Add Remote Backup Services to your existing business, or start a profitable Internet-based online backup service for a high profit recurring revenue stream.
Click here for more info.

Top Security News

A Dangerous Development In Rootkit Evolution
Like so many security threats, rootkits are getting more dangerous. But now this breed of malware has taken...


David A. Utter
Thursday: 07.20.06

Bank Attacks Grow In Sophistication

Many attacks that attempt to use SQL injection have been targeting an array of banks and credit unions in an increasing number of attacks each day.

Instead of throwing out a bunch of worm attacks in the hopes that someone will open one of them in a valuable target, criminals have aimed at the most valuable targets themselves. The SecureWorks IT security firm said the number of attacks it has blocked is increasing.

"From January through March, we blocked anywhere from 100 to 200 SQL Injection attacks per day," said SecureWorks CTO Jon Ramsey. "As of April, we have seen that number jump from 1,000 to 4,000 to 8,000 per day."

SQL injection attacks take place through an online form. The attacker attempts to slip a SQL statement through the web application to retrieve information about and from the underlying database. Banks, credit unions, and utility companies all contain lots of detailed customer information that can easily facilitate identity theft and fraud.


Ramsey disclosed something that hadn't been common knowledge, however, and it concerns the now-infamous breach at CardSystems that took place last year. "The CardSystems security breach, where hackers stole 263,000 customer credit card numbers and exposed 40 million more, is a prime example of a SQL Injection attack," said Ramsey.

He also noted that a Russian attack on a Rhode Island state government website possibly yielded 53,000 credit card numbers.

"The majority of the attacks are coming from overseas," said Ramsey. "And although we certainly see a higher volume with other types of attacks, what makes the SQL Injection exploits so worrisome is that they are often indicative of a targeted attack."

SQL injection attacks can succeed when web applications do not properly validate input from a form. Applications, like all of the underlying systems supporting them, should be designed to throw out invalid input.

About the Author:
David Utter is a business and technology writer with WebProNews.

About SecurityProNews
SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security.
 

SecurityProNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com NetworkNewz.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
 
 

Advertising Newsletters Corporate Info Site Map Support
© 2006 SecurityProNews. An email newsletter.
, Inc. 2549 Richmond Rd. Lexington KY, 40509
All Rights Reserved. Terms under which this service is provided to you. Read our privacy policy. Contact us.		 SecurityProNews is part of the iEntry Inc. Network of sites and newsletters.


">Unsubscribe from SecurityProNews.
To unsubscribe from SecurityProNews or any other iEntry publication, simply send an email request to: support@ientry.com
Alex Bard SecurityProNews About Us News Archives Feedback