SQL Injection attacks sky rocketing

Paladion
By Paladion

July 26, 2006

Infoworld reports a surge in SQL Injection attacks. SecureWorks, a firm that monitors databases of 1300 financial institutions, says they are seeing close to 8000 attacks/day on these databases, up from 100 to 200 attacks/day earlier this year.
The attacks apparently originate in Russia, China, Brazil, Hungary, and Korea (surprise!).
8000 attacks/day clearly suggest rampant scanning. That's not surprising, as the simplest forms of SQL Injection can be detected using a scanner.
But we disgree with the Secure works press release that recommends the solution for these attacks:

A Network Intrusion Prevention System and Host Intrusion Prevention System can offer many of these protections, especially if they are being monitored by a 24x7x365 security team that can stay on top of the newest types of SQL Injection attacks, as there are new variances being released all the time.

It's trivial to evade Network and Host IDS/IPS/AppFirewalls. And a SQL Injection scanner can cut through those defenses. The 24x7x365 team will not even notice the attack if it's not a blip in the IDS radar.
The right way to block SQL Injection is to use pre-compiled SQL queries. It's not difficult. And it works.
What's most intriguing comes later down in the Infoworld article when it discusses an attack on Card Systems International.

The hacker used a SQL injection attack to install a program that transferred credit-card data from a database every four days to a remote computer.

Install a program using SQL Injection? Any ideas how they could have done that? Or were these two separate attacks?


Tags: Uncategorized

About

Paladion

SUBSCRIBE TO OUR BLOG

Buyers-Guide-Collateral

WHITEPAPER

Buyer’s Guide to Managed Detection and Response

Download
MDR

Get AI Powered

Managed Detection and Response

MDR-learmore-btn

 

MDR-Guide-Collateral

REPORT

AI-Driven Managed Detection and Response

Download Report
Episode

EPISODE-25

Red-LineAsset-6

Why Your ‘Likes’ on Facebook May Be Revealing Far More than You Thought

Click URL in the Post for the Full Podacst
  • FacebookAsset
  • LinkedinAsset
  • TwitterAsset