Targeted Sequel Injection Attacks on the Rise

February 9, 2010 by ADMIN

Share |

By Robert Siciliano, ID Theft Expert and Security Consultant to Intelius.com

In the latter half of 2009, criminal hackers went from mass SQL injection campaigns to targeted attacks. SQL is abbreviation of Structured Query Language.

Pronounced ”Ess Que El” or ”Sequel”. The attackers shift in strategy focused on targeting high-profile websites, concluded Websense’s State of Internet Security report for the third and fourth quarter of 2009.

SQL injections have evolved in their purpose and sophistication. Originally meant as a tool to attack a merchant’s database and steal data.

The attack was reconfigured last summer to install viruses on users’ computers that contain a remote control component.

Matt Chambers with Corporate IT Solutions says, “Web applications are one of the most outward facing components a corporation contains in its network design, and one of the least protected.

Applications typically take input information and send it to a database for storage and processing. We interact with these kinds of applications every day, whether it’s a signup form or a login page for a favorite networking site.”

Patrik Runald, senior manager of security research at Websense, told SCMagazineUS.com “The bad guys are going after high-profile, high-volume websites, instead of going after the smaller websites, which are easier to inject code into.”

The report says attackers increasingly launched targeted attacks, which often start with an email containing a malicious link. During the second half of 2009, 81 per cent of email contained a malicious link, the report states.

When an employee receives a spear phish, based on information gathered from the companie’s website, and that employee clicks that link, the link may download a program that disables the companies anti-virus and defeats all security measures.

This is why one must never click links in the body of an email. There are hardly ever links in emails that can’t be worked around either in the favorite menus or via manually typing in the browser.

1. NEVER click links in email. It’s shear laziness, naiveté or stupidity when someone clicks links in the body of an email today.

2. Get yourself an ethical hacker to test your network and see what damage he can do before the bad guy does.

3. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

4. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

5. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

* * *

Stay Informed With ISR News Alerts:

* * *

Robert Siciliano is an expert on personal security and identity theft as the CEO of IDTheftSecurity.com. An American television news correspondent, security analyst, and author of “The Safety Minute: How to take control of your personal security and prevent fraud”. Featured on the The Today Show, CBS Early Show, CNN, MSNBC, FOX, CNBC, Inside Edition, EXTRA, Tyra Banks, Stern, and in USA Today, Forbes, Tech Republic, SC, CSO, Search Security, Tech News World, EWeek, SecurityInfoWatch, NY Times, Boston Globe, LA Times, Wash Post, Chicago Tribune, AP, UPI, Reuters, and Entrepreneur.

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.