The IBM.com developer portal was defaced early Sunday morning by a group of Indonesian hackers calling themselves Hmei7. Although the vulnerability exploited by the hackers is still unknown, Hmei7 differentiates itself from other groups by releasing tools to the underground hacking community.
At the time of this writing, Hmei7 is credited with 30,928 defacements–and the number is increasing every day. No matter how formidable a hacker army, these numbers are astounding. How can one group of hackers pull off so many successful attacks?
The answer lies in the combination of automation, chained exploits, and lowest hanging fruit that historically enabled these defacements. Careless coding practices that lead to generic SQL injection are easily found by these rudimentary scanners. The group also released tools to employ Google searches on a given domain to perform reconnaissance, as well as checks for very specific WebDAV vulnerabilities.
Hackers such as these are employing an arsenal of tools and scanners that are becoming more complex every day. In order to prevent malicious hackers from exploiting web applications, it takes more than regulatory compliance. Secure coding practices have the power to prevent every exploit: after all, a vulnerability is just a fancy word for a software bug with security implications.
Undergoing internal code audits in conjunction with third party vulnerability assessments seems like common sense, but even giants like IBM can become complacent with their security and let down their guard. Remember that security is not a state, but a process. With sensitive data at risk, the attackers will never let up, and neither should you.