Surge in SQL injection

Traditionally a technique of the most talented hackers, automated SQL attack tools are putting enterprises at greater risk of data breach.

  • Thursday, 24th October 2013 Posted 11 years ago in by Phil Alsop

FireHost has announced attack trends for its clients’ web applications in Q3 2013. In releasing its most recent Superfecta report on attempted cyberattacks* that target enterprise web applications, FireHost noted upticks in Cross-site Scripting (XSS) and SQL Injection activity that specifically target applications carrying sensitive information about organisations and their customers.


The results, noted the report’s authors, offer further evidence of how hackers, cybercriminals and malware developers are shifting away from a traditional focus on enterprise infrastructure attacks. Instead they are identifying and exploiting vulnerable application layer assets. Consequently, FireHost is advising executives, IT professionals and security officials to carefully assess the risks to which web application assets are being increasingly exposed, and allocate resources accordingly.


Well documented benefits of cloud architectures also create new targets for hackers
“The adoption of cloud computing, mobile applications and virtualised enterprise architectures have led to an expansion of applications that are connected to Internet resources,” explained FireHost founder and CEO Chris Drake.


Web-based applications are being used aggressively by public, private and non-profit enterprises of all sizes to support the entire spectrum of intra- and inter-organisational activities -- including customer relationship management, supply chain management and human capital management. These IT strategies are broadly seen as flexible and cost-effective ways to rapidly deliver services that directly support critical business operations.
“What our latest Superfecta report clearly indicates is that this shift has not gone unnoticed by the hacker community and a whole range of bad actors who are always seeking new attack vectors,” Drake continued. “The immense volume of attempted incursions documented in this latest set of statistics show that web applications are exposed to clear-and-present danger. It is imperative that business leaders react and respond to these threats by bringing a new focus and attention to securing web application resources.”


Integrated attacks on web applications becoming more prevalent and automated
Over Q3 2013, FireHost blocked nearly 32 million attacks, a 32 percent increase over Q2 2013. More than half, 54 percent, were filtered by FireHost’s IPRM system, which dynamically identifies, catalogs and intercepts IP addresses that originate attacks against web applications.
Q3 presented a 77 percent increase in the number of filtered attacks over Q2 2013.

Between Q2 and Q3 2013, FireHost has detected an increase in attempted SQL Injection and Cross-Site Scripting attacks on the client servers it defends. The rise in SQL Injection in particular is a cause for concern as, typically, this attack method has been highly targeted; directed towards a few select high-net targets, being the preserve of only the most skilled hackers. The rise in this attack traffic suggests that technique is becoming commoditised and therefore poses a greater risk to any businesses with hosted resources.


The rise in hackers using SQL Injections attacks is cause for particular concern. According to Jeremiah Grossman, founder and CTO of WhiteHat Security, the hacker community is becoming particularly creative in combining and integrating CRSF, XSS and Directory Traversal attacks to inject code that is designed to penetrate databases that underpin many mission-critical, web-based applications.


“Also troubling is the trend we are seeing to automate these integrated SQL Injection attacks. This particular category of attack has been picking up steam for a while,” said Grossman. “But SQL Injection has traditionally required a significant amount of skill and talent from a programming perspective. This talent-based barrier to entry has helped to keep this form of attack in check. The emergence of automated tools will make this type of attack much more accessible to a broader segment of cybercriminals. This is prompting us to advise our clients to anticipate – and prepare for – a deluge of integrated attacks targeting web-based SQL resources.”


Rebalancing security measures portfolio to address web application vulnerability
The trends documented in the latest Superfecta report from FireHost should serve as a call-to-action for business leaders, technology executives and security professionals to look at how IT budgets are allocated across organisations.


“Traditionally, we see the lion’s share of technology budget being spent on creating or obtaining applications. After that, infrastructure and hosting solutions receive the most financial attention. Investments in security and preventative measures come in last in most cases,” said Drake. “We create this report and work within the IT community to provide education and prove the case that attention needs to be paid to the application-layer threats, particularly for organisations that house regulated data such as credit cards, personally identifiable information, and healthcare records – where the fines for a breach of such information is quite costly.”


As organisations review their budgets and strategic plans for 2014, understanding the risks to which web applications are exposed will be important in order to make effective and responsible security funding decisions.


“Today, in many organisations, as much $1 out of every $10 invested in enterprise infrastructure technology is allocated to protect network resources. Only $1 out of $100 is invested in web application security. This is unbalanced approach does not reflect the newly emerging threat landscape,” said Drake.


Web application skillsets are evolving rapidly in response to threats
The good news, according to Drake, is that the security community is getting much better at identifying and mitigating the growing number of threats that target web applications.


“FireHost is working very closely with other leaders and innovative practitioners in the application security community to track, document and block attacks as soon as we encounter them,” he said. “It is one of the major reasons for producing the quarterly Superfecta report. By communicating all known instances of attacks to web applications, we are all able to better understand and respond to threats. This collaborative approach has helped us develop one of the most effective and Intelligent Security Models available in the cloud today.”