed by attacks specifically targeted at the organization's services," said Haber." "Attempted network scans against our retail clients increased 61% in 2008 going from an average of 56,000 per client per month in the first six months of the year to 90,000 per client per month in the last five months of the year," continued Haber.
The number of attempted authentication attacks - attacks used to compromise user names and passwords - increased steadily throughout the year, jumping from an average of 6,000 per client per month in the first six months of the year to an average of 34,000 per client per month in the last five months. The numbers continued to increase through the most recent month, November, where authentication attacks spiked to 137,000 per client per month. "It is not surprising that the attempts to steal customer credentials greatly increased just before the holiday shopping season. The November authentication attacks also followed a significant increase in network scanning in October where we blocked 202,000 network scans per client," said Haber.
"One of the methods used to bypass authentication are brute force attacks - where hackers systematically try large numbers of username and/password combinations in order to gain access to the retail organizations," said Don Jackson, director of Threat Intelligence for SecureWorks. "Hackers know that if they can successfully steal customer usernames and passwords, they can get access to retail accounts to make fraudulent online purchases and redirect those purchases to mailing addresses of their choice," continued Jackson.
Attempted SQL injection attacks, a technique that exploits security vulnerabilities in Web applications by inserting malicious SQL code in Web requests, increased significantly in May for our retailers, going from an average of 20 per client per month to 237 per client per month. It then hit a peak in July with 17,000 attempted SQL Injection attacks per retail client and since November has dropped off to normal levels, averaging 18 per client per month.