How to Defend Against a Database Hit Attack in 10 Minutes or Less

Image for post
Image for post

The Alibaba Cloud Security team has detected more and more database hit attacks recently. As Big Data sees more and broader application, it would be foolish to discount the significance of these attacks.

What is a database hit attack? What negative effects does it have? More importantly, how can companies who focus on service development neutralize the threats to information security? In this article, we will address these questions in detail.

I. Laziness may be the primary cause for a “successful” database hit attack.

II. Do database hits affect enterprises?

Websites suffering a database hit are often hit by accident. Especially for startup enterprises, they don’t have enough security preparation to deal with sudden database hit attacks. Consider the following scenarios:

  1. A P2P website was victimized by a database hit, and tens of thousands in funds are transferred through the dark web. The company did not want to be held responsible and vanished.
  2. A game forum was victimized by a database hit. Many players’ game accounts were stolen, and equipment they had bought was lost.
  3. Even though a database hit does not directly affect users’ interests, hackers can sell the accounts and user information they stole online, such as IDs, mobile phone numbers, and bank card numbers. They can also use the personal information to defraud financial institutions through fake identities. These kinds of damages can severely harm a company’s reputation, image, and user experience.

According to statistics collected by our security team, hundreds of attacks are detected every day. Each attack includes hundreds of database hit login requests on average. Even after removing duplicates, there are still hundreds of thousands of username/password combinations in these daily attacks. More seriously, combinations of these accounts and passwords are like “ammunition depots” for hackers. They are kept updated by leeching more and more company databases.

Embarrassingly, the cost and technological threshold for the database hit attacks are low. Hackers only need to download a community worker library from a forum and run a script. Currently, no laws and regulations are provided to punish this behavior.

III. Is there a method that does not require expensive security resources but still enables you to defend against database hits?

WAF 3.0 has recently developed a new kind of “black technology” called Data Risk Control. It combines cybersecurity protection capability with Alibaba Cloud Security’s service security risk control to easily resolve the following issues.

• User information leakage caused by a database hit attack and brute-force cracking
• Scalpers, fake tickets, fake coupons, and fake red packets and other malicious behavior
• SMS fees generated from malicious fake SMS verification codes and SMS interfaces
• Malicious registrations of spam accounts
• Malicious interference by sniping bots

IV. How does WAF deal with database hits and similar attacks?

From the moment when a request accesses your website, WAF fits a complex human-computer recognition model to analyze whether the visitor meets a normal user’s behaviors. For example, a normal user does not directly submit a login request when there is no page access or login portal, but the database hit attack will. In addition to analyzing behaviors, WAF combines traffic information and users’ browser information with Alibaba Cloud big data information (including zombie computers, malicious IPs, malicious scripts, malicious software, etc.) to ultimately determine whether the request is normal and reliable.

When a normal user accesses the site, they aren’t aware of the analysis process. They log in, register, verify, or snipe products just as they normally would. However when a user is suspected of unnatural behavior, WAF performs human-computer recognition and verification at key interfaces (such as registration and login) of Data Risk Control until the user is confirmed to be normal. This means that protection is precise and targeted, avoiding negatively impacting normal users as much as possible.


Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store