CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Majority of Comment Spam Generated by Small Number of Attackers: Imperva

Comment spam has been used by attackers for a wide range of purposes, and according to a new report from Imperva, 80% of the traffic associated with such activity is generated by just 28% of attack sources.

Comment spam has been used by attackers for a wide range of purposes, and according to a new report from Imperva, 80% of the traffic associated with such activity is generated by just 28% of attack sources.

According to Imperva’s June Hacker Intelligence Initiative report, which analyzed more than 60 Web applications over a two week period in September 2013, 58% of comment spammers are active for long periods of time, with the majority of “spammy content” generated by just 17% of the entities involved in such activities.

Comment spam has become increasingly problematic for organizations and is being for everything from search engine optimization to malware distribution and click fraud.

For comment spam operations to be successful, attackers need to publish content on a large scale, essentially forcing them to use automated tools to facilitate the process. They use tools to harvest the URLs of relevant websites based on certain keywords, to generate comments, to post comments, and to verify whether or not a comment has been published.

Sophisticated tools are also designed to help attackers overcome the challenges associated with each activity ─ for example, some websites require user authentication, CAPTCHA forms or user details when posting comments.

As far as the targeted organizations are concerned, many have come up with various ways of mitigating comment spam. The list of techniques includes content inspection, source reputation analysis, demotivation (i.e., making comment spam useless), anti-automation, and manual inspection. 

Identifying comment spammers early on and blocking their requests is one of the most efficient methods. Attackers can be blocked early on in their campaigns with the aid of IP reputation systems, Imperva noted in its report. However, experts have observed cases in which the attackers have used services like the Google App Engine, which allows users to run Web apps on Google’s infrastructure, to bypass reputation controls based on IP addresses.

“Comment spam attacks can cripple a website, impacting uptime and compromising the user experience,” explained Amicahi Shulman, CTO of Imperva.

Advertisement. Scroll to continue reading.

“In our latest Hacker Intelligence Initiative Report, our Application Defense Center research team reveals that a relatively small number of attack sources create the majority of comment spam, oftentimes leveraging automated tools to reach a maximum number of targets. Quickly identifying the source of an attack and blocking comments from the source can greatly limit the attack’s effectiveness and minimize its impact on your website.”

The complete June Hacker Intelligence Initiative report is available on Imperva’s website.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.