Forget script kiddies hacking into websites just to deface them with flashing “H@X0rs rulez” messages. Todays attacks are all about the very adult business of stealing and intercepting data to generate profit.
New evidence for this trend shows in a sharp rise of SQL injection attacks measured by web hosting company FireHost, which reports that between the first and second quarter of 2012, the number of SQL injection attacks against FireHost’s clients rose 69%.
Attacks Follow the Money
SQL injection attacks use false SQL database commands entered into a site’s Web interface to obtain data not normally available for public consumption – like passwords, personal information, and the holy of holies for hackers: credit card data. They are rapidly becoming the weapon of choice for attackers, FireHost Security Operations Center Manager Greg Tatum said, because that’s where the money is.
“We’re seeing a huge climb in the number of SQL injection attacks from the last quarter and over the past six months,” Tatum explained. “These attacks are monetary-based rather than fame-based.”
SQL injection attacks at FireHost rose from 277,770 in the first quarter to 469,983 in the second quarter of the year. That still ranks SQL injection-type attacks as only the third most popular type of attacks hitting FireHost and its clients, trailing directory traversal and cross-site scripting attacks.
Directory (or path) traversal attacks try to trick a website into providing access to files on the Web server that would otherwise be restricted. Like SQL injection attacks, they work by attacking the Web application itself, but they are also much easier to execute – which explains their top position on FireHost’s list. Once access to a Web server’s restricted files is obtained, intruders can have the run of the website, and can make it do nearly anything they want.
Cross-site scripting is almost as feared as SQL injection attacks, but instead of working on mining data from a website, these attacks flip the vector around and go after individual users. Cross-site scripts embed script tags in URLs and when unsuspecting users to click on those compromised links, malicious Javascript code can be executed on the victim’s machine.
Big Damage When Successful
Even though SQL injections are not as common, they grab bigger headlines because when they’re successful, they can cause a lot of user pain at once.
The 450,000 Yahoo Voices accounts’ password breach on July 11 reportedly used a union-based SQL injection, for instance.
Unless evidence of the attack surfaces after the fact (little clues can help, such as nearly a half-million account passwords suddenly showing up on a hacker community forum), SQL injections are usually very hard to detect, which is the way profit-motivated hackers like it.
Tatum believes that SQL injection attacks will soon become even more common. “As more e-commerce and health care sites come online, these attacks will be more prevalent,” he predicted.
Defacing websites will always remain popular among a certain set of hackers. But the days of the loud and obnoxious attacks being the worst we have to worry about are coming to a close. Now it’s the silent but deadly attacks that Web administrators need to fear the most.
Image courtesy of Shutterstock.
