The tragedy of database collision – it’s time to change your security thinking!

2016 is destined to be the most milestone year in the history of China's information security development. The long-awaited "Cybersecurity Law" was officially issued, finally drawing the sword from the legal level to the black hands that reach out to personal information! In recent years, there have been endless information leaks, and the increasingly rampant information trading has reached an outrageous level. In 2016 alone, there were more than 10 data leaks with a volume of more than tens of millions. Unknowingly, user names, passwords, email addresses, QQ numbers, phone numbers, ID cards and other information have become commodities for profit in the black market.

Data download, clear price tag, black market transactions are already flourishing

Attacks, leaks, resale for profit, a complete black industry chain has been formed

The culprit – Struts 2 security vulnerability again

According to security experts from Ruishu Information, after tracing back to the sources of multiple data leaks, they found that many of the data leaks were caused by the Struts 2 security vulnerability in 2013.

Struts 2 is well-known. Hackers can use this vulnerability to easily attack website servers and obtain the account passwords and personal information of website registered users, thereby causing security incidents such as site data leakage, web page tampering, backdoor implantation, and becoming zombies. This vulnerability has currently caused a large number of well-known domestic websites, including major portals, e-commerce, banks and other official websites, to have varying degrees of information leakage and impact.

The current protection measures for such vulnerabilities are mainly patching and updating software versions. However, facts have once again proved that this post-event passive defense method is powerless in the face of new threats.

Adding fuel to the fire – using credential stuffing to steal information

How could hackers stop at nothing after obtaining a large amount of registered usernames and passwords using the Struts 2 vulnerability? What's even crazier is that hackers will use these usernames and passwords to launch database attacks and account theft on merchants' websites through automated programs, further causing huge losses of user information and funds.

Traditional defense methods are simply to plug the loopholes by patching, or to advise customers to update their passwords as soon as possible and upgrade security. However, in fact, we cannot expect all users to upgrade their accounts in a timely manner, so there is still a large amount of customer information that has not yet updated its passwords remaining in the black market. And this fresh information just brings opportunities for hackers to collide with the database again, and also creates huge risks for merchants and users.

Is it safe to just change the password?

Today, we see more suggestions that every consumer should change their login password as soon as possible. From the perspective of consumer self-protection, changing passwords is indeed a necessary action. However, large-scale leaks are generally caused by website vulnerabilities. Using complex passwords and frequently changing passwords only increases the difficulty for hackers to crack passwords; using different passwords for different websites can only prevent hackers from "crashing the database". Therefore, as a merchant, how can you provide more proactive protection for consumers while reminding them in a timely manner? Rather than just emergency notifications after an incident occurs?

To protect online business, it’s time to change your security thinking!

As a merchant, its online platform should not only protect its various marketing resources at the business level, but also have an obligation to protect users' data from being stolen. Therefore, it should actively break the original traditional protection methods based on signatures, verification, and patching, and transform passive defense into active defense.

In the search for more proactive and effective protection technologies, security experts at Ruishu Information suggest that real-time and online protection can be achieved through dynamic security technologies for web pages, which can prevent attack programs from attempting to exploit vulnerabilities, thereby providing effective protection when patches are not updated and traditional protection measures are not in place.

1. Change the existing feature-matching protection concept, and use a dynamically changing technical perspective to achieve real-time active defense effects to combat automated attack behaviors of exploit tools, including malicious attacks such as vulnerability detection and exploitation, zero-day attacks, and abuse of legitimate business logic.

2. Resist multi-source low-frequency attacks through innovative dynamic security technology, make up for the deficiencies of existing protection measures, and supplement the shortcomings of traditional application security protection measures.

3. Utilize the terminal security threat perception capability in dynamic security technology to provide more fine-grained feature data on security threat situations and attacker profiles.

4. No need to modify application code, no need to upgrade and maintain feature libraries and policy libraries, reducing operation and maintenance costs, effectively preventing a large number of automated attacks on the Internet, and effectively saving bandwidth, server and other resources.

Wider application scenarios

Dynamic security technology not only provides a more timely and effective method than patching to combat Struts2 vulnerability exploitation, but also has a very effective protection effect against zero-day vulnerability exploitation attacks, business violations using vulnerabilities, and abuse of legitimate logic. This technology has been widely used in government, enterprise, and commercial application scenarios.

Government and enterprise data protection - In the "Internet +" era, it effectively prevents database dragging, database collision, malicious crawlers and other behaviors, and protects the security of key online businesses and data of the government and the country.

Prevention of external business risks for enterprises – blocking malicious purchases, false transactions, illegal cash withdrawals and other behaviors through automated tools, which pose great risks to the business of enterprises.

Internal enterprise application risk prevention - effectively prevent the security risks of sensitive data leakage and abuse of legitimate business within the enterprise.

Security issues are imminent! Ruishu's subversive dynamic security technology can effectively protect against unknown threats and automated attacks, achieve zero patches and zero rules, help enterprises beat zero-day attacks, and block Struts2 and future zero-day attacks at the door!