Media Contact
Katherine Nellums for Imperva
Katherine.Nellums@imperva.com
415.321.2347

Report reveals details on methods employed by hacktivist group to attack high-profile organizations

Redwood Shores, Calif. – February 26, 2012 – Imperva, Inc. (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, released today a report that reveals details on an attack by hacktivist group ‘Anonymous’ against a high-profile unnamed target during a 25-day period in 2011.

The Hacker Intelligence Summary Report -The Anatomy of an Anonymous Attack offers a comprehensive analysis of the attack, including a detailed timeline of activities from start to finish, an examination of the hacking methods utilized and insights on the use of social media to recruit participants and coordinate the attack.

 “Our research shows that Anonymous generally mimics the approach used by for-profit hackers, leveraging widely known methods – SQL injection and DDoS – to carry out their attack. We found that Anonymous, although it has developed some custom attack tools, generally uses inexpensive, off-the-shelf tools as opposed to developing complex attacks,” said Amichai Shulman, Co-Founder and CTO of Imperva.  “Our research further shows that Anonymous will try to steal data first and, if that fails, attempt a DDoS attack.”

Highlights from the study of the Anonymous attack include:

  • The attack was made up of three distinct phases: recruitment and communication, reconnaissance and application layer attacks and, finally, a distributed denial of service (DDoS) attack.
  • Social media channels, especially Twitter, Facebook and YouTube, were the predominant means for suggesting a target and justifying the attack, as well as recruiting volunteers to participate in the hacking campaign, during the first recruitment and communication phase.
  • Sophisticated hackers made up only a small portion of the volunteers and were primarily active during the reconnaissance and application attack phase, tasked with probing for vulnerabilities and waging application attacks like SQL injection to attempt to steal data from the targets.
  • Laypeople were leveraged only in the third phase – to help carry out a DDoS attack – since the attempt to steal data through application attacks failed.
  • Anonymous has developed some custom attack tools – specifically the low orbit ion cannon (LOIC) and a tool to enable the launch of a DDoS attack from mobile browsers.  However, the group also relies on widely available tools for finding and exploiting web application vulnerabilities during the reconnaissance and application attack phase.
  • Unlike for profit hackers, Anonymous rarely relies on common hacking techniques such as botnets, malware, phishing or spear phishing.

“Imperva’s Application Defense Center (ADC) was able to witness and report on an Anonymous attack from start to finish,” continued Shulman. “The analysis of this attack provides useful insight into how Anonymous recruits participants and wages an attack. We believe these details will help organizations prepare for and respond to a potential attack, as well as offer the greater security community a deeper understanding of how hacktivists operate.”

Online Resources

  • Download a copy of the Anatomy of an Anonymous Attack.
  • Download an illustrative infographic outlining the attack.
  • Register to watch a webinar detailing the Anonymous attack.
  • Visit the Imperva blog for more insight on the report.

About Imperva
Imperva is a pioneer and leader of a new category of data security solutions for high-value business data in the data center. With more than 1,700 end-user customers and thousands of organizations protected through cloud-based deployments, Imperva’s customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere identifies and secures high-value data across file systems, web applications and databases. For more information, visit http://www.imperva.com/, follow us on Twitter or visit our blog.

Forward Looking Statement
This press release contains forward-looking statements, including without limitation those regarding Imperva’s belief that its report regarding the Anonymous attack will help organizations prepare for and respond to a potential attack, as well as offer the greater security community a deeper understanding of how hacktivists operate.  These forward-looking statements are subject to material risks and uncertainties that may cause actual results to differ substantially from expectations. Investors should consider important risk factors, which include: the risk that our products may not be accepted by the market as a solution to prepare for and respond to such a potential attack; the risk that competitors may be perceived by customers to be better positioned to help handle data security threats and protect their businesses from major risk; and other risks detailed under the caption “Risk Factors” in the company’s prospectus filed with the Securities and Exchange Commission, or the SEC  on November 9, 2011 and the company’s other SEC filings. You can obtain copies of the company’s SEC filings on the SEC’s website at http://www.sec.gov/.

© 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and SecureSphere are trademarks of Imperva, Inc.

HUG#1589041