An analysis of hacker forums has found that SQL injection is currently the most discussed topic among forum members.
The analysis, by security company Imperva, looked at conversations on one of the largest hacker forums with around 250,00 together with other smallerforums and identified topics using specific keywords.
Having inspected a sample of 439,587 threads between September 2011 and September 2012. The researchers found that SQL injection is now tied with DDoS as the most discussed topic. Both topics got 19 percent of discussion by volume:
Other findings in the analysis are that social networks are a major source of information, pictures, and potential monetary gain for hackers. Facebook was the most discussed social media platform, commanding 39 percent of discussions with Twitter a close second at 37 percent.
Imperva points out that the popularity of SQL injection as a topic and as the preeminent method of attack means that security teams continue to ignore SQL injection attacks at their own risk. The researchers point out that ironically, this year’s Gartner’s Worldwide Spending on Security by Technology Segment, Country and Region, 2010-2016 shows that of the $25 billion spent on software security, less than 5 percent is allocated to products for protecting the data center. What’s more, Imperva believes that even those products can’t recognize SQL injection attacks, much less stop them.
The full report on the analysis makes fascinating reading. 28 percent of conversations relate to training, with help for aspiring hackers wanting to learn both technical and non-technical aspects of how to hack. There are sub-forums for “Beginner Hacking” where trainee hackers can ask questions, learn about tools and methods, and publish their first successes in the cyber world. The researchers say that posting a good tutorial showing how to perform some aspect of hacking “can gain its author reputation in the community, and can lead to job offers, collaborations, and invitations to deeper, invitation-only forums. Taken together, about a third of the conversations are dedicated to hacker training and education, which make them the main topic of the forum.” This must mean hackers receive more training and support than most IT departments!
The researchers also point out that forums evolve to fit changes of interest in technologies and trends, citing examples such as a new forum titled “Decompiling, Reverse Engineering, Disassembly, and Debugging” that may reflect growing professionalism and interest in higher level coding.