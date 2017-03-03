How to get your infrastructure in shape to shake off scriptable attacks

According to F-Secure’s The State of Cyber Security 2017 report, criminal hackers perform most cyber-attacks using basic, scriptable techniques against poorly maintained infrastructure. This will continue as long as there are loads of attack scripts and plenty of poorly secured networks.

The number of attack scripts is climbing as elite hackers continue to create these scripts and sell them to others, says Itzik Kotler, CTO and Co-Founder, SafeBreach. There doesn’t seem to be any stopping this trend.

CSO examines scriptable attacks and the part of the problem that you can control: getting your infrastructure in shape to shrug off these breaches.

So what’s a script?

Scriptable attacks simply use scripts. “A script is a series of commands or computer tasks that execute automatically,” says Michael Cook, Team Lead, CERT Division, SEI, Carnegie-Mellon University. Scripts enable attackers to orchestrate many simultaneous attacks where they would otherwise have to perform each one by hand, one at a time.

Attackers select their scripts from several scripting languages including Bash, Ruby, Python, PowerShell, Visual Basic, JavaScript, and others. The language of choice can be the one they find most familiar, the one best suited to the necessary steps along the attack path, or the one that is compatible with the system they plan to attack, says Cook. For this reason, attackers will use multiple scripting languages in their attacks. An attacker can also use a wrapper to make a script work in an environment where it is not otherwise compatible, explains Cook.

An attacker can automate every phase of an attack using scripts. Some scripts are scanners that perform ping sweeps to determine whether a range of IP addresses is live and connected, says Kotler; scanners also do port scanning to discover what kinds of services are running. If the version of the running service is vulnerable, explains Kotler, a script can even launch the appropriate exploit to attack that vulnerability.

Scripts have more capabilities. Scripts can enumerate potential targets using DNS enumeration—a process that identifies DNS servers and collects server information—, executes bruteforce attacks, or logs in remotely using common usernames and passwords on SSH or remote desktop tools, according to Kotler.

There are many web resources for security professionals who want to stay on top of scriptable attacks. You can find notices of new attacks at CERT and also follow exploits. The OWASP publishes custom web application attacks. You can use CVE Details to follow new vulnerabilities. You can follow conversations on Twitter and IRC channels and projects and project talk on GitHub, says Kotler. “SafeBreach maintains a Hacker’s Playbook that tracks the latest techniques that hackers use,” adds Kotler.

