iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > SQL Injection Attacks Rise Dramatically
Search:
[ news_security_news ]

SQL Injection Attacks Rise Dramatically



Doug Caverly
Staff Writer
2006-07-19

SecurityProNews: Insider Reports Insider Reports RSS Feed


SecureWorks has released a report detailing the large rise in SQL Injection attacks.

According to the company, over the past three months there has been a "dramatic increase in the number of hacker attacks attempted against its banking, credit union and utility clients."

SecureWorks CTO Jon Ramsey quantified the threat in a press release.

"From January through March, we blocked anywhere from 100 to 200 SQL Injection attacks per day," he said. "As of April, we have seen that number jump from 1,000 to 4,000 to 8,000 per day." Ramsey added, "The majority of the attacks are coming from overseas."

This isn't something that should be ignored or dismissed. "Although we certainly see a higher volume with other types of attacks," Ramsey admitted, "what makes the SQL Injection exploits so worrisome is that they are often indicative of a targeted attack . . . . Depending on the sophistication of the attacker, the online criminal can potentially gain access to a bank or utility company's key customer databases containing social security numbers, account numbers, credit card numbers, email addresses, etc."

The press release included two examples of the damage SQL injection attacks can cause.

"Russian hackers broke into a Rhode Island government Web site and stole credit card information . . . . The Russian hackers claimed to have stolen 53,000 credit card numbers during this attack." Ramsey also mentioned "the CardSystems security breach, where hackers stole 263,000 customer credit card numbers and exposed 40 million more."

Ramsey gave one marginally reassuring thought: "SQL Injection is successful only when the web application is not sufficiently secured," he said. "Unfortunately, the majority of websites and web applications are not secure."

In terms of defense, he advises "all organizations to use ‘input validation' for any form to ensure that only the type of input that is expected is accepted."

Add to | DiggThis | Yahoo! My Web

Technorati:


About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds